UIU-3294: Provide correct role-assignment permissions for endpoints within withUserRoles HOC used with UserEdit.

[aidynoJ]

Purpose

UIU-3294 - Error toasts when opening a user for edit without having "User Roles" capability set

Approach

1. Check endpoints used in withUserRoles HOC;
2. Add subPermissions to ui-users.view, ui-users.edit based on module-descriptors mod-roles-keycloak and mod-users-keycloak

TODOS and Open Questions

Learning

Pre-Merge Checklist

Before merging this PR, please go through the following list and take appropriate actions.

• I've added appropriate record to the CHANGELOG.md
• Does this PR meet or exceed the expected quality standards?
  • Code coverage on new code is 80% or greater
  • Duplications on new code is 3% or less
  • There are no major code smells or security issues
• Does this introduce breaking changes?
  • If any API-related changes - okapi interfaces and permissions are reviewed/changed correspondingly
  • There are no breaking changes in this PR.

If there are breaking changes, please STOP and consider the following:

• What other modules will these changes impact?
• Do JIRAs exist to update the impacted modules?
  • If not, please create them
  • Do they contain the appropriate level of detail? Which endpoints/schemas changed, etc.
  • Do they have all they appropriate links to blocked/related issues?
• Are the JIRAs under active development?
  • If not, contact the project's PO and make sure they're aware of the urgency.
• Do PRs exist for these changes?
  • If so, have they been approved?

Ideally all of the PRs involved in breaking changes would be merged in the same day to avoid breaking the folio-testing environment. Communication is paramount if that is to be achieved, especially as the number of intermodule and inter-team dependencies increase.

While it's helpful for reviewers to help identify potential problems, ensuring that it's safe to merge is ultimately the responsibility of the PR assignee.

[zburke]

Please confirm that these permissions will be sufficient to assign a role when none have ever been assigned before. e.g. for circ-storage we need both post and put. Do we need the same for roles, e.g. roles.user.item.post to assign the first role and then .put to update assignments on subsequent edits?

[zburke]

PS: please describe the solution in your PR title, not the bug. After your PR merges, the bug will be gone. I want to know about the state of the code after the code merges, because that's the state things will be in after this PR is committed. Sth like "Provide correct role-assignment permissions in user-view and user-edit psets" would be an option.

[aidynoJ]

Please confirm that these permissions will be sufficient to assign a role when none have ever been assigned before. e.g. for circ-storage we need both post and put. Do we need the same for roles, e.g. roles.user.item.post to assign the first role and then .put to update assignments on subsequent edits?

No, it’s not necessary. When we create user keycloak record, the assignedRoleIds are set to empty. We already check for the user’s existence: if the user does not exist, a confirmation dialog is shown, suggesting the creation of a Keycloak account, on submit we create record in keycloak and call .put method for selected roles

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud