From f3414dbf60035a37bbd875e6bdd0ce15ce12a471 Mon Sep 17 00:00:00 2001 From: Pavindu Lakshan Date: Tue, 30 Apr 2024 14:49:24 +0530 Subject: [PATCH 1/2] Prevent editing, deleting and assigning groups/users to system roles --- .../components/edit-role/edit-role.tsx | 7 ++++--- features/admin.roles.v2/components/role-list.tsx | 14 ++++++++++---- modules/core/src/models/roles.ts | 1 + 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/features/admin.roles.v2/components/edit-role/edit-role.tsx b/features/admin.roles.v2/components/edit-role/edit-role.tsx index 7e2c55a8ba0..52ec31b13bd 100644 --- a/features/admin.roles.v2/components/edit-role/edit-role.tsx +++ b/features/admin.roles.v2/components/edit-role/edit-role.tsx @@ -81,9 +81,10 @@ export const EditRole: FunctionComponent = (props: EditRoleProps) const isReadOnly: boolean = useMemo(() => { return !isFeatureEnabled(featureConfig, - LocalRoleConstants.FEATURE_DICTIONARY.get("ROLE_UPDATE")) || - !hasRequiredScopes(featureConfig, - featureConfig?.scopes?.update, allowedScopes); + LocalRoleConstants.FEATURE_DICTIONARY.get("ROLE_UPDATE")) + || !hasRequiredScopes(featureConfig, + featureConfig?.scopes?.update, allowedScopes) + || roleObject?.meta?.systemRole; }, [ featureConfig, allowedScopes ]); const isUserReadOnly: boolean = useMemo(() => { diff --git a/features/admin.roles.v2/components/role-list.tsx b/features/admin.roles.v2/components/role-list.tsx index fba110e81fc..aafafa8ace5 100644 --- a/features/admin.roles.v2/components/role-list.tsx +++ b/features/admin.roles.v2/components/role-list.tsx @@ -279,6 +279,7 @@ export const RoleList: React.FunctionComponent = (props: RoleList const resolveTableActions = (): TableActionsInterface[] => { return [ { + hidden: (role: RolesInterface) => role?.meta?.systemRole, icon: (): SemanticICONS => !isReadOnly ? "pencil alternate" @@ -292,14 +293,19 @@ export const RoleList: React.FunctionComponent = (props: RoleList renderer: "semantic-icon" }, { - hidden: (role: RolesInterface) => isSubOrg || - (role?.displayName === CommonRoleConstants.ADMIN_ROLE || + hidden: (role: RolesInterface) => { + return isSubOrg + || role?.meta?.systemRole + || ( + role?.displayName === CommonRoleConstants.ADMIN_ROLE || role?.displayName === CommonRoleConstants.ADMIN_GROUP || - role?.displayName === administratorRoleDisplayName) + role?.displayName === administratorRoleDisplayName + ) || !isFeatureEnabled(userRolesFeatureConfig, RoleConstants.FEATURE_DICTIONARY.get("ROLE_DELETE")) || !hasRequiredScopes(userRolesFeatureConfig, - userRolesFeatureConfig?.scopes?.delete, allowedScopes), + userRolesFeatureConfig?.scopes?.delete, allowedScopes); + }, icon: (): SemanticICONS => "trash alternate", onClick: (e: SyntheticEvent, role: RolesInterface): void => { onRoleDeleteClicked(role); diff --git a/modules/core/src/models/roles.ts b/modules/core/src/models/roles.ts index d63420251ed..d340725c6ad 100644 --- a/modules/core/src/models/roles.ts +++ b/modules/core/src/models/roles.ts @@ -48,6 +48,7 @@ export interface RolesMetaInterface { created?: string; location: string; lastModified?: string; + systemRole?: boolean; } /** From 0656e0a717e01ff7817a2643d6b6c869e033789f Mon Sep 17 00:00:00 2001 From: Pavindu Lakshan Date: Tue, 30 Apr 2024 14:50:37 +0530 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=A6=8B=20Add=20changeset?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .changeset/shaggy-spoons-unite.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .changeset/shaggy-spoons-unite.md diff --git a/.changeset/shaggy-spoons-unite.md b/.changeset/shaggy-spoons-unite.md new file mode 100644 index 00000000000..db18df190aa --- /dev/null +++ b/.changeset/shaggy-spoons-unite.md @@ -0,0 +1,6 @@ +--- +"@wso2is/core": patch +"@wso2is/features": patch +--- + +Prevent editing, deleting and assigning groups/users to system roles