feat(permission): add methods for role management and audit RPT logic #132
Conversation
rohitkrai03
force-pushed
the
manage-roles
branch
from
519015a
to
1640fa9
Compare
rohitkrai03
force-pushed
the
manage-roles
branch
from
1640fa9
to
dfa6403
Compare
rohitkrai03
changed the title
rohitkrai03
changed the title
rohitkrai03
force-pushed
the
manage-roles
branch
from
5280ed6
to
266fd15
Compare
src/app/auth/permission.service.ts
Outdated
| getUsersByRole(resourceId: string, roleName: string): Observable<UserRoleData[]> { | ||
| const url = `${this.authApi}resources/${resourceId}/roles/${roleName}`; | ||
| return this.http | ||
| .get(url, { headers: this.headers }) |
There was a problem hiding this comment.
You should parameterize the get function instead of adding type info to the map call.
.get<{ data: UserRoleData[] }>(url, { headers: this.headers })
Then your map becomes:
map(res => res.data)
src/app/auth/permission.service.ts
Outdated
| const url = `${this.authApi}token/audit`; | ||
| const params = new HttpParams().set('resource_id', resourceId); | ||
| return this.http | ||
| .post(url, '', { headers: this.headers, params }) |
There was a problem hiding this comment.
Add type parameters to the the post call instead of in the map.
src/app/auth/permission.service.ts
Outdated
| return permissions ? permissions.scopes : []; | ||
| getAllScopes(resourceId: string): Observable<string[]> { | ||
| return this.getPermission(resourceId).pipe( | ||
| map((permission: Permission) => permission.scopes) |
There was a problem hiding this comment.
permission may be undefined here.
src/app/auth/permission.service.ts
Outdated
| return permissions ? permissions.scopes.includes(scope) : false; | ||
| hasScope(resourceId: string, scope: string): Observable<boolean> { | ||
| return this.getPermission(resourceId).pipe( | ||
| map((permission: Permission) => permission.scopes.includes(scope)) |
There was a problem hiding this comment.
permission may be undefined here.
src/app/auth/permission.service.ts
Outdated
| private getDecodedToken(): any { | ||
| const token = localStorage.getItem('auth_token'); | ||
| return token ? this.jwtHelper.decodeToken(token) : ''; | ||
| assignRole(resourceId: string, roleName: string, userIDs: Array<string>): Observable<any> { |
There was a problem hiding this comment.
Why does this return Observable<any> and not an observable of a specific value or undefined | null ?
| providers: [ | ||
| PermissionService | ||
| PermissionService, | ||
| { |
There was a problem hiding this comment.
You don't need interceptors for these tests.
| useClass: AuthInterceptor, | ||
| multi: true | ||
| }, | ||
| { provide: WIT_API_PROXY, useValue: 'http://wit.example.com/'}, |
There was a problem hiding this comment.
You don't need the WIT_API_PROXY or SSO_API_URL for these tests.
| @@ -1,36 +1,183 @@ | |||
| import { TestBed } from '@angular/core/testing'; | |||
| import { PermissionService, Permission } from './permission.service'; | |||
| import { TestBed, async } from '@angular/core/testing'; | |||
There was a problem hiding this comment.
async import is unused.
src/app/auth/permission.service.ts
Outdated
| @@ -47,7 +47,7 @@ export class PermissionService { | |||
| */ | |||
| hasScope(resourceId: string, scope: string): Observable<boolean> { | |||
| return this.getPermission(resourceId).pipe( | |||
| map((permission: Permission) => permission.scopes.includes(scope)) | |||
| map((permission: Permission | undefined) => permission.scopes.includes(scope)) | |||
There was a problem hiding this comment.
This is still a problem because you use permission without a null check. The old code use to return false if permission was null.
|
@rohitkrai03 whenever a test performs assertions in a callback (ie. a subscribe), you need to ensure that the callback is executed. Otherwise the test can still pass even though your assertions weren't executed. Most tests have been implemented using |
|
🎉 This PR is included in version 2.8.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
As part of the work for 890 and 889 we need
This PR adds the functionality into
PermissionService-assignRole- Assign a specific role to a one or more users in a resource such as space.getUsersByRole- Get all the users who have a speicific role.auditRPT- Call the Audit RPT API to get a new RPT token if the token if not an RPT or if the token doesn't contain permission info for a particular resource.Also,
The logic for
getDecodedTokenis changed to include a check for valid RPT. If the token is not valid (In case of accessing the resource for the first time when instead of RPT thelocalStoragewill be havingauth_token).Logic for
getPermissionwill also include a call toauditRPTif current token does not include permission information for the required resource. This case may arise when the scope of user has been changed and the RPT is not updated with correct permissions.Added more tests to include all the new scenarios.