Update keycloak role definition mapping (#1504)

* Update role definition mapping for manage-users keycloak user role * Enable groups and roles submodules for all client instances * Add role definition mapping for view-groups * Update i18n version in rbac package
onaio · Nov 18, 2024 · c04863a · c04863a
1 parent afcc4f4
commit c04863a
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 6 deletions.
diff --git a/app/src/routes/index.tsx b/app/src/routes/index.tsx
@@ -80,14 +80,12 @@ export function getRoutes(roles: string[], t: TFunction, userRole: UserRole): Ro
               key: 'user-groups',
               url: URL_USER_GROUPS,
               permissions: ['iam_group.read'],
-              enabled: getConfig('projectCode') !== eusmProjectCode,
             },
             {
               title: t('User Roles'),
               key: 'user-roles',
               url: URL_USER_ROLES,
               permissions: ['iam_role.read'],
-              enabled: getConfig('projectCode') !== eusmProjectCode,
             },
           ],
         },

diff --git a/packages/rbac/package.json b/packages/rbac/package.json
@@ -30,7 +30,7 @@
   },
   "dependencies": {
     "@onaio/session-reducer": "^0.0.13",
-    "@opensrp/i18n": "^0.0.1",
+    "@opensrp/i18n": "workspace:^",
     "@opensrp/pkg-config": "^0.0.9",
     "invariant": "^2.2.4"
   },

diff --git a/packages/rbac/src/adapters/keycloakAdapter.ts b/packages/rbac/src/adapters/keycloakAdapter.ts
@@ -44,8 +44,12 @@ export const parseFHirRoles = (role: string) => {
 const keycloakRoleMappings: Record<string, UserRole> = {
   'realm-admin': new UserRole(['iam_group', 'iam_role', 'iam_user'], Permit.MANAGE),
   'view-users': new UserRole(['iam_user'], Permit.READ),
-  'manage-users': new UserRole(['iam_group', 'iam_role', 'iam_user'], Permit.MANAGE),
+  'manage-users': UserRole.combineRoles([
+    new UserRole(['iam_user'], Permit.MANAGE),
+    new UserRole(['iam_role', 'iam_group'], Permit.READ),
+  ]),
   'query-groups': new UserRole(['iam_group'], Permit.READ),
+  'view-groups': new UserRole(['iam_group'], Permit.READ),
   'query-users': new UserRole(['iam_user'], Permit.READ),
 };
 

diff --git a/yarn.lock b/yarn.lock
@@ -4126,7 +4126,7 @@ __metadata:
   languageName: unknown
   linkType: soft
 
-"@opensrp/i18n@^0.0.1, @opensrp/i18n@workspace:packages/i18n":
+"@opensrp/i18n@^0.0.1, @opensrp/i18n@workspace:^, @opensrp/i18n@workspace:packages/i18n":
   version: 0.0.0-use.local
   resolution: "@opensrp/i18n@workspace:packages/i18n"
   dependencies:
@@ -4187,7 +4187,7 @@ __metadata:
   resolution: "@opensrp/rbac@workspace:packages/rbac"
   dependencies:
     "@onaio/session-reducer": ^0.0.13
-    "@opensrp/i18n": ^0.0.1
+    "@opensrp/i18n": "workspace:^"
     "@opensrp/pkg-config": ^0.0.9
     "@types/invariant": ^2.2.35
     invariant: ^2.2.4