Skip to content

Handle roles passed from the auth backend

Kristian Harju requested to merge 55-handle-roles-passed-from-auth-backend into main

Handle roles passed from the auth-backend.

To test with the frontend:
  • create .env and add:
# for GitLab
...
GEOWEB_ROLE_CLAIM_NAME="groups"
GEOWEB_ROLE_CLAIM_VALUE_PRESETS_ADMIN="opengeoweb/internal/presets-admins"

or

# for KNMI test Cognito
...
"GW_AUTH_ROLE_CLAIM_NAME": "cognito:groups",
"GW_AUTH_ROLE_PRESETS_ADMIN_CLAIM_VALUE": "administrators"
  • run preset-backend with auth-backend docker compose --file=docker-compose.yml up --build
  • run frontend locally with nx serve, configure it to use local presets-backend started in the previous step and log in
  • check the headers returned by the preset-backend in GET /workspacepreset request

Capture

Test updating and deleting system presets
  • run preset-backend with auth-backend docker compose --file=docker-compose.yml up --build
  • try with a user (access token) that is/is not a member of your security group required by the presets admin role
1. get METNorwayTimeseriesPreset system preset
  • get access token from the network tab of your browser
  • update your presets-backend port if needed

export token="<add_your_access_token_here>"

curl -kL --location 'http://localhost:80/workspacepreset/METNorwayTimeseriesPreset' --header "Authorization: Bearer $(printenv token)"

2. try updating the METNorwayTimeseriesPreset system preset

curl -kL --location --request PUT 'http://localhost:80/workspacepreset/METNorwayTimeseriesPreset' --header "Authorization: Bearer $(printenv token)" --header "Content-Type: application/json" --data '{"id":"METNorwayTimeseriesPreset","title":"Timeseries Met Norway (updated title) (updated2)","scope":"system","abstract":"","viewType":"singleWindow","views":[{"mosaicNodeId":"viewA","viewPresetId":"airmet"}],"syncGroups":[],"mosaicNode":"viewA"}'

3. try deleting the METNorwayTimeseriesPreset system preset

curl -kL --location --request DELETE 'http://localhost:80/workspacepreset/METNorwayTimeseriesPreset' --header "Authorization: Bearer $(printenv token)"

Updating and deleting system presets should only succeed if your user has the role ROLE_PRESET_ADMIN (is a member of your security group)

Closes #55 (closed)

Edited by Kristian Harju

Merge request reports