Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UIU-3294: Provide correct role-assignment permissions for endpoints within withUserRoles HOC used with UserEdit. #2821

Merged
merged 3 commits into from
Dec 10, 2024

Conversation

aidynoJ
Copy link
Contributor

@aidynoJ aidynoJ commented Dec 9, 2024

Purpose

UIU-3294 - Error toasts when opening a user for edit without having "User Roles" capability set

Approach

  1. Check endpoints used in withUserRoles HOC;
  2. Add subPermissions to ui-users.view, ui-users.edit based on module-descriptors mod-roles-keycloak and mod-users-keycloak

TODOS and Open Questions

Learning

Pre-Merge Checklist

Before merging this PR, please go through the following list and take appropriate actions.

  • I've added appropriate record to the CHANGELOG.md
  • Does this PR meet or exceed the expected quality standards?
    • Code coverage on new code is 80% or greater
    • Duplications on new code is 3% or less
    • There are no major code smells or security issues
  • Does this introduce breaking changes?
    • If any API-related changes - okapi interfaces and permissions are reviewed/changed correspondingly
    • There are no breaking changes in this PR.

If there are breaking changes, please STOP and consider the following:

  • What other modules will these changes impact?
  • Do JIRAs exist to update the impacted modules?
    • If not, please create them
    • Do they contain the appropriate level of detail? Which endpoints/schemas changed, etc.
    • Do they have all they appropriate links to blocked/related issues?
  • Are the JIRAs under active development?
    • If not, contact the project's PO and make sure they're aware of the urgency.
  • Do PRs exist for these changes?
    • If so, have they been approved?

Ideally all of the PRs involved in breaking changes would be merged in the same day to avoid breaking the folio-testing environment. Communication is paramount if that is to be achieved, especially as the number of intermodule and inter-team dependencies increase.

While it's helpful for reviewers to help identify potential problems, ensuring that it's safe to merge is ultimately the responsibility of the PR assignee.

@aidynoJ aidynoJ requested review from zburke and ryandberger December 9, 2024 14:09
Copy link
Member

@zburke zburke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please confirm that these permissions will be sufficient to assign a role when none have ever been assigned before. e.g. for circ-storage we need both post and put. Do we need the same for roles, e.g. roles.user.item.post to assign the first role and then .put to update assignments on subsequent edits?

@zburke
Copy link
Member

zburke commented Dec 9, 2024

PS: please describe the solution in your PR title, not the bug. After your PR merges, the bug will be gone. I want to know about the state of the code after the code merges, because that's the state things will be in after this PR is committed. Sth like "Provide correct role-assignment permissions in user-view and user-edit psets" would be an option.

@aidynoJ
Copy link
Contributor Author

aidynoJ commented Dec 10, 2024

Please confirm that these permissions will be sufficient to assign a role when none have ever been assigned before. e.g. for circ-storage we need both post and put. Do we need the same for roles, e.g. roles.user.item.post to assign the first role and then .put to update assignments on subsequent edits?

No, it’s not necessary. When we create user keycloak record, the assignedRoleIds are set to empty. We already check for the user’s existence: if the user does not exist, a confirmation dialog is shown, suggesting the creation of a Keycloak account, on submit we create record in keycloak and call .put method for selected roles

@aidynoJ aidynoJ changed the title UIU-3294: Error toasts when opening a user for edit without having "User Roles" capability set UIU-3294: Provide correct role-assignment permissions for endpoints used in withUserRoles HOC. Dec 10, 2024
@aidynoJ aidynoJ changed the title UIU-3294: Provide correct role-assignment permissions for endpoints used in withUserRoles HOC. UIU-3294: Provide correct role-assignment permissions for endpoints within withUserRoles HOC used with UserEdit. Dec 10, 2024
@aidynoJ aidynoJ merged commit 506842b into master Dec 10, 2024
5 checks passed
@aidynoJ aidynoJ deleted the UIU-3294 branch December 10, 2024 11:57
Terala-Priyanka pushed a commit that referenced this pull request Dec 13, 2024
…ithin withUserRoles HOC used with UserEdit. (#2821)

Refs UIU-3294.
Terala-Priyanka added a commit that referenced this pull request Dec 16, 2024
* UIU-3282: add capability to access users-keycloak delete method (#2810)

Refs UIU-3282.

* UIU-3273: check if userId is present in withUserRoles HOC (#2816)

Refs UIU-3273.

* UIU-3294: Provide correct role-assignment permissions for endpoints within withUserRoles HOC used with UserEdit.  (#2821)

Refs UIU-3294.

* Release v11.0.9

---------

Co-authored-by: aidynoJ <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants