Orchestrator - workflow with permissions

Signed-off-by: gabriel-farache <[email protected]>
janus-idp · Jun 17, 2024 · 1d3d10d · 1d3d10d
1 parent 8d0c299
commit 1d3d10d
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 20 deletions.
diff --git a/packages/app/src/App.tsx b/packages/app/src/App.tsx
@@ -99,7 +99,7 @@ const routes = (
     </Route>
     <Route path="/settings" element={<UserSettingsPage />} />
     <Route path="/catalog-graph" element={<CatalogGraphPage />} />
-    <Route path="/orchestrator" element={<OrchestratorPage/>} />
+    <Route path="/orchestrator" element={<OrchestratorPage />} />
   </FlatRoutes>
 );
 

diff --git a/packages/app/src/components/Root/Root.tsx b/packages/app/src/components/Root/Root.tsx
@@ -105,7 +105,6 @@ export const Root = ({
           to="orchestrator"
           text="Orchestrator"
         />
-
       </SidebarGroup>
       <SidebarSpace />
       <SidebarDivider />
@@ -116,7 +115,6 @@ export const Root = ({
       >
         <SidebarSettings />
       </SidebarGroup>
-
     </Sidebar>
     {children}
   </SidebarPage>

diff --git a/plugins/orchestrator-backend/src/service/router.ts b/plugins/orchestrator-backend/src/service/router.ts
@@ -82,8 +82,10 @@ const authorize = async (
   return decision;
 };
 
-declare class UnauthorizedError extends NotAllowedError {
-  message: 'Unauthorized';
+export class UnauthorizedError extends NotAllowedError {
+  constructor() {
+    super('Unauthorized');
+  }
 }
 
 export async function createBackendRouter(

diff --git a/plugins/orchestrator/docs/Permissions.md b/plugins/orchestrator/docs/Permissions.md
@@ -31,3 +31,17 @@ g, user:default/guest, role:default/workflowViewer
 g, user:default/myOrgUser, role:default/workflowAdmin
 g, group:default/platformAdmins, role:default/worflowAdmin
 ```
+
+See https://casbin.org/docs/rbac for more information about casbin rules
+
+## Enable permissions
+
+To enable permissions, you need to add the following in the [app-config file](../../../app-config.yaml):
+
+```
+permission:
+  enabled: true
+  rbac:
+    policies-csv-file: <absolute path to the policy file>
+    policyFileReload: true
+```
diff --git a/plugins/orchestrator/src/components/WorkflowInstancePage.tsx b/plugins/orchestrator/src/components/WorkflowInstancePage.tsx
@@ -11,16 +11,17 @@ import {
   useRouteRef,
   useRouteRefParams,
 } from '@backstage/core-plugin-api';
+import { usePermission } from '@backstage/plugin-permission-react';
 
 import Button from '@mui/material/Button';
 import Grid from '@mui/material/Grid';
 
 import {
   AssessedProcessInstance,
+  orchestratorWorkflowExecutePermission,
   QUERY_PARAM_ASSESSMENT_INSTANCE_ID,
   QUERY_PARAM_INSTANCE_ID,
   QUERY_PARAM_INSTANCE_STATE,
-  orchestratorWorkflowExecutePermission,
 } from '@janus-idp/backstage-plugin-orchestrator-common';
 
 import { orchestratorApiRef } from '../api';
@@ -32,7 +33,6 @@ import { buildUrl } from '../utils/UrlUtils';
 import { BaseOrchestratorPage } from './BaseOrchestratorPage';
 import { InfoDialog } from './InfoDialog';
 import { WorkflowInstancePageContent } from './WorkflowInstancePageContent';
-import { usePermission } from '@backstage/plugin-permission-react';
 
 export type AbortConfirmationDialogActionsProps = {
   handleSubmit: () => void;
@@ -90,11 +90,10 @@ export const WorkflowInstancePage = ({
   const [isAbortAlertDialogOpen, setIsAbortAlertDialogOpen] = useState(false);
   const [abortWorkflowInstanceErrorMsg, setAbortWorkflowInstanceErrorMsg] =
     useState('');
-    const permittedToExecute = usePermission({
+  const permittedToExecute = usePermission({
     permission: orchestratorWorkflowExecutePermission,
   });
 
-
   const fetchInstance = React.useCallback(async () => {
     if (!instanceId && !queryInstanceId) {
       return undefined;
@@ -210,7 +209,7 @@ export const WorkflowInstancePage = ({
                     <Button
                       variant="contained"
                       color="primary"
-                      disabled={!permittedToExecute.allowed|| !canAbort}
+                      disabled={!permittedToExecute.allowed || !canAbort}
                       onClick={canAbort ? handleRerun : undefined}
                     >
                       Retrigger

diff --git a/plugins/orchestrator/src/components/WorkflowsTable.tsx b/plugins/orchestrator/src/components/WorkflowsTable.tsx
@@ -3,6 +3,7 @@ import { useNavigate } from 'react-router-dom';
 
 import { Link, TableColumn, TableProps } from '@backstage/core-components';
 import { useRouteRef } from '@backstage/core-plugin-api';
+import { usePermission } from '@backstage/plugin-permission-react';
 
 import Pageview from '@mui/icons-material/Pageview';
 import PlayArrow from '@mui/icons-material/PlayArrow';
@@ -25,7 +26,6 @@ import {
 } from '../routes';
 import OverrideBackstageTable from './ui/OverrideBackstageTable';
 import { WorkflowInstanceStatusIndicator } from './WorkflowInstanceStatusIndicator';
-import { usePermission } from '@backstage/plugin-permission-react';
 
 export interface WorkflowsTableProps {
   items: WorkflowOverview[];
@@ -139,14 +139,14 @@ export const WorkflowsTable = ({ items }: WorkflowsTableProps) => {
   );
 
   return (
-        !permittedToReadWorkflows && ( 
-        <OverrideBackstageTable<FormattedWorkflowOverview>
-          title="Workflows"
-          options={options}
-          columns={columns}
-          data={data}
-          actions={actions}
-        />
-        )
+    permittedToReadWorkflows && (
+      <OverrideBackstageTable<FormattedWorkflowOverview>
+        title="Workflows"
+        options={options}
+        columns={columns}
+        data={data}
+        actions={actions}
+      />
+    )
   );
 };