Closed davidclaveau closed 4 months ago
Preliminary changes have been made to the INSPECT app to check the Keycloak JWT - instead of the API call to LUCY - to determine access. The user is only allowed access if they have "admin" or "data-editor" roles in Keycloak. All other users are considered "invalid" and see the "Access Request" screen. User can attempt to login again to see if their role has been updated.
Authentication files were cleaned up, user roles are now determined by keycloak.
Describe the task Migrate the permission logic to use Keycloak instead of the INSPECT/LUCY app's internal database user-management setup.
Purpose Currently, changing user roles requires running a script on the LUCY database, or manually updating roles by porting the database. By updating the app to use Keycloak roles, we can align the app's permission setup with other government apps and use the SSO UI to add/remove users and roles with greater ease.
Acceptance Criteria
Additional context
user_role
table'srole_code_id
might need to be updated to mirror Keycloak permissions. E.g. "Admin" in Keycloak updatesrole_code_id
to 1 in the database, etc.