🐛 Fix migrator permissions

ibolton336 · ibolton336 · commit 3f2ef92b5c97 · 2023-12-11T17:03:07.000-05:00
Signed-off-by: ibolton336 &lt;ibolton@redhat.com&gt;
diff --git a/client/src/app/pages/applications/applications-table/applications-table.tsx b/client/src/app/pages/applications/applications-table/applications-table.tsx
@@ -58,8 +58,16 @@ import keycloak from "@app/keycloak";
 import {
   RBAC,
   RBAC_TYPE,
+  analysisReadScopes,
+  analysisWriteScopes,
   applicationsWriteScopes,
+  assessmentReadScopes,
+  assessmentWriteScopes,
+  credentialsWriteScopes,
+  dependenciesWriteScopes,
   importsWriteScopes,
+  reviewsReadScopes,
+  reviewsWriteScopes,
   tasksReadScopes,
   tasksWriteScopes,
 } from "@app/rbac";
@@ -542,8 +550,16 @@ export const ApplicationsTable: React.FC = () => {
   const userScopes: string[] = token?.scope.split(" ") || [],
     importWriteAccess = checkAccess(userScopes, importsWriteScopes),
     applicationWriteAccess = checkAccess(userScopes, applicationsWriteScopes),
+    assessmentWriteAccess = checkAccess(userScopes, assessmentWriteScopes),
+    analysisWriteAccess = checkAccess(userScopes, analysisWriteScopes),
+    assessmentReadAccess = checkAccess(userScopes, assessmentReadScopes),
+    credentialsWriteAccess = checkAccess(userScopes, credentialsWriteScopes),
+    dependenciesWriteAccess = checkAccess(userScopes, dependenciesWriteScopes),
+    analysisReadAccess = checkAccess(userScopes, analysisReadScopes),
     tasksReadAccess = checkAccess(userScopes, tasksReadScopes),
-    tasksWriteAccess = checkAccess(userScopes, tasksWriteScopes);
+    tasksWriteAccess = checkAccess(userScopes, tasksWriteScopes),
+    reviewsWriteAccess = checkAccess(userScopes, reviewsWriteScopes),
+    reviewsReadAccess = checkAccess(userScopes, reviewsReadScopes);
 
   const areAppsInWaves = selectedRows.some(
     (application) => application.migrationWave !== null
@@ -985,15 +1001,26 @@ export const ApplicationsTable: React.FC = () => {
                       <Td isActionCell id="row-actions">
                         <ActionsColumn
                           items={[
-                            {
-                              title: t("actions.assess"),
-                              onClick: () => assessSelectedApp(application),
-                            },
-                            {
-                              title: t("actions.review"),
-                              onClick: () => reviewSelectedApp(application),
-                            },
-                            ...(application?.assessments?.length
+                            ...(assessmentWriteAccess
+                              ? [
+                                  {
+                                    title: t("actions.assess"),
+                                    onClick: () =>
+                                      assessSelectedApp(application),
+                                  },
+                                ]
+                              : []),
+                            ...(reviewsWriteAccess
+                              ? [
+                                  {
+                                    title: t("actions.review"),
+                                    onClick: () =>
+                                      reviewSelectedApp(application),
+                                  },
+                                ]
+                              : []),
+                            ...(application?.assessments?.length &&
+                            assessmentWriteAccess
                               ? [
                                   {
                                     title: t("actions.discardAssessment"),
@@ -1002,7 +1029,7 @@ export const ApplicationsTable: React.FC = () => {
                                   },
                                 ]
                               : []),
-                            ...(application?.review
+                            ...(application?.review && reviewsWriteAccess
                               ? [
                                   {
                                     title: t("actions.discardReview"),
@@ -1011,31 +1038,50 @@ export const ApplicationsTable: React.FC = () => {
                                   },
                                 ]
                               : []),
-                            {
-                              title: t("actions.delete"),
-                              onClick: () =>
-                                setApplicationsToDelete([application]),
-                            },
-                            {
-                              title: t("actions.manageDependencies"),
-                              onClick: () =>
-                                setApplicationDependenciesToManage(application),
-                            },
-                            {
-                              title: t("actions.manageCredentials"),
-                              onClick: () =>
-                                setSaveApplicationsCredentialsModalState([
-                                  application,
-                                ]),
-                            },
-                            {
-                              title: t("actions.analysisDetails"),
-                              onClick: () =>
-                                setTaskToView({
-                                  name: application.name,
-                                  task: getTask(application)?.id,
-                                }),
-                            },
+                            ...(applicationWriteAccess
+                              ? [
+                                  {
+                                    title: t("actions.delete"),
+                                    onClick: () =>
+                                      setApplicationsToDelete([application]),
+                                  },
+                                ]
+                              : []),
+                            ...(dependenciesWriteAccess
+                              ? [
+                                  {
+                                    title: t("actions.manageDependencies"),
+                                    onClick: () =>
+                                      setApplicationDependenciesToManage(
+                                        application
+                                      ),
+                                  },
+                                ]
+                              : []),
+
+                            ...(credentialsWriteAccess
+                              ? [
+                                  {
+                                    title: t("actions.manageCredentials"),
+                                    onClick: () =>
+                                      setSaveApplicationsCredentialsModalState([
+                                        application,
+                                      ]),
+                                  },
+                                ]
+                              : []),
+                            ...(analysisReadAccess
+                              ? [
+                                  {
+                                    title: t("actions.analysisDetails"),
+                                    onClick: () =>
+                                      setTaskToView({
+                                        name: application.name,
+                                        task: getTask(application)?.id,
+                                      }),
+                                  },
+                                ]
+                              : []),
                             ...(isTaskCancellable(application) &&
                             tasksReadAccess &&
                             tasksWriteAccess
diff --git a/client/src/app/rbac.ts b/client/src/app/rbac.ts
@@ -20,7 +20,7 @@ export const RBAC = ({
   if (isAuthRequired) {
     const token = keycloak.tokenParsed || undefined;
     if (rbacType === RBAC_TYPE.Role) {
-      let userRoles = token?.realm_access?.roles || [],
+      const userRoles = token?.realm_access?.roles || [],
         access = checkAccess(userRoles, allowedPermissions);
       return access && children;
     } else if (rbacType === RBAC_TYPE.Scope) {
@@ -104,6 +104,32 @@ export const applicationsWriteScopes = [
   "applications:delete",
 ];
 
+export const analysisWriteScopes = [
+  "applications.analysis:put",
+  "applications.analysis:post",
+  "applications.analysis:delete",
+  "archetypes.analysis:put",
+  "archetypes.analysis:post",
+  "archetypes.analysis:delete",
+];
+export const analysisReadScopes = [
+  "applications.analysis:get",
+  "archetypes.analysis:get",
+];
+
+export const assessmentWriteScopes = [
+  "applications.assessments:put",
+  "applications.assessments:post",
+  "applications.assessments:delete",
+  "archetypes.assessments:put",
+  "archetypes.assessments:post",
+  "archetypes.assessments:delete",
+];
+export const assessmentReadScopes = [
+  "applications.assessments:get",
+  "archetypes.assessments:get",
+];
+
 export const modifiedPathfinderWriteScopes = [
   "assessments:put",
   "assessments:patch",
@@ -126,3 +152,17 @@ export const tasksWriteScopes = [
   "taskgroups:put",
   "taskgroups:delete",
 ];
+
+export const credentialsWriteScopes = [
+  "identities:put",
+  "identities:post",
+  "identities:delete",
+];
+export const credentialsReadScopes = ["identities:get"];
+
+export const reviewsWriteScopes = [
+  "reviews:put",
+  "reviews:post",
+  "reviews:delete",
+];
+export const reviewsReadScopes = ["reviews:get"];
