460 rbac apply policy checks (#13)

* 460 Adds policy checks for the navigation and its pages

* 460 Applies Pages policies

* 460 Updates env vars in the example files

Author: ricardovdheijden

.env.example

@@ -16,6 +16,9 @@ NEXTAUTH_ISSUER="http://localhost:8085/realms/orchestrator"
 NEXTAUTH_WELL_KNOWN_OVERRIDE="http://localhost:8085/auth/.well-known/openid-configuration"
 NEXTAUTH_URL=http://localhost:3000/api/auth
 
+OPA_PUBLIC_BUNDLE_URL="https://localhost/api/v1/opa/public-bundle"
+OPA_CLIENT_ID="orchestrator-client"
+
 # docker-compose variables
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD=admin

pages/metadata/index.tsx

@@ -1,7 +1,21 @@
+import React from 'react';
+
 import { useRouter } from 'next/router';
 
+import {
+    PolicyResource,
+    WfoPageUnauthorized,
+    usePolicy,
+} from '@orchestrator-ui/orchestrator-ui-components';
+
 export const IndexPage = () => {
     const router = useRouter();
+    const { isAllowed } = usePolicy();
+
+    if (!isAllowed(PolicyResource.NAVIGATION_METADATA)) {
+        return <WfoPageUnauthorized />;
+    }
+
     router.push('/metadata/products');
 };
 

pages/subscriptions/index.tsx

@@ -1,7 +1,17 @@
 import React from 'react';
 
-import { WfoSubscriptionsListPage } from '@orchestrator-ui/orchestrator-ui-components';
+import {
+    PolicyResource,
+    WfoPolicyRenderPageFallback,
+    WfoSubscriptionsListPage,
+} from '@orchestrator-ui/orchestrator-ui-components';
 
 export default function SubscriptionsPage() {
-    return <WfoSubscriptionsListPage />;
+    return (
+        <WfoPolicyRenderPageFallback
+            resource={PolicyResource.NAVIGATION_SUBSCRIPTIONS}
+        >
+            <WfoSubscriptionsListPage />
+        </WfoPolicyRenderPageFallback>
+    );
 }

pages/tasks/index.tsx

@@ -1,9 +1,17 @@
 import React from 'react';
 
-import { WfoTasksListPage } from '@orchestrator-ui/orchestrator-ui-components';
+import {
+    PolicyResource,
+    WfoPolicyRenderPageFallback,
+    WfoTasksListPage,
+} from '@orchestrator-ui/orchestrator-ui-components';
 
 export function TasksPage() {
-    return <WfoTasksListPage />;
+    return (
+        <WfoPolicyRenderPageFallback resource={PolicyResource.NAVIGATION_TASKS}>
+            <WfoTasksListPage />
+        </WfoPolicyRenderPageFallback>
+    );
 }
 
 export default TasksPage;

pages/workflows/index.tsx

@@ -1,7 +1,17 @@
 import React from 'react';
 
-import { WfoWorkflowsListPage } from '@orchestrator-ui/orchestrator-ui-components';
+import {
+    PolicyResource,
+    WfoPolicyRenderPageFallback,
+    WfoWorkflowsListPage,
+} from '@orchestrator-ui/orchestrator-ui-components';
 
 export default function WorkflowsPage() {
-    return <WfoWorkflowsListPage />;
+    return (
+        <WfoPolicyRenderPageFallback
+            resource={PolicyResource.NAVIGATION_WORKFLOWS}
+        >
+            <WfoWorkflowsListPage />
+        </WfoPolicyRenderPageFallback>
+    );
 }

tsconfig.json

@@ -3,16 +3,16 @@
     "compilerOptions": {
         "baseUrl": ".",
         "paths": {
-            "@/*": ["./*"],
+            "@/*": ["./*"]
         },
         "plugins": [
             {
-                "name": "next",
-            },
+                "name": "next"
+            }
         ],
         "strictNullChecks": true,
-        "jsx": "preserve",
+        "jsx": "preserve"
     },
     "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"],
-    "exclude": ["node_modules"],
+    "exclude": ["node_modules"]
 }