From e2c67ec8e662adbaab7c5d735217aa5bcbf8495c Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Fri, 29 Apr 2022 03:28:47 +0700
Subject: [PATCH] fix: add missing permission and defaultPermissionInToken
 attribute in role-scope mapping (#1270)

---
 docker-jans-persistence-loader/Dockerfile     |  2 +-
 .../scripts/upgrade.py                        | 29 ++++++++++++++++++-
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile
index 43ccc5a7bc5..c38d7722152 100644
--- a/docker-jans-persistence-loader/Dockerfile
+++ b/docker-jans-persistence-loader/Dockerfile
@@ -23,7 +23,7 @@ RUN python3 -m ensurepip \
 # jans-linux-setup sync
 # =====================
 
-ENV JANS_LINUX_SETUP_VERSION=fc9544c861f30eb7370f635b07d9810ae33a7dba
+ENV JANS_LINUX_SETUP_VERSION=eb113d09421b95671fe1ab4eaa5c4bafc2aed6af
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)
diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py
index 8f1ea5b0291..94974ed1690 100644
--- a/docker-jans-persistence-loader/scripts/upgrade.py
+++ b/docker-jans-persistence-loader/scripts/upgrade.py
@@ -680,13 +680,16 @@ def update_admin_ui_config(self):
                 api_admin_perms = api_role["permissions"]
                 break
 
-        # current permissions
         try:
             current_role_mapping = json.loads(entry.attrs["jansConfDyn"])
         except TypeError:
             current_role_mapping = entry.attrs["jansConfDyn"]
+
         should_update = False
 
+        # check for rolePermissionMapping
+        #
+        # - compare role permissions for api-admin
         for i, api_role in enumerate(current_role_mapping["rolePermissionMapping"]):
             if api_role["role"] == "api-admin":
                 # compare permissions between the ones from persistence (current) and newer permissions
@@ -695,6 +698,30 @@ def update_admin_ui_config(self):
                     should_update = True
                 break
 
+        # check for permissions
+        #
+        # - add new permission if not exist
+        # - add defaultPermissionInToken (if not exist) in each permission
+
+        # determine current permission with index/position
+        current_perms = {
+            permission["permission"]: {"index": i}
+            for i, permission in enumerate(current_role_mapping["permissions"])
+        }
+
+        for perm in role_mapping["permissions"]:
+            if perm["permission"] not in current_perms:
+                # add missing permission
+                current_role_mapping["permissions"].append(perm)
+                should_update = True
+            else:
+                # add missing defaultPermissionInToken
+                index = current_perms[perm["permission"]]["index"]
+                if "defaultPermissionInToken" in current_role_mapping["permissions"][index]:
+                    continue
+                current_role_mapping["permissions"][index]["defaultPermissionInToken"] = perm["defaultPermissionInToken"]
+                should_update = True
+
         if should_update:
             entry.attrs["jansConfDyn"] = json.dumps(current_role_mapping)
             entry.attrs["jansRevision"] += 1