search

InseeFr / Bauhaus-Back-Office

Back-office services for Bauhaus
MIT License
3 stars 8 forks source link

RBAC #646

Closed EmmanuelDemey closed 6 days ago

FBibonne commented 2 weeks ago

Api proposal for Rbac : 

    @Test
    void givenTheRoleShouldGrantPrivilege(){
        //GIVEN
        var roles=List.of("A_ROLE");
        //WHEN
        AccessPrivileges accessPrivileges = rbacService.computeRbac(roles);
        // THEN
        assertThat(accessPrivileges.isGranted(update).on(serie).withId("s1279")).isTrue();
    }

which should give for controlers : @PreAuthorize("canUpdateSerie(#seriesId)")

whose implementation (in class SecurityExpressionRootForBauhaus) would be : 

public boolean canUpdateSerie(String serieId){
    return getAccessPrivileges(getStamp()).isGranted(update).on(serie).withId(serieId);
}
FBibonne commented 2 weeks ago

commit #7366332f196accb4ad372564396c5e0388eeb5cc make a proposal for internal implementation from configuration maps deserialized from rbac.yaml