STCOR-834: refactor useUserTenantPermissions to use _self endpoint permissions instead of okapi permissions if roles interface is presented #1491
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ent, by refactor useUserTenantPermissions hook to achieve that
|
zburke
approved these changes
Jul 11, 2024
There was a problem hiding this comment.
This code looks correct and is faithful to the original useUserTenantPermissions hook, but I wonder if a simpler/better refactor would be to switch its endpoint between users-keycloak/_self and bl-users/_self depending on the presence of the roles interface.
- simpler
- better consistency between the Eureka and legacy hooks
- more correct WRT permissions, since you can always access
.../_self, but you need special permissions to access/perms/users/.../permissions(IOW, the original hook we based this off was written incorrectly).
I'm OK merging this as-is; it will fix a bunch of bugs and (3) notwithstanding, it won't change the existing behavior, even if we don't think that is the most optimal behavior.
zburke
added a commit
that referenced
this pull request
Sep 20, 2024
The time has come. The time is now. `keycloak-eureka` will you please merge now! You can go in a merge commit. You can squash with ease. You can go in a rebase. But please merge. Please! * STCOR-773 #1385: Handle Eureka-based discovery * #1388: handle absent `provides` property on interfaces in Settings > About * STCOR-790 #1389: Pass client-id from stripes-config to keycloak * STCOR-794 #1400: Reset pre-login tenant-selection form when navigating back to it * STCOR-795 #1399: When `users-keycloak` interface is present, use its API for password-reset * STCOR-796 #1410: replace x-okapi-token credentials with RTR and cookies * STCOR-811 #1417: retrieve AT/RT expiration data from `/authn/token` response * STCOR-812 #1416: include `X-Okapi-Tenant` header in call to `/authn/logout` * STCOR-813 #1421: correctly parse `.../_self` permissions * STCOR-810 #1418 #1427 #1429: leverage `stripes-config::config.tenantOptions` in place of deprecated tenant-entitlement values * STCOR-803 #1426: logout immediately, without confirming or redirecting through keycloak * STCOR-816 #1432: only call `/saml/check` when `login-saml` interface is present * STCOR-789 #1442: restore original URL after login * STCOR-820 #1445: optionally retrieve password-reset token from path (or query-string) * STCOR-845 #1462: correctly handle redirect after password-change * STCOR-787 #1487 #1492: retrieve clientId and tenant from stripes-config::config.tenantOptions * STCOR-859 #1489: correctly list UI apps under apps/modules/interfaces column of Settings > About * STCOR-776 #1490: show idle-session modal with countdown timer before logout * STCOR-864 #1498: correctly evaluate `typeof stripes.okapi` * STCOR-865 #1500: call `logout()` exclusively from `/logout*` routes * STCOR-834 #1491`: refactor `useUserTenantPermissions` to switch on `roles` interface presence * STCOR-866 #1502: include `/users-keycloak/_self` in list of authentication-related endpoints * STCOR-867 #1505 #1506: store permission displaynames in redux * STCOR-862 #1503: handle fixed-length-session timeout * STCOR-869 #1513: avoid storing `/logout*` as a return-to URL; ensure `/logout` is called with a valid token * STCOR-872 #1520: return query-keys from `useChunkedCQLFetch()` * STCOR-874 #1521: provide `key` to `<SessionEventContainer>` components * STCOR-873 #1519: `useChunkedCQLFetch()` should use `tenantId` argument when present * STCOR-876 #1526: restore original URL after login (regression of STCOR-789) * STCOR-885 #1531: clear original URL from storage after login-and-redirect * STCOR-889 #1536: include all reference interfaces in optionalOkapiInterfaces I said MERGE and MERGE I meant.... The time had come ... so this branch went.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refs STCOR-834.
Create separate hooks to retrieve permissions, one for getting okapi permissions, and second getting permissions from users-keycloak/_self endpoint. And depending on if roles interface presented use okapi permissions or users-keycloak permissions.