This pull request implements authorization checks for the creation of companies within our application using Keycloak. The main goal is to ensure that only users with the necessary permissions can create new company records. The implementation includes the following.
Keycloak Configuration
A new permission named create_company has been defined in Keycloak.
This permission has been assigned to relevant roles such as admin and superuser
Policy Creation and Application
A policy has been created to ensure that the user has the necessary authorization to perform the action of creating a company.
This policy has been applied to the company creation endpoint in our application.
Testing
Tests have been written to verify that unauthorized users receive a 403 Forbidden response when attempting to create a company.
Additional tests ensure that authorized users with the appropriate permissions can successfully create a company and receive a 201 Created response.
Tests also check for the correct error handling, ensuring that users without a valid JWT receive a 401 Unauthorized response.
This pull request implements authorization checks for the creation of companies within our application using Keycloak. The main goal is to ensure that only users with the necessary permissions can create new company records. The implementation includes the following.
create_companyhas been defined in Keycloak.adminandsuperuser403 Forbiddenresponse when attempting to create a company.201 Createdresponse.401 Unauthorizedresponse.