Skip to content

Commit ed13bc2

Browse files
debsmita1JohannesWill
authored andcommitted
fix(rbac): hide permissions for uninstalled plugins (backstage#4698)
Signed-off-by: Debsmita Santra <[email protected]>
1 parent 86b7971 commit ed13bc2

File tree

5 files changed

+50
-45
lines changed

5 files changed

+50
-45
lines changed
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'@backstage-community/plugin-rbac': patch
3+
---
4+
5+
hide permissions for uninstalled plugins

workspaces/rbac/plugins/rbac/src/hooks/useRoles.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -205,7 +205,7 @@ export const useRoles = (
205205
getPluginInfo(
206206
permissionPolicies as PluginPermissionMetaData[],
207207
po,
208-
).pluginId,
208+
)?.pluginId,
209209
);
210210
accPls = [...accPls, ...pls].filter(val => !!val) as string[];
211211
}

workspaces/rbac/plugins/rbac/src/types.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,14 @@ export type PermissionsDataSet = {
5959
usingResourceType?: boolean;
6060
};
6161

62+
export type PluginInfoType = {
63+
pluginId: string;
64+
isResourced: boolean;
65+
resourceType?: string;
66+
permissionName: string;
67+
usingResourceType?: boolean;
68+
};
69+
6270
export type SelectedPlugin = { label: string; value: string };
6371

6472
export type PermissionsData = {

workspaces/rbac/plugins/rbac/src/utils/rbac-utils.test.ts

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ import {
2222

2323
import {
2424
PermissionAction,
25+
PluginPermissionMetaData,
2526
RoleConditionalPolicyDecision,
2627
} from '@backstage-community/plugin-rbac-common';
2728

@@ -181,33 +182,42 @@ describe('rbac utils', () => {
181182
expect(getMembersFromGroup(resource)).toBe(0);
182183
});
183184

184-
it('should return plugin-id of the policy', () => {
185+
it('should return plugin-id of the policy and return null if no pluginId exists', () => {
185186
expect(
186187
getPluginInfo(mockPermissionPolicies, {
187188
permission: 'catalog.entity.read',
188189
policy: 'read',
189-
}).pluginId,
190+
})?.pluginId,
190191
).toBe('catalog');
191192
expect(
192193
getPluginInfo(mockPermissionPolicies, {
193194
permission: 'scaffolder.template.read',
194195
policy: 'read',
195-
}).pluginId,
196+
})?.pluginId,
196197
).toBe('scaffolder');
198+
const mockPermissionPoliciesWithoutPluginId = [
199+
{ ...mockPermissionPolicies[0], pluginId: undefined },
200+
] as any as PluginPermissionMetaData[];
201+
expect(
202+
getPluginInfo(mockPermissionPoliciesWithoutPluginId, {
203+
permission: 'scaffolder.template.read',
204+
policy: 'read',
205+
}),
206+
).toBe(null);
197207
});
198208

199209
it('should return if the permission is resourced', () => {
200210
expect(
201211
getPluginInfo(mockPermissionPolicies, {
202212
permission: 'catalog.entity.read',
203213
policy: 'read',
204-
}).isResourced,
214+
})?.isResourced,
205215
).toBe(true);
206216
expect(
207217
getPluginInfo(mockPermissionPolicies, {
208218
permission: 'scaffolder.template.read',
209219
policy: 'read',
210-
}).isResourced,
220+
})?.isResourced,
211221
).toBe(true);
212222
});
213223

workspaces/rbac/plugins/rbac/src/utils/rbac-utils.ts

Lines changed: 21 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@ import {
5050
MembersData,
5151
PermissionsData,
5252
PermissionsDataSet,
53+
PluginInfoType,
5354
} from '../types';
5455
import { getMembersCount } from './create-role-utils';
5556

@@ -135,24 +136,9 @@ export const getMembersFromGroup = (group: GroupEntity): number => {
135136
export const getPluginInfo = (
136137
permissions: PluginPermissionMetaData[],
137138
policy: RoleBasedPolicy,
138-
): {
139-
pluginId: string;
140-
isResourced: boolean;
141-
resourceType?: string;
142-
permissionName: string;
143-
usingResourceType?: boolean;
144-
} =>
139+
): PluginInfoType | null =>
145140
permissions.reduce(
146-
(
147-
acc: {
148-
pluginId: string;
149-
isResourced: boolean;
150-
resourceType?: string;
151-
permissionName: string;
152-
usingResourceType?: boolean;
153-
},
154-
p: PluginPermissionMetaData,
155-
) => {
141+
(acc: PluginInfoType | null, p: PluginPermissionMetaData) => {
156142
const policyData = p.policies.find(pol => {
157143
if (pol.policy === policy.policy) {
158144
if (isResourcedPolicy(pol)) {
@@ -166,9 +152,9 @@ export const getPluginInfo = (
166152
}
167153
return false;
168154
});
169-
if (policyData) {
155+
if (p.pluginId && policyData) {
170156
return {
171-
pluginId: p.pluginId || '-',
157+
pluginId: p.pluginId,
172158
permissionName: policyData.name || '-',
173159
isResourced: isResourcedPolicy(policyData) || false,
174160
resourceType: isResourcedPolicy(policyData)
@@ -181,7 +167,7 @@ export const getPluginInfo = (
181167
}
182168
return acc;
183169
},
184-
{ pluginId: '-', isResourced: false, permissionName: '-' },
170+
null,
185171
);
186172

187173
const getPolicy = (str: string) => {
@@ -226,25 +212,21 @@ export const getPermissionsData = (
226212
const policyTitleCase = capitalizeFirstLetter(policyStr);
227213
const policyString = new Set<string>();
228214
const policiesSet = new Set<{ policy: string; effect: string }>();
229-
const {
230-
pluginId,
231-
isResourced,
232-
resourceType,
233-
permissionName,
234-
usingResourceType,
235-
} = getPluginInfo(permissionPolicies, policy);
236-
acc.push({
237-
permission: permissionName,
238-
plugin: pluginId,
239-
policyString: policyString.add(policyTitleCase || 'Use'),
240-
policies: policiesSet.add({
241-
policy: policyTitleCase || 'Use',
242-
effect: policy.effect,
243-
}),
244-
isResourced,
245-
resourceType,
246-
usingResourceType,
247-
});
215+
const pluginInfo = getPluginInfo(permissionPolicies, policy);
216+
if (pluginInfo?.pluginId) {
217+
acc.push({
218+
permission: pluginInfo.permissionName,
219+
plugin: pluginInfo.pluginId,
220+
policyString: policyString.add(policyTitleCase || 'Use'),
221+
policies: policiesSet.add({
222+
policy: policyTitleCase || 'Use',
223+
effect: policy.effect,
224+
}),
225+
isResourced: pluginInfo.isResourced,
226+
resourceType: pluginInfo.resourceType,
227+
usingResourceType: pluginInfo.usingResourceType,
228+
});
229+
}
248230
}
249231
return acc;
250232
},

0 commit comments

Comments
 (0)