🥳🍾 First Manage PdP Policy created from access

Disclaimer: from localhost

Author: oharsta

client/src/api/index.js

@@ -243,15 +243,19 @@ export function privacy() {
 }
 
 export function newPolicy(policy) {
-    return postPutJson("/api/v1/manage", policy, "POST");
+    return postPutJson("/api/v1/manage/policies", policy, "POST");
 }
 
 export function updatePolicy(policy) {
-    return postPutJson("/api/v1/manage", policy, "PUT");
+    return postPutJson("/api/v1/manage/policies", policy, "PUT");
+}
+
+export function uniquePolicyName(name) {
+    return postPutJson("/api/v1/manage/unique-policy-name", {name:name}, "POST");
 }
 
 export function deletePolicy(policy) {
-    return fetchDelete(`/api/v1/manage/${policy.id}`);
+    return fetchDelete(`/api/v1/manage/policies/${policy.id}`);
 }
 
 export function allowedAttributes() {

client/src/locale/en.js

@@ -1003,11 +1003,13 @@ const en = {
     },
     profile: {
         title: "Profile",
-        info: "Your account was created on {{createdAt}}",
+        info: "Your account was created on {{createdAt}}, and your last activity was on {{lastActivity}}",
         name: "Name",
         email: "Mail",
         eduPersonPrincipalName: "EPPN",
         schacHomeOrganization: "Institution identifier",
+        authenticatingAuthority: "Identity provider",
+        loaLevel: "Level of Assurance",
         superUser: "Congrats🥳, your are a super user",
         institutionAdmin: "Congrats🥳, your are an institution admin of {{orgName}}",
         delete: "Delete",
@@ -1048,7 +1050,7 @@ const en = {
     },
     appAccess: {
         title: "Central Access",
-        users: "User from {{name}}",
+        users: "Users from {{name}}",
         requestedAccessNotification: "You have requested access to this application. If the supplier (SP) approves this, you can manage access to the app below. Still don't want to connect?",
         cancelRequest: "Cancel the request.",
         cancelRequestTitle: "Cancel the request.",
@@ -1075,6 +1077,9 @@ const en = {
         noPolicies: "No authorization rules have been configured yet",
         newPolicy: "New authorization rule",
         targetGroup: "Target group",
+        duplicateName: "Name {{name}} is already taken, please pick a different name.",
+        description: "Description",
+        placeholderDescription: "Describe the implications of this policy rule",
         placeholderTargetGroup: "Give the rule a logical name",
         allowDeny: "Allow or deny access?",
         denyRuleTooltip: "Permit policies enforce that only a successful match of the attributes defined will result in a Permit. No match will result in a Deny<br/><br/>Deny policies are less common to use. If the attributes in the policy match those of the person trying to log in then this will result in a Deny. No match will result in a Permit.",

client/src/pages/ApplicationDetail.jsx

@@ -168,6 +168,17 @@ const ApplicationDetail = ({anonymous, refreshUser}) => {
         return <Loader/>
     }
 
+    const refreshPolicies = () => {
+        setLoading(true);
+        getPolicyByServiceProviderEntityId(serviceProvider.data.entityid)
+            .then(res => {
+                setPolicies(res);
+                setShowPolicyOverview(true);
+                setShowNewPolicy(false);
+                setLoading(false);
+            })
+    }
+
     const externalLink = (link, metaData, index) => {
         const attribute = link.languageProperty ?
             (I18n.locale === "en" ? metaData[`${link.metaData}:en`] : metaData[`${link.metaData}:nl`] || metaData[`${link.metaData}:en`]) :
@@ -353,6 +364,9 @@ const ApplicationDetail = ({anonymous, refreshUser}) => {
                         <PolicyForm backToAccess={() => setShowNewPolicy(false)}
                                     policy={currentPolicy}
                                     setPolicy={setCurrentPolicy}
+                                    isExistingPolicy={false}
+                                    originalName={null}
+                                    refreshPolicies={refreshPolicies}
                         />
                     }
                     {showPolicyOverview &&

client/src/pages/Profile.jsx

@@ -82,7 +82,10 @@ const Profile = ({setIsAuthenticated}) => {
                 </div>
                 <p dangerouslySetInnerHTML={{
                     __html: DOMPurify.sanitize(I18n.t("profile.info",
-                        {createdAt: dateFromEpoch(user.createdAt)}))
+                        {
+                            createdAt: dateFromEpoch(user.createdAt),
+                            lastActivity: dateFromEpoch(user.lastActivity)
+                        }))
                 }}/>
             </div>
             <div className="profile">
@@ -92,13 +95,14 @@ const Profile = ({setIsAuthenticated}) => {
                     />
                 }
                 {user.institutionAdmin &&
-                    <InputField name={I18n.t("profile.institutionAdmin", {orgName: providerName(I18n.locale, user.identityProvider)})}
-                                noInput={true}
+                    <InputField
+                        name={I18n.t("profile.institutionAdmin", {orgName: providerName(I18n.locale, user.identityProvider)})}
+                        noInput={true}
                     />
                 }
                 <div className="user-container">
                     <h5>{I18n.t("profile.attributes")}</h5>
-                    {["name", "eduPersonPrincipalName", "email", "schacHomeOrganization"]
+                    {["name", "eduPersonPrincipalName", "email", "schacHomeOrganization", "authenticatingAuthority"]
                         .map((attr, index) =>
                             <Fragment key={index}>
                                 <InputField name={I18n.t(`profile.${attr}`)}
@@ -107,6 +111,24 @@ const Profile = ({setIsAuthenticated}) => {
                                 />
                             </Fragment>
                         )}
+                    {externalUser &&
+                        <div className="multi-list">
+                            <div className="external-user-container">
+                                <p>{I18n.t("profile.externalUser")}</p>
+                                <Tooltip tip={I18n.t("profile.externalUserTooltip")}/>
+                            </div>
+                            <Checkbox value={externalUser}
+                                      readOnly={true}/>
+                        </div>}
+                    {!externalUser &&
+                        <div className="multi-list">
+                            <div className="external-user-container">
+                                <p>{I18n.t("profile.internalUser")}</p>
+                                <Tooltip tip={I18n.t("profile.internalUserTooltip")}/>
+                            </div>
+                            <Checkbox value={!externalUser}
+                                      readOnly={true}/>
+                        </div>}
 
                     {!isEmpty(user.organizationMemberships) &&
                         <div className="multi-list">
@@ -121,6 +143,7 @@ const Profile = ({setIsAuthenticated}) => {
                                 )}
                             </ul>
                         </div>}
+
                     {!isEmpty(applicationMemberships) &&
                         <div className="multi-list">
                             <p>{I18n.t(`profile.application${applicationMemberships.length > 1 ? "Multiple" : ""}`)}</p>
@@ -134,24 +157,6 @@ const Profile = ({setIsAuthenticated}) => {
                                 )}
                             </ul>
                         </div>}
-                    {externalUser &&
-                        <div className="multi-list">
-                        <div className="external-user-container">
-                            <p>{I18n.t("profile.externalUser")}</p>
-                            <Tooltip tip={I18n.t("profile.externalUserTooltip")}/>
-                        </div>
-                        <Checkbox value={externalUser}
-                                  readOnly={true}/>
-                    </div>}
-                    {!externalUser &&
-                        <div className="multi-list">
-                            <div className="external-user-container">
-                                <p>{I18n.t("profile.internalUser")}</p>
-                                <Tooltip tip={I18n.t("profile.internalUserTooltip")}/>
-                            </div>
-                            <Checkbox value={!externalUser}
-                                      readOnly={true}/>
-                        </div>}
                 </div>
                 <div className="delete-container">
                     <Button onClick={e => doDelete(e, true)}

client/src/policies/PolicyForm.jsx

@@ -5,17 +5,18 @@ import I18n from "../locale/I18n.js";
 import InputField from "../components/InputField.jsx";
 import {useAppStore} from "../stores/AppStore.js";
 import {useShallow} from "zustand/react/shallow";
-import {allowedAttributes, newPolicy, updatePolicy} from "../api/index.js";
+import {allowedAttributes, newPolicy, uniquePolicyName, updatePolicy} from "../api/index.js";
 import {isEmpty} from "../utils/Utils.js";
 import ErrorIndicator from "../components/ErrorIndicator.jsx";
 import SelectField from "../components/SelectField.jsx";
+import {defaultAttributes, flatMapByValues} from "../utils/Policy.js";
 
 
-export const PolicyForm = ({backToAccess, policy, setPolicy}) => {
+export const PolicyForm = ({backToAccess, policy, setPolicy, isExistingPolicy, originalName, refreshPolicies}) => {
 
-    const [allAllowedAttributes, setAllAllowedAttributes] = useState(null);
+    const [allAllowedAttributes, setAllAllowedAttributes] = useState([]);
     const [initial, setInitial] = useState(true);
-
+    const [duplicatePolicyName, setDuplicatePolicyName] = useState(false);
     const required = ["name", "denyAdvice", "denyAdviceNl"];
 
     const {setFlash} = useAppStore(useShallow(state => ({
@@ -36,32 +37,98 @@ export const PolicyForm = ({backToAccess, policy, setPolicy}) => {
     const submit = () => {
         setInitial(false);
         if (isValid()) {
-            const promise = policy.id ? updatePolicy : newPolicy;
-            promise(policy).then(res => {
-                setPolicy(res);
-                setFlash(I18n.t(`appAccess.flash.${policy.id ? "updated" : "created"}`, {name: res.name}));
+            const promise = isExistingPolicy ? updatePolicy : newPolicy;
+            //We need to destructure the attributes with multiple values, to single attribute / value pairs
+            policy.attributes = flatMapByValues(policy.attributes);
+            if (!isExistingPolicy) {
+                policy.entityid = crypto.randomUUID();
+            }
+            promise(policy)
+                .then(res => {
+                    setFlash(I18n.t(`appAccess.flash.${isExistingPolicy ? "updated" : "created"}`, {name: res.name}));
+                    refreshPolicies();
+                });
+        }
+    }
+
+    const attributeSelected = (option, index) => {
+        const newAttributes = [...policy.attributes];
+        newAttributes[index] = {name: option.value, value: []};
+        setPolicy({...policy, attributes: newAttributes})
+    }
+
+    const attributeDeleted = index => {
+        const newAttributes = policy.attributes.filter((item, i) => i !== index);
+        setPolicy({...policy, attributes: defaultAttributes(newAttributes)})
+    }
+
+    const attributeValueChanged = (value, index) => {
+        const newAttributes = [...policy.attributes];
+        const attribute = newAttributes[index];
+        attribute.value = value;
+        setPolicy({...policy, attributes: newAttributes});
+    }
+
+    const denyRuleToggle = val => {
+        const denyRule = val === "deny";
+        const newAttributes = denyRule ? policy.attributes
+                .filter(attr => allAllowedAttributes.some(option => option.allowedInDenyRule && option.value === attr.name))
+            : [...policy.attributes];
+        setPolicy({...policy, denyRule: denyRule, attributes: defaultAttributes(newAttributes)});
+    }
+
+    const policyNameChanged = e => {
+        const name = e.target.value.trim();
+        setPolicy({...policy, name: name});
+        setDuplicatePolicyName(false);
+    }
+
+    const validatePolicyName = e => {
+        const name = e.target.value.trim();
+        //empty is handled by required
+        if (!isEmpty(name) && name !== originalName) {
+            uniquePolicyName(name).then(res => {
+                setDuplicatePolicyName(res.length > 0);
             })
         }
     }
 
+
     return (
         <div className="policy-form-container">
             <div className="policy-form">
                 <InputField name={I18n.t("appAccess.targetGroup")}
                             value={policy.name}
                             required={true}
-                            error={!initial && isEmpty(policy.name)}
+                            onBlur={validatePolicyName}
+                            error={!initial && isEmpty(policy.name) || duplicatePolicyName}
                             placeholder={I18n.t("appAccess.placeholderTargetGroup")}
-                            onChange={e => setPolicy({...policy, name: e.target.value})}
+                            onChange={policyNameChanged}
                 />
                 {(!initial && isEmpty(policy.name)) &&
-                    <ErrorIndicator msg={I18n.t("forms.required", {name: I18n.t("appAccess.targetGroup")})}/>}
+                    <ErrorIndicator adjustMargin={true}
+                                    msg={I18n.t("forms.required", {name: I18n.t("appAccess.targetGroup")})}/>}
+                {duplicatePolicyName &&
+                    <ErrorIndicator adjustMargin={true} msg={I18n.t("appAccess.duplicateName", {name: policy.name})}/>}
+
+                <InputField name={I18n.t("appAccess.description")}
+                            value={policy.description}
+                            required={true}
+                            multiline={true}
+                            error={!initial && isEmpty(policy.description)}
+                            placeholder={I18n.t("appAccess.placeholderDescription")}
+                            onChange={e => setPolicy({...policy, description: e.target.value})}
+                />
+                {(!initial && isEmpty(policy.description)) &&
+                    <ErrorIndicator adjustMargin={true}
+                                    msg={I18n.t("forms.required", {name: I18n.t("appAccess.description")})}/>}
+
                 <div className="row">
                     <div className="row-item">
                         <span className="label standalone">{I18n.t("appAccess.allowDeny")}
                             <Tooltip tip={I18n.t("appAccess.denyRuleTooltip")}/>
                         </span>
-                        <SegmentedControl onClick={val => setPolicy({...policy, denyRule: val === "deny"})}
+                        <SegmentedControl onClick={val => denyRuleToggle(val)}
                                           option={policy.denyRule ? "deny" : "allow"}
                                           options={["deny", "allow"]}
                                           optionLabelResolver={option => I18n.t(`appAccess.${option}`)}/>
@@ -78,23 +145,30 @@ export const PolicyForm = ({backToAccess, policy, setPolicy}) => {
                 </div>
                 <span className="label standalone">{I18n.t("appAccess.filters")}</span>
                 <div className="filters">
+                    <p>{JSON.stringify(policy.attributes)}</p>
                     {policy.attributes.map((attribute, index) =>
                         <div key={index} className="attribute">
-                            <SelectField name={I18n.t("appAccess.attribute")}
-                                         placeholder={I18n.t("appAccess.attributePlaceholder")}
-                                         value={attribute.name}
-                                         required={true}
-                                         onChange={val => {
-                                             console.log("attribute  " + JSON.stringify(val))
-                                         }}
-                                         options={allAllowedAttributes}/>
+                            <div className="attribute-name-wrapper">
+                                <SelectField name={I18n.t("appAccess.attribute")}
+                                             placeholder={I18n.t("appAccess.attributePlaceholder")}
+                                             value={allAllowedAttributes.find(attr => attr.value === attribute.name)}
+                                             required={true}
+                                             onChange={option => attributeSelected(option, index)}
+                                             options={policy.denyRule ? allAllowedAttributes
+                                                 .filter(option => option.allowedInDenyRule) : allAllowedAttributes}/>
+                                {(!isEmpty(attribute.name) && !isEmpty(attribute.value)) &&
+                                    <Button type={ButtonType.Delete}
+                                            onClick={() => attributeDeleted(index)}
+                                    />
+                                }
+                            </div>
                             <SelectField name={I18n.t("appAccess.permittedValues")}
                                          value={attribute.value}
                                          creatable={true}
                                          required={true}
                                          error={!initial && isEmpty(attribute.value)}
                                          placeholder={I18n.t("appAccess.permittedValuesPlaceholder")}
-                                         onChange={e => console.log("value" + JSON.stringify(e))}
+                                         onChange={values => attributeValueChanged(values, index)}
                             />
                         </div>)}
 
@@ -107,7 +181,8 @@ export const PolicyForm = ({backToAccess, policy, setPolicy}) => {
                             onChange={e => setPolicy({...policy, denyAdvice: e.target.value})}
                 />
                 {(!initial && isEmpty(policy.denyAdvice)) &&
-                    <ErrorIndicator msg={I18n.t("forms.required", {name: I18n.t("appAccess.denyEn")})}/>}
+                    <ErrorIndicator adjustMargin={true}
+                                    msg={I18n.t("forms.required", {name: I18n.t("appAccess.denyEn")})}/>}
 
                 <InputField name={I18n.t("appAccess.denyNl")}
                             value={policy.denyAdviceNl}
@@ -117,7 +192,8 @@ export const PolicyForm = ({backToAccess, policy, setPolicy}) => {
                             onChange={e => setPolicy({...policy, denyAdviceNl: e.target.value})}
                 />
                 {(!initial && isEmpty(policy.denyAdviceNl)) &&
-                    <ErrorIndicator msg={I18n.t("forms.required", {name: I18n.t("appAccess.denyNl")})}/>}
+                    <ErrorIndicator adjustMargin={true}
+                                    msg={I18n.t("forms.required", {name: I18n.t("appAccess.denyNl")})}/>}
 
             </div>
             <div className="actions">
@@ -127,7 +203,7 @@ export const PolicyForm = ({backToAccess, policy, setPolicy}) => {
                 <Button type={ButtonType.Primary}
                         onClick={() => submit()}
                         disabled={!initial && !isValid()}
-                        txt={I18n.t(`appAccess.${policy.id ? "submitExisting" : "submitNew"}`)}/>
+                        txt={I18n.t(`appAccess.${isExistingPolicy ? "submitExisting" : "submitNew"}`)}/>
             </div>
         </div>
     );