From 93f2765138027622bbfb12bb9230845091fcd86f Mon Sep 17 00:00:00 2001
From: kahammer <pkahama@ona.io>
Date: Fri, 13 Sep 2024 15:13:55 +0300
Subject: [PATCH] Rbac on user roles and groups (#1468)

* Add user roles and group permission on routes

* Add user roles and group permission on navigation menu

* Add roles on keycloak adapters

* Update permission resources

* Revert custom roles

* Cleanup
---
 app/src/App/fhir-apps.tsx                     | 77 ++++++++++---------
 app/src/routes/index.tsx                      |  2 +
 packages/rbac/src/adapters/keycloakAdapter.ts |  4 +-
 packages/rbac/src/constants.ts                |  1 +
 4 files changed, 47 insertions(+), 37 deletions(-)

diff --git a/app/src/App/fhir-apps.tsx b/app/src/App/fhir-apps.tsx
index e223b2085..bb0a7e893 100644
--- a/app/src/App/fhir-apps.tsx
+++ b/app/src/App/fhir-apps.tsx
@@ -126,7 +126,14 @@ import { CloseFlag, URL_CLOSE_FLAGS } from '@opensrp/fhir-flag';
 import { useTranslation } from '../mls';
 import '@opensrp/user-management/dist/index.css';
 import { APP_LOGIN_URL } from '../configs/dispatchConfig';
-import { DATA_IMPORT_CREATE_URL, ImportDetailViewDetails, DATA_IMPORT_DETAIL_URL, DATA_IMPORT_LIST_URL, DataImportList, StartDataImport } from '@opensrp/fhir-import';
+import {
+  DATA_IMPORT_CREATE_URL,
+  ImportDetailViewDetails,
+  DATA_IMPORT_DETAIL_URL,
+  DATA_IMPORT_LIST_URL,
+  DataImportList,
+  StartDataImport,
+} from '@opensrp/fhir-import';
 
 /** Util function that renders Oauth2 callback components
  *
@@ -204,40 +211,40 @@ const FHIRApps = () => {
         permissions={['iam_group.read']}
         component={UserGroupsList}
       />
-          <PrivateComponent
-          redirectPath={APP_CALLBACK_URL}
-          disableLoginProtection={DISABLE_LOGIN_PROTECTION}
-          exact
-          path={DATA_IMPORT_LIST_URL}
-          permissions={['WebDataImport.read']}
-          component={DataImportList}
-        />
-              <PrivateComponent
-          redirectPath={APP_CALLBACK_URL}
-          disableLoginProtection={DISABLE_LOGIN_PROTECTION}
-          exact
-          path={`${DATA_IMPORT_CREATE_URL}`}
-          permissions={['WebDataImport.create']}
-          component={StartDataImport}
-        />
-              <PrivateComponent
-          redirectPath={APP_CALLBACK_URL}
-          disableLoginProtection={DISABLE_LOGIN_PROTECTION}
-          exact
-          path={`${DATA_IMPORT_DETAIL_URL}/:${'workflowId'}`}
-          {...patientProps}
-          permissions={['WebDataImport.read']}
-          component={ImportDetailViewDetails}
-        />
-        <PrivateComponent
-          redirectPath={APP_CALLBACK_URL}
-          disableLoginProtection={DISABLE_LOGIN_PROTECTION}
-          exact
-          path={`${DATA_IMPORT_LIST_URL}/:${'workflowId'}`}
-          {...patientProps}
-          permissions={['WebDataImport.read']}
-          component={DataImportList}
-        />
+      <PrivateComponent
+        redirectPath={APP_CALLBACK_URL}
+        disableLoginProtection={DISABLE_LOGIN_PROTECTION}
+        exact
+        path={DATA_IMPORT_LIST_URL}
+        permissions={['WebDataImport.read']}
+        component={DataImportList}
+      />
+      <PrivateComponent
+        redirectPath={APP_CALLBACK_URL}
+        disableLoginProtection={DISABLE_LOGIN_PROTECTION}
+        exact
+        path={`${DATA_IMPORT_CREATE_URL}`}
+        permissions={['WebDataImport.create']}
+        component={StartDataImport}
+      />
+      <PrivateComponent
+        redirectPath={APP_CALLBACK_URL}
+        disableLoginProtection={DISABLE_LOGIN_PROTECTION}
+        exact
+        path={`${DATA_IMPORT_DETAIL_URL}/:${'workflowId'}`}
+        {...patientProps}
+        permissions={['WebDataImport.read']}
+        component={ImportDetailViewDetails}
+      />
+      <PrivateComponent
+        redirectPath={APP_CALLBACK_URL}
+        disableLoginProtection={DISABLE_LOGIN_PROTECTION}
+        exact
+        path={`${DATA_IMPORT_LIST_URL}/:${'workflowId'}`}
+        {...patientProps}
+        permissions={['WebDataImport.read']}
+        component={DataImportList}
+      />
       <PrivateComponent
         redirectPath={APP_CALLBACK_URL}
         disableLoginProtection={DISABLE_LOGIN_PROTECTION}
diff --git a/app/src/routes/index.tsx b/app/src/routes/index.tsx
index 2528754e7..2cfee39c5 100644
--- a/app/src/routes/index.tsx
+++ b/app/src/routes/index.tsx
@@ -80,12 +80,14 @@ export function getRoutes(roles: string[], t: TFunction, userRole: UserRole): Ro
               key: 'user-groups',
               url: URL_USER_GROUPS,
               permissions: ['iam_group.read'],
+              enabled: getConfig('projectCode') !== eusmProjectCode,
             },
             {
               title: t('User Roles'),
               key: 'user-roles',
               url: URL_USER_ROLES,
               permissions: ['iam_role.read'],
+              enabled: getConfig('projectCode') !== eusmProjectCode,
             },
           ],
         },
diff --git a/packages/rbac/src/adapters/keycloakAdapter.ts b/packages/rbac/src/adapters/keycloakAdapter.ts
index 57065d8ec..4046b2ee2 100644
--- a/packages/rbac/src/adapters/keycloakAdapter.ts
+++ b/packages/rbac/src/adapters/keycloakAdapter.ts
@@ -76,9 +76,11 @@ export const adapter: RbacAdapter = (roles: KeycloakRoleData = defaultRoleData)
   });
 
   const allRoles: UserRole[] = [];
+
   allRoleStrings.forEach((role) => {
     // check if we can first get a hit from keycloak default roles.
     let asRole = parseKeycloakRoles(role);
+
     if (asRole === undefined) {
       asRole = parseFHirRoles(role);
     }
@@ -88,11 +90,9 @@ export const adapter: RbacAdapter = (roles: KeycloakRoleData = defaultRoleData)
       invalidRoleStrings.push(role);
     }
   });
-
   if (invalidRoleStrings.length > 0) {
     /* eslint-disable no-console */
     console.warn(`Could not understand the following roles: ${invalidRoleStrings.join(', ')}`);
   }
-
   return UserRole.combineRoles(allRoles);
 };
diff --git a/packages/rbac/src/constants.ts b/packages/rbac/src/constants.ts
index f9e4272cf..7381895fc 100644
--- a/packages/rbac/src/constants.ts
+++ b/packages/rbac/src/constants.ts
@@ -50,6 +50,7 @@ export type FhirResource = typeof FhirResources[number];
  * FhirResources
  */
 export const WebCustomResources = ['WebDataImport'] as const;
+
 export type WebCustomResource = typeof WebCustomResources[number];
 
 export const KeycloakDefinedResources = [...FhirResources, ...WebCustomResources] as const;