feat(rbac): support for adding conditional permissions

Author: divyanshiGupta

packages/backend/package.json

@@ -38,7 +38,7 @@
     "@backstage/plugin-search-backend-module-pg": "^0.5.25",
     "@backstage/plugin-search-backend-node": "^1.2.20",
     "@backstage/plugin-techdocs-backend": "^1.10.3",
-    "@janus-idp/backstage-plugin-rbac-backend": "^2.4.1",
+    "@janus-idp/backstage-plugin-rbac-backend": "^2.7.0",
     "@backstage/plugin-catalog-backend-module-scaffolder-entity-model": "^0.1.14",
     "@backstage/plugin-search-backend-module-catalog": "^0.1.21",
     "@backstage/plugin-search-backend-module-techdocs": "^0.1.21",

plugins/rbac/package.json

@@ -31,6 +31,7 @@
     "@backstage/core-plugin-api": "^1.9.1",
     "@backstage/plugin-catalog": "^1.18.2",
     "@backstage/plugin-catalog-common": "^1.0.22",
+    "@backstage/plugin-permission-common": "^0.7.13",
     "@backstage/plugin-permission-react": "^0.4.21",
     "@backstage/theme": "^0.5.2",
     "@janus-idp/backstage-plugin-rbac-common": "1.4.1",
@@ -40,6 +41,10 @@
     "@material-ui/lab": "^4.0.0-alpha.45",
     "@mui/icons-material": "5.14.11",
     "@mui/material": "^5.14.18",
+    "@rjsf/core": "^5.18.2",
+    "@rjsf/mui": "^5.18.2",
+    "@rjsf/utils": "^5.18.2",
+    "@rjsf/validator-ajv8": "^5.18.2",
     "autosuggest-highlight": "^3.3.4",
     "formik": "^2.4.5",
     "react-use": "^17.4.0",

plugins/rbac/src/api/RBACBackendClient.ts

@@ -10,7 +10,7 @@ import {
   RoleBasedPolicy,
 } from '@janus-idp/backstage-plugin-rbac-common';
 
-import { MemberEntity, RoleError } from '../types';
+import { MemberEntity, RoleBasedConditions, RoleError } from '../types';
 import { getKindNamespaceName } from '../utils/rbac-utils';
 
 // @public
@@ -38,6 +38,9 @@ export type RBACAPI = {
     polices: RoleBasedPolicy[],
   ) => Promise<RoleError | Response>;
   getPluginsConditionRules: () => Promise<any | Response>;
+  createConditionalPermission: (
+    conditionalPermission: RoleBasedConditions,
+  ) => Promise<RoleError | Response>;
 };
 
 export type Options = {
@@ -331,4 +334,27 @@ export class RBACBackendClient implements RBACAPI {
     }
     return jsonResponse.json();
   }
+
+  async createConditionalPermission(
+    conditionalPermission: RoleBasedConditions,
+  ) {
+    const { token: idToken } = await this.identityApi.getCredentials();
+    const backendUrl = this.configApi.getString('backend.baseUrl');
+    const jsonResponse = await fetch(
+      `${backendUrl}/api/permission/roles/conditions`,
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          Accept: 'application/json',
+          ...(idToken && { Authorization: `Bearer ${idToken}` }),
+        },
+        body: JSON.stringify(conditionalPermission),
+      },
+    );
+    if (jsonResponse.status !== 200 && jsonResponse.status !== 201) {
+      return jsonResponse.json();
+    }
+    return jsonResponse;
+  }
 }

plugins/rbac/src/components/ConditionalAccess/ConditionalAccessSidebar.tsx

@@ -3,14 +3,16 @@ import React from 'react';
 import { makeStyles } from '@material-ui/core';
 import CloseIcon from '@mui/icons-material/Close';
 import Box from '@mui/material/Box';
-import Button from '@mui/material/Button';
 import Drawer from '@mui/material/Drawer';
 import IconButton from '@mui/material/IconButton';
 import Typography from '@mui/material/Typography';
 
+import { ConditionsForm } from './ConditionsForm';
+import { ConditionsData } from './types';
+
 const useDrawerStyles = makeStyles(() => ({
   paper: {
-    width: '40%',
+    width: '50%',
     gap: '3%',
   },
 }));
@@ -27,39 +29,32 @@ const useDrawerContentStyles = makeStyles(theme => ({
     flexDirection: 'row',
     justifyContent: 'space-between',
     alignItems: 'baseline',
-    borderBottom: `2px solid ${theme.palette.border}`,
     padding: theme.spacing(2.5),
+    fontFamily: theme.typography.fontFamily,
   },
-  body: {
-    padding: theme.spacing(2.5),
-    paddingTop: theme.spacing(1),
-    paddingBottom: theme.spacing(1),
-    flexGrow: 1,
-  },
-  footer: {
-    display: 'flex',
-    flexDirection: 'row',
-    gap: '15px',
-    alignItems: 'baseline',
-    borderTop: `2px solid ${theme.palette.border}`,
-    padding: theme.spacing(2.5),
+  headerSubtitle: {
+    fontWeight: 400,
   },
 }));
 
 type ConditionalAccessSidebarProps = {
   open: boolean;
   onClose: () => void;
-  selPlugin: string;
-  rules?: any;
-  error?: Error;
+  onRemoveAll: () => void;
+  onSave: (conditions: ConditionsData) => void;
+  selPluginResourceType: string;
+  conditionRulesData?: any;
+  conditionsFormVal?: ConditionsData;
 };
 
 export const ConditionalAccessSidebar = ({
   open,
   onClose,
-  selPlugin,
-  rules,
-  error,
+  onSave,
+  onRemoveAll,
+  selPluginResourceType,
+  conditionRulesData,
+  conditionsFormVal,
 }: ConditionalAccessSidebarProps) => {
   const classes = useDrawerStyles();
   const contentClasses = useDrawerContentStyles();
@@ -75,10 +70,18 @@ export const ConditionalAccessSidebar = ({
       <Box className={contentClasses.sidebar}>
         <Box className={contentClasses.header}>
           <Typography variant="h5">
-            <span style={{ fontWeight: '500' }}>
-              Conditional access for the
-            </span>{' '}
-            {selPlugin} plugin
+            <span style={{ fontWeight: '500' }}>Configure access for the</span>{' '}
+            {selPluginResourceType}
+            <Typography
+              variant="subtitle2"
+              className={contentClasses.headerSubtitle}
+              align="left"
+            >
+              By default, the selected resource type will be visible to the
+              chosen users in step two. If you want to restrict or grant
+              permission to specific plugin rules, select them and add the
+              parameters.
+            </Typography>
           </Typography>
           <IconButton
             key="dismiss"
@@ -89,30 +92,14 @@ export const ConditionalAccessSidebar = ({
             <CloseIcon fontSize="small" />
           </IconButton>
         </Box>
-        <Box className={contentClasses.body}>
-          {rules ? (
-            <>
-              <Typography variant="body2">Rules</Typography>
-              <ul>
-                {rules.map((rule: any) => (
-                  <li key={rule.name}>{rule.name}</li>
-                ))}
-              </ul>
-            </>
-          ) : (
-            <Typography variant="body2">
-              {error ? error.message : 'No rules found'}
-            </Typography>
-          )}
-        </Box>
-        <Box className={contentClasses.footer}>
-          <Button variant="contained" disabled>
-            Save
-          </Button>{' '}
-          <Button variant="outlined" onClick={onClose}>
-            Cancel
-          </Button>
-        </Box>
+        <ConditionsForm
+          conditionRulesData={conditionRulesData}
+          selPluginResourceType={selPluginResourceType}
+          conditionsFormVal={conditionsFormVal}
+          onClose={onClose}
+          onSave={onSave}
+          onRemoveAll={onRemoveAll}
+        />
       </Box>
     </Drawer>
   );

plugins/rbac/src/components/ConditionalAccess/ConditionsForm.tsx

@@ -0,0 +1,95 @@
+import React from 'react';
+
+import { makeStyles } from '@material-ui/core';
+import Box from '@mui/material/Box';
+import Button from '@mui/material/Button';
+
+import { ConditionsFormRow } from './ConditionsFormRow';
+import { ConditionsData } from './types';
+
+const useStyles = makeStyles(theme => ({
+  form: {
+    padding: theme.spacing(2.5),
+    paddingTop: theme.spacing(1),
+    paddingBottom: theme.spacing(1),
+    flexGrow: 1,
+  },
+  addConditionButton: {
+    color: theme.palette.primary.light,
+  },
+  footer: {
+    display: 'flex',
+    flexDirection: 'row',
+    gap: '15px',
+    alignItems: 'baseline',
+    borderTop: `2px solid ${theme.palette.border}`,
+    padding: theme.spacing(2.5),
+  },
+}));
+
+export const ConditionsForm = ({
+  conditionRulesData,
+  selPluginResourceType,
+  conditionsFormVal,
+  onClose,
+  onSave,
+  onRemoveAll,
+}: {
+  conditionRulesData?: any;
+  conditionsFormVal?: ConditionsData;
+  selPluginResourceType: string;
+  onClose: () => void;
+  onSave: (conditions: ConditionsData) => void;
+  onRemoveAll: () => void;
+}) => {
+  const classes = useStyles();
+  const [conditions, setConditions] = React.useState<ConditionsData>(
+    conditionsFormVal ?? {
+      condition: {
+        rule: '',
+        resourceType: selPluginResourceType,
+        params: {},
+      },
+    },
+  );
+  return (
+    <>
+      <Box className={classes.form}>
+        <ConditionsFormRow
+          conditionRulesData={conditionRulesData}
+          conditionRow={conditions}
+          selPluginResourceType={selPluginResourceType}
+          onRuleChange={newCondition => setConditions(newCondition)}
+        />
+      </Box>
+      <Box className={classes.footer}>
+        <Button
+          variant="contained"
+          onClick={() => {
+            onSave(conditions);
+          }}
+        >
+          Save
+        </Button>
+        <Button variant="outlined" onClick={onClose}>
+          Cancel
+        </Button>
+        <Button
+          variant="text"
+          onClick={() => {
+            onRemoveAll();
+            setConditions({
+              condition: {
+                rule: '',
+                resourceType: selPluginResourceType,
+                params: {},
+              },
+            });
+          }}
+        >
+          Remove all
+        </Button>
+      </Box>
+    </>
+  );
+};