search

p2-inc / idp-wizard

Identity Provider setup wizards for Keycloak
https://phasetwo.io
Other
3 stars 1 forks source link

Remove flash required when checking role #79

Closed jeffpatzer closed 5 months ago

jeffpatzer commented 2 years ago

If someone doesn't have the right role, make sure that the page doesn't flash, but shows a loader until the access is cleared. Really only and issue on a first page load.

jeffpatzer commented 1 year ago

@xgp Can you confirm which roles one needs to have in order to view and access the wizard? I've got a few places that just check for admin access. That needs to be tweaked slightly based on role access at a higher app level in order to avoid a flash.

xgp commented 1 year ago

The roles required are in src/app/hooks/useRoleAccess.ts.

For "resource" roles, meaning the ones in the token in the realm-management or foo-realm part of the resource_access claim:

const requiredResourceRoles = [
  "manage-identity-providers",
  "view-identity-providers",
  "query-users",
  "view-users",
  "view-events",
  "view-realm",
  "manage-realm",
];

For "organization" roles, meaning the ones from each organization in the organizations claim:

const requiredOrganizationRoles = [
  "view-organization",
  "manage-organization",
  "view-identity-providers",
  "manage-identity-providers",
];

If they have either complete set of those (or both), they have access to the wizard.