Skip to content

Commit

Permalink
fix: add missing permission and defaultPermissionInToken attribute in…
Browse files Browse the repository at this point in the history
… role-scope mapping (#1270)
  • Loading branch information
iromli authored Apr 28, 2022
1 parent 0db5b85 commit e2c67ec
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 2 deletions.
2 changes: 1 addition & 1 deletion docker-jans-persistence-loader/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ RUN python3 -m ensurepip \
# jans-linux-setup sync
# =====================

ENV JANS_LINUX_SETUP_VERSION=fc9544c861f30eb7370f635b07d9810ae33a7dba
ENV JANS_LINUX_SETUP_VERSION=eb113d09421b95671fe1ab4eaa5c4bafc2aed6af
ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup

# note that as we're pulling from a monorepo (with multiple project in it)
Expand Down
29 changes: 28 additions & 1 deletion docker-jans-persistence-loader/scripts/upgrade.py
Original file line number Diff line number Diff line change
Expand Up @@ -680,13 +680,16 @@ def update_admin_ui_config(self):
api_admin_perms = api_role["permissions"]
break

# current permissions
try:
current_role_mapping = json.loads(entry.attrs["jansConfDyn"])
except TypeError:
current_role_mapping = entry.attrs["jansConfDyn"]

should_update = False

# check for rolePermissionMapping
#
# - compare role permissions for api-admin
for i, api_role in enumerate(current_role_mapping["rolePermissionMapping"]):
if api_role["role"] == "api-admin":
# compare permissions between the ones from persistence (current) and newer permissions
Expand All @@ -695,6 +698,30 @@ def update_admin_ui_config(self):
should_update = True
break

# check for permissions
#
# - add new permission if not exist
# - add defaultPermissionInToken (if not exist) in each permission

# determine current permission with index/position
current_perms = {
permission["permission"]: {"index": i}
for i, permission in enumerate(current_role_mapping["permissions"])
}

for perm in role_mapping["permissions"]:
if perm["permission"] not in current_perms:
# add missing permission
current_role_mapping["permissions"].append(perm)
should_update = True
else:
# add missing defaultPermissionInToken
index = current_perms[perm["permission"]]["index"]
if "defaultPermissionInToken" in current_role_mapping["permissions"][index]:
continue
current_role_mapping["permissions"][index]["defaultPermissionInToken"] = perm["defaultPermissionInToken"]
should_update = True

if should_update:
entry.attrs["jansConfDyn"] = json.dumps(current_role_mapping)
entry.attrs["jansRevision"] += 1
Expand Down

0 comments on commit e2c67ec

Please sign in to comment.