Closed tony-shannon closed 5 years ago
tony-shannon
commented
5 years ago Need estimate of effort from @Robtweed to reinstate at least 2 roles (PHR & IDCR) & related RBAC in the stack via either;
need discussion with @DmitrySolyannik
NB See here for user/role logic from earlier version https://github.com/RippleOSI/Ripple-Qewd/blob/master/lib/user/user.js
tony-shannon
commented
5 years ago updated discussion with RT on this
Yes - if he wants to start work on it, all he needs to do is set/change the role property/claim in the JWT to either IDCR or PHR (or whatever values you want to use for these roles), and modify the application logic in QEWD Courier appropriately - he don't need to wait till the role is coming back from the OIDC provider
it's just a property in the JWT that he can change anywhere and any time in his logic
All I'll be doing is returning the role as a property in the idToken returned by the OIDC Provider when they log in via the OIDC Provider
So Dima can hack his code to simulate what will be eventually set up in the JWT
tony-shannon
commented
5 years ago @DmitrySolyannik can you consider an interim hack to add behaviour eg
if user email == ivor.cox@gmail.com then userrole = PHR and NHS# = 9999990000 else userrole = IDCR
PhilBarrett
commented
5 years ago Awaiting PR from @DmitrySolyannik
kuvakina
commented
5 years ago @tony-shannon @PhilBarrett
Dima created the user and PR for Ivor Cox.
@BogdanScherban could you please add restrictions for this user?
PhilBarrett
commented
5 years ago Reviewed and working fine
Need to get both PHR and IDCR roles working again with our showcase stack , so need to revisit this in authentication service