fix(rbac): remove duplication permission action values (#1939)

Signed-off-by: Oleksandr Andriienko <[email protected]>
janus-idp · Jul 31, 2024 · d1b8fcc · d1b8fcc
1 parent 8e0c464
commit d1b8fcc
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 10 deletions.
diff --git a/plugins/rbac-backend/src/validation/policies-validation.ts b/plugins/rbac-backend/src/validation/policies-validation.ts
@@ -5,7 +5,8 @@ import { AuthorizeResult } from '@backstage/plugin-permission-common';
 import { Enforcer } from 'casbin';
 
 import {
-  PermissionAction,
+  isValidPermissionAction,
+  PermissionActionValues,
   Role,
   RoleBasedPolicy,
   Source,
@@ -60,11 +61,8 @@ export function validatePolicy(policy: RoleBasedPolicy): Error | undefined {
   if (!policy.policy) {
     return new Error(`'policy' field must not be empty`);
   } else if (!isValidPermissionAction(policy.policy)) {
-    const validOptions = ['create', 'read', 'update', 'delete', 'use'].join(
-      ', ',
-    );
     return new Error(
-      `'policy' has invalid value: '${policy.policy}'. It should be one of: ${validOptions}`,
+      `'policy' has invalid value: '${policy.policy}'. It should be one of: ${PermissionActionValues.join(', ')}`,
     );
   }
 
@@ -104,10 +102,6 @@ export function validateRole(role: Role): Error | undefined {
   return undefined;
 }
 
-function isValidPermissionAction(action: string): action is PermissionAction {
-  return ['create', 'read', 'update', 'delete', 'use'].includes(action);
-}
-
 function isValidEffectValue(effect: string): boolean {
   return (
     effect === AuthorizeResult.ALLOW.toLocaleLowerCase() ||

diff --git a/plugins/rbac-common/src/types.ts b/plugins/rbac-common/src/types.ts
@@ -73,11 +73,24 @@ export type NonEmptyArray<T> = [T, ...T[]];
 // Permission framework attributes action has values: 'create' | 'read' | 'update' | 'delete' | undefined.
 // But we are introducing an action named "use" when action does not exist('undefined') to avoid
 // a more complicated model with multiple policy and request shapes.
-export type PermissionAction = 'create' | 'read' | 'update' | 'delete' | 'use';
+export const PermissionActionValues = [
+  'create',
+  'read',
+  'update',
+  'delete',
+  'use',
+] as const;
+export type PermissionAction = (typeof PermissionActionValues)[number];
 export const toPermissionAction = (
   attr: PermissionAttributes,
 ): PermissionAction => attr.action ?? 'use';
 
+export function isValidPermissionAction(
+  action: string,
+): action is PermissionAction {
+  return (PermissionActionValues as readonly string[]).includes(action);
+}
+
 export type PermissionInfo = {
   name: string;
   action: PermissionAction;