Handle roles passed from the auth backend
Handle roles passed from the auth-backend.
To test with the frontend:
- create
.env
and add:
# for GitLab
...
GEOWEB_ROLE_CLAIM_NAME="groups"
GEOWEB_ROLE_CLAIM_VALUE_PRESETS_ADMIN="opengeoweb/internal/presets-admins"
or
# for KNMI test Cognito
...
"GW_AUTH_ROLE_CLAIM_NAME": "cognito:groups",
"GW_AUTH_ROLE_PRESETS_ADMIN_CLAIM_VALUE": "administrators"
- run preset-backend with auth-backend
docker compose --file=docker-compose.yml up --build
- run frontend locally with
nx serve
, configure it to use local presets-backend started in the previous step and log in - check the headers returned by the preset-backend in
GET /workspacepreset
request
Test updating and deleting system presets
- run preset-backend with auth-backend
docker compose --file=docker-compose.yml up --build
- try with a user (access token) that is/is not a member of your security group required by the presets admin role
METNorwayTimeseriesPreset
system preset
1. get - get access token from the network tab of your browser
- update your presets-backend port if needed
export token="<add_your_access_token_here>"
curl -kL --location 'http://localhost:80/workspacepreset/METNorwayTimeseriesPreset' --header "Authorization: Bearer $(printenv token)"
METNorwayTimeseriesPreset
system preset
2. try updating the curl -kL --location --request PUT 'http://localhost:80/workspacepreset/METNorwayTimeseriesPreset' --header "Authorization: Bearer $(printenv token)" --header "Content-Type: application/json" --data '{"id":"METNorwayTimeseriesPreset","title":"Timeseries Met Norway (updated title) (updated2)","scope":"system","abstract":"","viewType":"singleWindow","views":[{"mosaicNodeId":"viewA","viewPresetId":"airmet"}],"syncGroups":[],"mosaicNode":"viewA"}'
METNorwayTimeseriesPreset
system preset
3. try deleting the curl -kL --location --request DELETE 'http://localhost:80/workspacepreset/METNorwayTimeseriesPreset' --header "Authorization: Bearer $(printenv token)"
Updating and deleting system presets should only succeed if your user has the role ROLE_PRESET_ADMIN
(is a member of your security group)
Closes #55 (closed)