WIP for IdP policies

Author: oharsta

client/src/App.jsx

@@ -41,6 +41,7 @@ import MyOrganization from "./pages/MyOrganization.jsx";
 import ApplicationOverview from "./pages/ApplicationOverview.jsx";
 import Profile from "./pages/Profile.jsx";
 import {UserFeedbackWidget} from "./components/UserFeedbackWidget.jsx";
+import Policies from "./pages/Policies.jsx";
 
 const App = () => {
 
@@ -146,6 +147,7 @@ const App = () => {
                             <Route path="/refresh-route/:path" element={<RefreshRoute/>}/>
                             <Route path="/feedback" element={<Feedback/>}/>
                             <Route path="/idp/:organizationId" element={<MyOrganization refreshUser={refreshUser}/>}/>
+                            <Route path="/policies/:page?/:policyId?" element={<Policies/>}/>
                             <Route path="/authentication-switch" element={<AuthenticationSwitch/>}/>
                             <Route path="/accessible-apps" element={<ApplicationOverview accessible={true}/>}/>
                             <Route path="/catalogue" element={<ApplicationOverview accessible={false}/>}/>

client/src/api/index.js

@@ -225,6 +225,10 @@ export function getPolicyByServiceProviderEntityId(entityId) {
     return fetchJson(`/api/v1/manage/policies?entityId=${encodeURIComponent(entityId)}`);
 }
 
+export function getPolicyByIdentityProvider() {
+    return fetchJson("/api/v1/manage/identity-provider/policies");
+}
+
 export function uniqueEntityID(environment, entityID) {
     return postPutJson(`/api/v1/manage/unique-entity-id/${environment}`, {entityID: entityID}, "POST");
 }

client/src/locale/en.js

@@ -85,6 +85,7 @@ const en = {
         idp: "My organisation",
         users: "SURF Access users",
         applications: "Applications",
+        policies: "Policies",
         teams: "Teams",
         support: "Support",
         serviceDesk: "SURF Servicedesk",

client/src/policies/PolicyOverview.jsx

@@ -133,7 +133,6 @@ export const PolicyOverview = ({policies, backToAccess, policyDetails, refreshPo
                                              children={<TrashIcon onClick={() => doDeletePolicy(true, policy)}/>}/>
                                 </div>
                             </div>)}
-
                     </>}
                 </InfoBlock>
             </div>

client/src/utils/MenuItems.js

@@ -3,6 +3,7 @@ import LaptopIcon from "@surfnet/sds/icons/illustrative-icons/laptop.svg";
 import HierarchyIcon from "@surfnet/sds/icons/illustrative-icons/hierarchy.svg";
 import LaptopFloatIcon from "@surfnet/sds/icons/illustrative-icons/laptop-1.svg";
 import UserIcon from "@surfnet/sds/icons/functional-icons/id-2.svg";
+import PolicyIcon from "@surfnet/sds/icons/functional-icons/lock.svg";
 import ScreenIcon from "@surfnet/sds/icons/illustrative-icons/screen.svg";
 import HomeIcon from "@surfnet/sds/icons/illustrative-icons/home.svg";
 import ConnectedIcon from "@surfnet/sds/icons/illustrative-icons/connected.svg";
@@ -18,16 +19,20 @@ export const mainMenuItems = {
     idp: "idp",
     yourApps: "yourApps",
     catalogue: "catalogue",
+    policies: "policies",
     accessibleApps: "accessibleApps",
     invite: "invite",
     sram: "sram",
     serviceDesk: "serviceDesk",
     feedback: "feedback"
 }
 
-const doMenuItemsForUser = (user, currentOrganization) => {
+const doMenuItemsForUser = (user, currentOrganization, feedbackWidgetEnabled = useAppStore.getState().config.feedbackWidgetEnabled) => {
     //Every user has access to the home, catalogue and help menu items
     const newMenuItems = [mainMenuItems.home, mainMenuItems.catalogue, mainMenuItems.serviceDesk];
+    if (!feedbackWidgetEnabled) {
+        newMenuItems.push(mainMenuItems.feedback);
+    }
     const noOrganizationMemberships = isEmpty(user.organizationMemberships);
     if (noOrganizationMemberships) {
         return newMenuItems;
@@ -42,16 +47,22 @@ const doMenuItemsForUser = (user, currentOrganization) => {
     if (onlyGuest) {
         return newMenuItems;
     }
-    const isMemberOrAdmin = user.organizationMemberships
-        .some(m => [authorities.MEMBER, authorities.ADMIN].includes(m.authority) &&
+    const isMember = user.organizationMemberships
+        .some(m => authorities.MEMBER === m.authority &&
+            m.organization.id === currentOrganization.id);
+    const isAdmin = user.organizationMemberships
+        .some(m => authorities.ADMIN === m.authority &&
             m.organization.id === currentOrganization.id);
 
-    if (isMemberOrAdmin) {
+    if (isMember || isAdmin) {
         newMenuItems.push(mainMenuItems.users);
     }
     if (!user.externalUser) {
         newMenuItems.push(mainMenuItems.accessibleApps, mainMenuItems.idp, mainMenuItems.invite, mainMenuItems.sram);
     }
+    if ((isAdmin || user.superUser) && !isEmpty(currentOrganization.manageIdentifier)) {
+        newMenuItems.push(mainMenuItems.policies);
+    }
     return newMenuItems;
 }
 
@@ -122,6 +133,11 @@ export const allMenuGroups = [
                 path: "/users/organizationId",
                 Logo: UserIcon
             },
+            {
+                name: mainMenuItems.policies,
+                path: "/policies/overview",
+                Logo: PolicyIcon
+            },
         ]
     },
     {

client/src/utils/Policy.js

@@ -1,6 +1,6 @@
 import {isEmpty, splitListSemantically} from "./Utils.js";
 
-export const policyTemplate = (identityProviderEntityId, serviceProviderEntityId) => ({
+export const policyTemplate = (identityProviderEntityId, serviceProviderEntityId = null) => ({
     data: {
         active: true,
         allAttributesMustMatch: false,
@@ -13,7 +13,7 @@ export const policyTemplate = (identityProviderEntityId, serviceProviderEntityId
         identityProviderIds: [{name: identityProviderEntityId}],
         metaDataFields: {},
         name: "",
-        serviceProviderIds: [{name: serviceProviderEntityId}],
+        serviceProviderIds: isEmpty(serviceProviderEntityId) ? [] : [{name: serviceProviderEntityId}],
         type: "reg"
     },
     type: "policy"

server/src/main/java/access/api/ManageController.java

@@ -97,6 +97,17 @@ public ResponseEntity<List<Map<String, Object>>> identityProviders(@PathVariable
         return ResponseEntity.ok(providers);
     }
 
+    @SneakyThrows
+    @GetMapping("/identity-provider/policies")
+    @SuppressWarnings("unchecked")
+    public ResponseEntity<List<Map<String, Object>>> identityProviderPolicies(@Parameter(hidden = true) User user) {
+        LOG.debug("/identityProviderPolicies for " + user.getEmail());
+
+        confirmInstitutionAdmin(user);
+        List<Map<String, Object>> policies = this.manage.policiesByIdentityProvider(user.getAuthenticatingAuthority());
+        return ResponseEntity.ok(policies);
+    }
+
     @SneakyThrows
     @GetMapping("/policies")
     @SuppressWarnings("unchecked")

server/src/main/java/access/manage/LocalManage.java

@@ -264,6 +264,20 @@ public List<Map<String, Object>> policiesByServiceProvider(String identityProvid
                 .toList();
     }
 
+    @Override
+    public List<Map<String, Object>> policiesByIdentityProvider(String identityProviderEntityId) {
+        return this.allProviders.get(EntityType.policy).stream()
+                .filter(policy -> {
+                    Map<String, Object> data = getData(policy);
+                    List<Map<String, String>> identityProviderIds = (List<Map<String, String>>)
+                            data.getOrDefault("identityProviderIds", List.of());
+                    return identityProviderIds.stream()
+                                    .anyMatch(m -> m.get("name").equals(identityProviderEntityId));
+                })
+                .toList();
+    }
+
+
     @Override
     public Map<String, Object> createPolicy(Map<String, Object> policy) {
         String id = UUID.randomUUID().toString();

server/src/main/java/access/manage/Manage.java

@@ -49,6 +49,8 @@ public interface Manage {
     List<Map<String, Object>> policiesByServiceProvider(String identityProviderEntityId,
                                                         String serviceProviderEntityId);
 
+    List<Map<String, Object>> policiesByIdentityProvider(String identityProviderEntityId);
+
     Map<String, Object> createPolicy(Map<String, Object> policy);
 
     Map<String, Object> updatePolicy(Map<String, Object> policy);

server/src/main/java/access/manage/RemoteManage.java

@@ -1,7 +1,12 @@
 package access.manage;
 
 import access.exception.NotFoundException;
-import access.model.*;
+import access.model.Connection;
+import access.model.EntityType;
+import access.model.Environment;
+import access.model.Organization;
+import access.model.State;
+import access.model.User;
 import access.remote.RestTemplateFactory;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -370,6 +375,17 @@ public List<Map<String, Object>> policiesByServiceProvider(String identityProvid
         return restTemplate.postForEntity(url, query, List.class).getBody();
     }
 
+    @Override
+    public List<Map<String, Object>> policiesByIdentityProvider(String identityProviderEntityId) {
+        Map<String, Object> query = Map.of(
+                "data.identityProviderIds.name", identityProviderEntityId
+        );
+        RestTemplate restTemplate = environmentRestTemplate(Environment.PROD);
+        String url = String.format("%s/manage/api/internal/rawSearch/%s",
+                environmentUrl(Environment.PROD), EntityType.policy);
+        return restTemplate.postForEntity(url, query, List.class).getBody();
+    }
+
     @Override
     public Map<String, Object> createPolicy(Map<String, Object> policy) {
         RestTemplate restTemplate = environmentRestTemplate(Environment.PROD);