fix(rbac): fix bug with restart instance

Signed-off-by: Oleksandr Andriienko <[email protected]>
janus-idp · Jul 5, 2024 · 4b55043 · 4b55043
1 parent 77edf3a
commit 4b55043
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/plugins/rbac-backend/src/audit-log/audit-logger.ts b/plugins/rbac-backend/src/audit-log/audit-logger.ts
@@ -17,6 +17,7 @@ export const RoleEvents = {
   CREATE_ROLE: 'CreateRole',
   UPDATE_ROLE: 'UpdateRole',
   DELETE_ROLE: 'DeleteRole',
+  CREATE_OR_UPDATE_ROLE: 'CreateOrUpdateRole',
   GET_ROLE: 'GetRole',
 
   CREATE_ROLE_ERROR: 'CreateRoleError',

diff --git a/plugins/rbac-backend/src/service/permission-policy.ts b/plugins/rbac-backend/src/service/permission-policy.ts
@@ -78,7 +78,9 @@ const useAdminsFromConfig = async (
     const entityRef = admin.getString('name');
     validateEntityReference(entityRef);
 
-    addedGroupPolicies.set(entityRef, ADMIN_ROLE_NAME);
+    if (!(await enf.hasGroupingPolicy(...[entityRef, ADMIN_ROLE_NAME]))) {
+      addedGroupPolicies.set(entityRef, ADMIN_ROLE_NAME);
+    }
   }
 
   const adminRoleMeta =
@@ -108,7 +110,7 @@ const useAdminsFromConfig = async (
   await auditLogger.auditLog<RoleAuditInfo>({
     actorId: RBAC_BACKEND,
     message: `Created or updated role`,
-    eventName: RoleEvents.CREATE_ROLE,
+    eventName: RoleEvents.CREATE_OR_UPDATE_ROLE,
     metadata: {
       ...getAdminRoleMetadata(),
       members: addedRoleMembers.map(gp => gp[0]),