Merge pull request #492 from hasuniea/mainb

Make admin web app accessible with users with different roles and permissions

portals/admin/src/main/webapp/site/public/conf/settings.json

@@ -20,11 +20,15 @@
       "timeout": 2000
     },
     "docUrl": "https://apim.docs.wso2.com/en/4.2.0/",
-    "minScopesToLogin": [
-      "apim:api_workflow_view",
-      "apim:api_workflow_approve",
-      "apim:tenantInfo",
-      "apim:admin_settings"
-    ]
+    "roles": {
+      "workflowManager": ["apim:api_workflow_view", "apim:api_workflow_approve", "apim:tenantInfo", "openid", "apim:admin_settings"],
+      "policyManager": ["apim:tier_view","apim:policies_import_export", "apim:tier_manage", "apim:tenantInfo",
+         "apim:bl_view", "apim:bl_manage", "openid", "apim:admin_settings"],
+      "categoriesManager": ["apim:api_category", "openid", "apim:tenantInfo", "apim:admin_settings"],
+      "keyManagers": ["apim:keymanagers_manage", "openid", "apim:tenantInfo", "apim:admin_settings"],
+      "gatewayManager": ["apim:environment_manage", "openid", "apim:admin_settings", "apim:environment_read"],
+      "settingsManager": ["apim:app_owner_change", "apim:app_import_export", "apim:admin_application_view","apim:scope_manage", "openid", 
+                          "apim:admin_settings", "apim:tenantInfo"]
+      }
   }
 }

portals/admin/src/main/webapp/source/src/app/components/AdminPages/Dashboard/Dashboard.jsx

@@ -31,15 +31,21 @@ import { useAppContext } from 'AppComponents/Shared/AppContext';
 export default function Dashboard() {
     const { user: { _scopes } } = useAppContext();
     const hasWorkflowViewPermission = _scopes.includes('apim:api_workflow_view');
+    const hasPolicyViewPermission = _scopes.includes('apim:tier_view');
+    const hasAPICategoryViewPermission = _scopes.includes('apim:admin_operations');
     return (
         <ContentBase width='full' title='Dashboard' pageStyle='paperLess'>
             <Grid container spacing={3} justify='center'>
-                <Grid item xs={11} md={6}>
-                    <RateLimitingCard />
-                </Grid>
-                <Grid item xs={11} md={6}>
-                    <APICategoriesCard />
-                </Grid>
+                {hasPolicyViewPermission && (
+                    <Grid item xs={11} md={6}>
+                        <RateLimitingCard />
+                    </Grid>
+                )}
+                {hasAPICategoryViewPermission && (
+                    <Grid item xs={11} md={6}>
+                        <APICategoriesCard />
+                    </Grid>
+                )}
                 {hasWorkflowViewPermission && (
                     <Grid item xs={11} md={6}>
                         <TasksWorkflowCard />

portals/admin/src/main/webapp/source/src/app/components/Base/Navigator.jsx

@@ -79,27 +79,79 @@ function Navigator(props) {
         routeMenuMapping = RouteMenuMapping(intl).filter((menu) => menu.id !== 'Manage Alerts');
     }
 
-    const hasWorkflowViewPermission = _scopes.includes('apim:api_workflow_view');
-    if (!hasWorkflowViewPermission) {
-        routeMenuMapping = RouteMenuMapping(intl).filter((menu) => menu.id !== 'Tasks');
-    }
+    const hasPermission = (scopes) => {
+        for (let i = 0; i < scopes.length; i++) {
+            if (!_scopes.includes(scopes[i])) {
+                return false;
+            }
+        }
+        return true;
+    };
 
-    const isWorkflowManager = _scopes.includes('apim:api_workflow_view')
-    && _scopes.includes('apim:api_workflow_approve')
-    && _scopes.includes('apim:tenantInfo')
-    && _scopes.includes('openid')
-    && _scopes.includes('apim:admin_settings')
-    && _scopes.length === 5;
+    const isWorkflowManager = hasPermission(Configurations.app.roles.workflowManager);
+    const isSettingsManager = hasPermission(Configurations.app.roles.settingsManager);
+    const isPolicyManager = hasPermission(Configurations.app.roles.policyManager);
+    const iskeyManagers = hasPermission(Configurations.app.roles.keyManagers);
+    const isAPICategory = hasPermission(Configurations.app.roles.categoriesManager);
+    const isGatewayManager = hasPermission(Configurations.app.roles.gatewayManager);
 
-    if (isWorkflowManager) {
-        const { location: { pathname } } = history;
-        if (pathname.indexOf('dashboard') !== -1) {
-            history.push('/tasks/user-creation');
+    const entireArray = [];
+    const checkRouteMenuMapping = routeMenuMapping;
+    for (let i = 0; i < checkRouteMenuMapping.length; i++) {
+        const adminRoute = routeMenuMapping;
+        if (checkRouteMenuMapping[i].id === 'Dashboard') {
+            const dashboardObj = checkRouteMenuMapping[i];
+            entireArray.push(dashboardObj);
+        }
+        if (checkRouteMenuMapping[i].id === 'Rate Limiting Policies') {
+            const policyObj = checkRouteMenuMapping[i];
+            if (isPolicyManager) {
+                entireArray.push(policyObj);
+            }
+        }
+        if (checkRouteMenuMapping[i].id === 'Tasks') {
+            const taskObj = checkRouteMenuMapping[i];
+            if (isWorkflowManager) {
+                entireArray.push(taskObj);
+            }
+        }
+        if (checkRouteMenuMapping[i].id === 'Key Managers') {
+            const keyManagerObj = checkRouteMenuMapping[i];
+            if (iskeyManagers) {
+                entireArray.push(keyManagerObj);
+            }
+        }
+        if (checkRouteMenuMapping[i].id === 'API Categories') {
+            const apiCatObj = checkRouteMenuMapping[i];
+            if (isAPICategory) {
+                entireArray.push(apiCatObj);
+            }
+        }
+        if (checkRouteMenuMapping[i].id === 'Gateways') {
+            const gatewayObj = checkRouteMenuMapping[i];
+            if (isGatewayManager) {
+                entireArray.push(gatewayObj);
+            }
+        }
+        if (checkRouteMenuMapping[i].id === 'Settings') {
+            const settingObj = checkRouteMenuMapping[i];
+            const val = settingObj;
+            const childRoutes = val.children;
+            if (!_scopes.includes('apim:admin')) {
+                for (let k = 0; k < childRoutes.length; k++) {
+                    if (childRoutes[k].id === 'Advanced') {
+                        childRoutes.splice(k, 1);
+                    }
+                }
+            }
+            if (isSettingsManager) {
+                entireArray.push(val);
+            }
+        }
+        routeMenuMapping = entireArray;
+        if (_scopes.includes('apim:admin')) {
+            routeMenuMapping = adminRoute;
         }
-        routeMenuMapping = routeMenuMapping.filter(((route) => route.id === intl.formatMessage({
-            id: 'Base.RouteMenuMapping.tasks',
-            defaultMessage: 'Tasks',
-        })));
     }
 
     const updateAllRoutePaths = (path) => {

portals/admin/src/main/webapp/source/src/app/data/AuthManager.js

@@ -141,21 +141,48 @@ class AuthManager {
         Utils.getCookie(User.CONST.WSO2_AM_REFRESH_TOKEN_1, currentEnv);
     }
 
-    static hasBasicLoginPermission(scopes) {
-        if (scopes.includes('apim:admin')) {
-            return true;
-        } else {
-            let { minScopesToLogin } = Configurations.app;
-            if (!minScopesToLogin) {
-                minScopesToLogin = CONSTS.DEFAULT_MIN_SCOPES_TO_LOGIN;
-            }
-            for (let i = 0; i < minScopesToLogin.length; i++) {
-                if (!scopes.includes(minScopesToLogin[i])) {
-                    return false;
-                }
+    static hasPermission = (scopes, val) => {
+        let value;
+        if (val === 'workflowManager') {
+            value = Configurations.app.roles.workflowManager;
+        } else if (val === 'settingsManager') {
+            value = Configurations.app.roles.settingsManager;
+        } else if (val === 'policyManager') {
+            value = Configurations.app.roles.policyManager;
+        } else if (val === 'keyManagers') {
+            value = Configurations.app.roles.keyManagers;
+        } else if (val === 'categoriesManager') {
+            value = Configurations.app.roles.workflowManager;
+        } else if (val === 'gatewayManager') {
+            value = Configurations.app.roles.gatewayManager;
+        }
+        for (let i = 0; i < value.length; i++) {
+            if (!scopes.includes(value[i])) {
+                return false;
             }
-            return true;
         }
+        return true;
+    };
+
+    /**
+     *
+     * @param {*} scopes
+     * @returns
+     */
+    static hasBasicLoginPermission(scopes) {
+        const workflowManager = 'workflowManager';
+        const settingsManager = 'settingsManager';
+        const policyManager = 'policyManager';
+        const keyManagers = 'keyManagers';
+        const categoriesManager = 'categoriesManager';
+        const gatewayManager = 'gatewayManager';
+        return (scopes.includes('apim:admin')
+        || this.hasPermission(scopes, workflowManager)
+        || this.hasPermission(scopes, settingsManager)
+        || this.hasPermission(scopes, policyManager)
+        || this.hasPermission(scopes, keyManagers)
+        || this.hasPermission(scopes, categoriesManager)
+        || this.hasPermission(scopes, gatewayManager));
     }
 
     /**

portals/admin/src/main/webapp/source/src/app/data/Constants.js

@@ -26,7 +26,8 @@ const CONSTS = {
     },
     TENANT_STATE_ACTIVE: 'ACTIVE',
     DEFAULT_MIN_SCOPES_TO_LOGIN: ['apim:api_workflow_view', 'apim:api_workflow_approve', 'apim:tenantInfo',
-        'apim:admin_settings'],
+        'apim:admin_settings', 'apim:tier_view', 'apim:policies_import_export', 'apim:tier_manage', 'apim:bl_manage',
+    ],
 };
 
 export default CONSTS;