feat(rbac): make feature working after backstage update to 1.29.2

Signed-off-by: Oleksandr Andriienko <[email protected]>

Author: AndrienkoAleksandr

plugins/rbac-backend/src/plugin.ts

@@ -42,6 +42,7 @@ export const rbacPlugin = createBackendPlugin({
         permissions: coreServices.permissions,
         auth: coreServices.auth,
         httpAuth: coreServices.httpAuth,
+        userInfo: coreServices.userInfo,
       },
       async init({
         http,
@@ -52,6 +53,7 @@ export const rbacPlugin = createBackendPlugin({
         permissions,
         auth,
         httpAuth,
+        userInfo,
       }) {
         http.use(
           await PolicyBuilder.build(
@@ -63,6 +65,7 @@ export const rbacPlugin = createBackendPlugin({
               permissions,
               auth,
               httpAuth,
+              userInfo,
             },
             {
               getPluginIds: () =>

plugins/rbac-backend/src/service/permission-policy.ts

@@ -16,6 +16,7 @@ import {
 import {
   PermissionPolicy,
   PolicyQuery,
+  PolicyQueryUser,
 } from '@backstage/plugin-permission-node';
 
 import { Knex } from 'knex';
@@ -291,10 +292,9 @@ export class RBACPermissionPolicy implements PermissionPolicy {
 
   async handle(
     request: PolicyQuery,
-    identityResp?: BackstageIdentityResponse | undefined,
+    user?: PolicyQueryUser,
   ): Promise<PolicyDecision> {
-    const userEntityRef =
-      identityResp?.identity.userEntityRef ?? `user without entity`;
+    const userEntityRef = user?.info.userEntityRef ?? `user without entity`;
 
     let auditOptions = createPermissionEvaluationOptions(
       `Policy check for ${userEntityRef}`,
@@ -307,7 +307,7 @@ export class RBACPermissionPolicy implements PermissionPolicy {
       let status = false;
 
       const action = toPermissionAction(request.permission.attributes);
-      if (!identityResp) {
+      if (!user) {
         const msg = evaluatePermMsg(
           userEntityRef,
           AuthorizeResult.DENY,
@@ -330,10 +330,10 @@ export class RBACPermissionPolicy implements PermissionPolicy {
         const resourceType = request.permission.resourceType;
 
         // handle conditions if they are present
-        if (identityResp) {
+        if (user) {
           const conditionResult = await this.handleConditions(
             userEntityRef,
-            identityResp.identity.ownershipEntityRefs,
+            user.info.ownershipEntityRefs,
             request,
             roles,
           );

plugins/rbac-backend/src/service/policy-builder.ts

@@ -7,6 +7,7 @@ import {
   AuthService,
   HttpAuthService,
   LoggerService,
+  UserInfoService,
 } from '@backstage/backend-plugin-api';
 import { CatalogClient } from '@backstage/catalog-client';
 import { Config } from '@backstage/config';
@@ -40,6 +41,7 @@ export class PolicyBuilder {
       permissions: PermissionEvaluator;
       auth?: AuthService;
       httpAuth?: HttpAuthService;
+      userInfo: UserInfoService;
     },
     pluginIdProvider: PluginIdProvider = { getPluginIds: () => [] },
   ): Promise<Router> {
@@ -108,6 +110,7 @@ export class PolicyBuilder {
       logger: env.logger,
       discovery: env.discovery,
       identity: env.identity,
+      userInfo: env.userInfo,
       policy: await RBACPermissionPolicy.build(
         env.logger,
         defAuditLog,