Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add access control checks to dashboard #978

Merged
merged 1 commit into from
Jun 27, 2024
Merged

Add access control checks to dashboard #978

merged 1 commit into from
Jun 27, 2024

Conversation

jraddaoui
Copy link
Collaborator

@jraddaoui jraddaoui commented Jun 26, 2024
edited
Loading

  • Add home page.
  • Split layout store:
    • Move user related elements to its own auth store.
  • Allow to disable OIDC authentication:
    • Consider a new environment variable to disable OIDC authentication.
    • Move configuration and user manager to auth store.
    • Remove user menu from sidebar and user name from home page when
      authentication is disabled.
    • Redirect to home page when visiting user signin pages with
      authentication disabled.
  • Add access control checks:
    • Consider new environment variables to enable Attribute Based Access
      Control and get a set of user attributes from a configurable claim in
      the access token.
    • Add attributes to auth store state and include actions to parse and
      check those attributes.
    • Configure protected routes and check attributes before each route
      change, redirecting to the home if the check fails.
    • Modify or hide elements (links, tabs, etc.) based on user attributes.

Refs #957.

@jraddaoui jraddaoui self-assigned this Jun 26, 2024
@codecov Codecov
Copy link

codecov bot commented Jun 26, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 53.10%. Comparing base (9ef2178) to head (f3e0f70).
Report is 37 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #978   +/-   ##
=======================================
  Coverage   53.10%   53.10%           
=======================================
  Files         101      101           
  Lines        5661     5661           
=======================================
  Hits         3006     3006           
  Misses       2407     2407           
  Partials      248      248

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jraddaoui
Copy link
Collaborator Author

@djjuhasz, @sevein, @sbreker

I'm struggling with the tests a little more than expected and it's getting late to review and merge, while I work in the documentation. Sorry about that, I'll restore and add more tests in a different PR. Again, I think it makes more sense to review commit by commit.

@jraddaoui jraddaoui requested review from sevein, djjuhasz and sbreker June 26, 2024 15:29
sbreker
sbreker reviewed Jun 26, 2024
View reviewed changes
dashboard/.env.development Outdated Show resolved Hide resolved
@sbreker sbreker self-requested a review June 26, 2024 16:48
sbreker
sbreker approved these changes Jun 26, 2024
View reviewed changes
Copy link
Contributor

@sbreker sbreker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great @jraddaoui 👍

@jraddaoui jraddaoui force-pushed the dev/issue-957-dashboard-abac branch from 61c66b1 to 26d62c0 Compare June 26, 2024 16:51
djjuhasz
djjuhasz approved these changes Jun 26, 2024
View reviewed changes
Copy link
Collaborator

@djjuhasz djjuhasz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @jraddaoui. Just a few comments.

dashboard/src/pages/index.vue Outdated Show resolved Hide resolved
dashboard/src/components/PackageLocationCard.vue Show resolved Hide resolved
dashboard/src/components/__tests__/PackageLocationCard.test.ts Show resolved Hide resolved
@jraddaoui
Add access control checks to dashboard
f3e0f70 
- Add home page.
- Split layout store:
  - Move user related elements to its own `auth` store.
- Allow to disable OIDC authentication:
  - Consider a new environment variable to disable OIDC authentication.
  - Move configuration and user manager to auth store.
  - Remove user menu from sidebar and user name from home page when
    authentication is disabled.
  - Redirect to home page when visiting user signin pages with
    authentication disabled.
- Add access control checks:
  - Consider new environment variables to enable Attribute Based Access
    Control and get a set of user attributes from a configurable claim in
    the access token.
  - Add attributes to auth store state and include actions to parse and
    check those attributes.
  - Configure protected routes and check attributes before each route
    change, redirecting to the home if the check fails.
  - Modify or hide elements (links, tabs, etc.) based on user attributes.
- Change Keycloak's realm name to "artefactual".
@jraddaoui jraddaoui force-pushed the dev/issue-957-dashboard-abac branch from 26d62c0 to f3e0f70 Compare June 27, 2024 12:50
@jraddaoui
Copy link
Collaborator Author

Thanks @djjuhasz!

@jraddaoui jraddaoui merged commit f3e0f70 into main Jun 27, 2024
15 checks passed
@jraddaoui jraddaoui deleted the dev/issue-957-dashboard-abac branch June 27, 2024 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbreker sbreker sbreker approved these changes

@djjuhasz djjuhasz djjuhasz approved these changes

@sevein sevein Awaiting requested review from sevein

Assignees

@jraddaoui jraddaoui

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jraddaoui @djjuhasz @sbreker