fix(rbac): hide permissions for uninstalled plugins (backstage#4698)

Signed-off-by: Debsmita Santra <[email protected]>

Author: debsmita1

workspaces/rbac/.changeset/funny-suns-approve.md

@@ -0,0 +1,5 @@
+---
+'@backstage-community/plugin-rbac': patch
+---
+
+hide permissions for uninstalled plugins

workspaces/rbac/plugins/rbac/src/hooks/useRoles.ts

@@ -205,7 +205,7 @@ export const useRoles = (
                     getPluginInfo(
                       permissionPolicies as PluginPermissionMetaData[],
                       po,
-                    ).pluginId,
+                    )?.pluginId,
                 );
                 accPls = [...accPls, ...pls].filter(val => !!val) as string[];
               }

workspaces/rbac/plugins/rbac/src/types.ts

@@ -59,6 +59,14 @@ export type PermissionsDataSet = {
   usingResourceType?: boolean;
 };
 
+export type PluginInfoType = {
+  pluginId: string;
+  isResourced: boolean;
+  resourceType?: string;
+  permissionName: string;
+  usingResourceType?: boolean;
+};
+
 export type SelectedPlugin = { label: string; value: string };
 
 export type PermissionsData = {

workspaces/rbac/plugins/rbac/src/utils/rbac-utils.test.ts

@@ -22,6 +22,7 @@ import {
 
 import {
   PermissionAction,
+  PluginPermissionMetaData,
   RoleConditionalPolicyDecision,
 } from '@backstage-community/plugin-rbac-common';
 
@@ -181,33 +182,42 @@ describe('rbac utils', () => {
     expect(getMembersFromGroup(resource)).toBe(0);
   });
 
-  it('should return plugin-id of the policy', () => {
+  it('should return plugin-id of the policy and return null if no pluginId exists', () => {
     expect(
       getPluginInfo(mockPermissionPolicies, {
         permission: 'catalog.entity.read',
         policy: 'read',
-      }).pluginId,
+      })?.pluginId,
     ).toBe('catalog');
     expect(
       getPluginInfo(mockPermissionPolicies, {
         permission: 'scaffolder.template.read',
         policy: 'read',
-      }).pluginId,
+      })?.pluginId,
     ).toBe('scaffolder');
+    const mockPermissionPoliciesWithoutPluginId = [
+      { ...mockPermissionPolicies[0], pluginId: undefined },
+    ] as any as PluginPermissionMetaData[];
+    expect(
+      getPluginInfo(mockPermissionPoliciesWithoutPluginId, {
+        permission: 'scaffolder.template.read',
+        policy: 'read',
+      }),
+    ).toBe(null);
   });
 
   it('should return if the permission is resourced', () => {
     expect(
       getPluginInfo(mockPermissionPolicies, {
         permission: 'catalog.entity.read',
         policy: 'read',
-      }).isResourced,
+      })?.isResourced,
     ).toBe(true);
     expect(
       getPluginInfo(mockPermissionPolicies, {
         permission: 'scaffolder.template.read',
         policy: 'read',
-      }).isResourced,
+      })?.isResourced,
     ).toBe(true);
   });
 

workspaces/rbac/plugins/rbac/src/utils/rbac-utils.ts

@@ -50,6 +50,7 @@ import {
   MembersData,
   PermissionsData,
   PermissionsDataSet,
+  PluginInfoType,
 } from '../types';
 import { getMembersCount } from './create-role-utils';
 
@@ -135,24 +136,9 @@ export const getMembersFromGroup = (group: GroupEntity): number => {
 export const getPluginInfo = (
   permissions: PluginPermissionMetaData[],
   policy: RoleBasedPolicy,
-): {
-  pluginId: string;
-  isResourced: boolean;
-  resourceType?: string;
-  permissionName: string;
-  usingResourceType?: boolean;
-} =>
+): PluginInfoType | null =>
   permissions.reduce(
-    (
-      acc: {
-        pluginId: string;
-        isResourced: boolean;
-        resourceType?: string;
-        permissionName: string;
-        usingResourceType?: boolean;
-      },
-      p: PluginPermissionMetaData,
-    ) => {
+    (acc: PluginInfoType | null, p: PluginPermissionMetaData) => {
       const policyData = p.policies.find(pol => {
         if (pol.policy === policy.policy) {
           if (isResourcedPolicy(pol)) {
@@ -166,9 +152,9 @@ export const getPluginInfo = (
         }
         return false;
       });
-      if (policyData) {
+      if (p.pluginId && policyData) {
         return {
-          pluginId: p.pluginId || '-',
+          pluginId: p.pluginId,
           permissionName: policyData.name || '-',
           isResourced: isResourcedPolicy(policyData) || false,
           resourceType: isResourcedPolicy(policyData)
@@ -181,7 +167,7 @@ export const getPluginInfo = (
       }
       return acc;
     },
-    { pluginId: '-', isResourced: false, permissionName: '-' },
+    null,
   );
 
 const getPolicy = (str: string) => {
@@ -226,25 +212,21 @@ export const getPermissionsData = (
         const policyTitleCase = capitalizeFirstLetter(policyStr);
         const policyString = new Set<string>();
         const policiesSet = new Set<{ policy: string; effect: string }>();
-        const {
-          pluginId,
-          isResourced,
-          resourceType,
-          permissionName,
-          usingResourceType,
-        } = getPluginInfo(permissionPolicies, policy);
-        acc.push({
-          permission: permissionName,
-          plugin: pluginId,
-          policyString: policyString.add(policyTitleCase || 'Use'),
-          policies: policiesSet.add({
-            policy: policyTitleCase || 'Use',
-            effect: policy.effect,
-          }),
-          isResourced,
-          resourceType,
-          usingResourceType,
-        });
+        const pluginInfo = getPluginInfo(permissionPolicies, policy);
+        if (pluginInfo?.pluginId) {
+          acc.push({
+            permission: pluginInfo.permissionName,
+            plugin: pluginInfo.pluginId,
+            policyString: policyString.add(policyTitleCase || 'Use'),
+            policies: policiesSet.add({
+              policy: policyTitleCase || 'Use',
+              effect: policy.effect,
+            }),
+            isResourced: pluginInfo.isResourced,
+            resourceType: pluginInfo.resourceType,
+            usingResourceType: pluginInfo.usingResourceType,
+          });
+        }
       }
       return acc;
     },