From 10072a11d8031f7105c63efb6ad3d6d029db5e32 Mon Sep 17 00:00:00 2001 From: kahummer Date: Sat, 7 Sep 2024 22:31:48 +0300 Subject: [PATCH] Add roles on keycloak adapters --- packages/rbac/src/adapters/keycloakAdapter.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/rbac/src/adapters/keycloakAdapter.ts b/packages/rbac/src/adapters/keycloakAdapter.ts index 57065d8ec..42f4e23e4 100644 --- a/packages/rbac/src/adapters/keycloakAdapter.ts +++ b/packages/rbac/src/adapters/keycloakAdapter.ts @@ -47,6 +47,8 @@ const keycloakRoleMappings: Record = { 'manage-users': new UserRole(['iam_group', 'iam_role', 'iam_user'], Permit.MANAGE), 'query-groups': new UserRole(['iam_group'], Permit.READ), 'query-users': new UserRole(['iam_user'], Permit.READ), + VIEW_ROLES: new UserRole(['iam_user_role'], Permit.READ), + VIEW_USER_GROUPS: new UserRole(['iam_user_group'], Permit.READ), }; export const parseKeycloakRoles = (stringRole: string) => { @@ -76,9 +78,11 @@ export const adapter: RbacAdapter = (roles: KeycloakRoleData = defaultRoleData) }); const allRoles: UserRole[] = []; + allRoleStrings.forEach((role) => { // check if we can first get a hit from keycloak default roles. let asRole = parseKeycloakRoles(role); + if (asRole === undefined) { asRole = parseFHirRoles(role); } @@ -88,11 +92,9 @@ export const adapter: RbacAdapter = (roles: KeycloakRoleData = defaultRoleData) invalidRoleStrings.push(role); } }); - if (invalidRoleStrings.length > 0) { /* eslint-disable no-console */ console.warn(`Could not understand the following roles: ${invalidRoleStrings.join(', ')}`); } - return UserRole.combineRoles(allRoles); };