mirror of
https://github.com/Infisical/infisical.git
synced 2026-05-02 03:02:03 -04:00
feat: removed filters made in project roles
This commit is contained in:
=
@@ -8,15 +8,10 @@ export const useGetProjectTypeFromRoute = () => {
|
||||
|
||||
return useMemo(() => {
|
||||
const segments = location.pathname.split("/");
|
||||
const type = segments?.[2];
|
||||
if (!type) return ProjectType.SecretManager;
|
||||
|
||||
let type: ProjectType | undefined;
|
||||
|
||||
// location of project type can vary in router path, so we need to check all possible values
|
||||
segments.forEach((segment) => {
|
||||
if (Object.values(ProjectType).includes(segment as ProjectType))
|
||||
type = segment as ProjectType;
|
||||
});
|
||||
|
||||
return type;
|
||||
// second element would be /projects/$projectId/<type>
|
||||
return Object.values(ProjectType).find((el) => el === type) || ProjectType.SecretManager;
|
||||
}, [location]);
|
||||
};
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { createFileRoute, linkOptions } from "@tanstack/react-router";
|
||||
|
||||
import { GroupDetailsByIDPage } from "./GroupDetailsByIDPage";
|
||||
import { ProjectAccessControlTabs } from "@app/types/project";
|
||||
|
||||
export const Route = createFileRoute(
|
||||
"/_authenticate/_inject-org-details/_org-layout/projects/$projectId/_project-layout/_project-general-layout/groups/$groupId"
|
||||
@@ -16,6 +17,9 @@ export const Route = createFileRoute(
|
||||
to: "/projects/$projectId/access-management",
|
||||
params: {
|
||||
projectId: params.projectId
|
||||
},
|
||||
search: {
|
||||
selectedTab: ProjectAccessControlTabs.Groups
|
||||
}
|
||||
})
|
||||
},
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { createFileRoute, linkOptions } from "@tanstack/react-router";
|
||||
|
||||
import { IdentityDetailsByIDPage } from "./IdentityDetailsByIDPage";
|
||||
import { ProjectAccessControlTabs } from "@app/types/project";
|
||||
|
||||
export const Route = createFileRoute(
|
||||
"/_authenticate/_inject-org-details/_org-layout/projects/$projectId/_project-layout/_project-general-layout/identities/$identityId"
|
||||
@@ -16,6 +17,9 @@ export const Route = createFileRoute(
|
||||
to: "/projects/$projectId/access-management",
|
||||
params: {
|
||||
projectId: params.projectId
|
||||
},
|
||||
search: {
|
||||
selectedTab: ProjectAccessControlTabs.Identities
|
||||
}
|
||||
})
|
||||
},
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { createFileRoute, linkOptions } from "@tanstack/react-router";
|
||||
|
||||
import { MemberDetailsByIDPage } from "./MemberDetailsByIDPage";
|
||||
import { ProjectAccessControlTabs } from "@app/types/project";
|
||||
|
||||
export const Route = createFileRoute(
|
||||
"/_authenticate/_inject-org-details/_org-layout/projects/$projectId/_project-layout/_project-general-layout/members/$membershipId"
|
||||
@@ -16,6 +17,9 @@ export const Route = createFileRoute(
|
||||
to: "/projects/$projectId/access-management",
|
||||
params: {
|
||||
projectId: params.projectId
|
||||
},
|
||||
search: {
|
||||
selectedTab: ProjectAccessControlTabs.Member
|
||||
}
|
||||
})
|
||||
},
|
||||
|
||||
@@ -19,14 +19,11 @@ import {
|
||||
Tr
|
||||
} from "@app/components/v2";
|
||||
import { ProjectPermissionSub } from "@app/context";
|
||||
import { useGetProjectTypeFromRoute } from "@app/hooks";
|
||||
import { ProjectType } from "@app/hooks/api/workspace/types";
|
||||
|
||||
import {
|
||||
EXCLUDED_PERMISSION_SUBS,
|
||||
isConditionalSubjects,
|
||||
PROJECT_PERMISSION_OBJECT,
|
||||
ProjectTypePermissionSubjects,
|
||||
TFormSchema
|
||||
} from "./ProjectRoleModifySection.utils";
|
||||
|
||||
@@ -58,15 +55,8 @@ const Content = ({ onClose }: ContentProps) => {
|
||||
}
|
||||
});
|
||||
|
||||
const projectType = useGetProjectTypeFromRoute();
|
||||
|
||||
const filteredPolicies = Object.entries(PROJECT_PERMISSION_OBJECT)
|
||||
.filter(
|
||||
([subject, { title }]) =>
|
||||
ProjectTypePermissionSubjects[projectType ?? ProjectType.SecretManager][
|
||||
subject as ProjectPermissionSub
|
||||
] && (search ? title.toLowerCase().includes(search.toLowerCase()) : true)
|
||||
)
|
||||
.filter(([, { title }]) => (search ? title.toLowerCase().includes(search.toLowerCase()) : true))
|
||||
.filter(([subject]) => !EXCLUDED_PERMISSION_SUBS.includes(subject as ProjectPermissionSub))
|
||||
.sort((a, b) => a[1].title.localeCompare(b[1].title))
|
||||
.map(([subject]) => subject);
|
||||
|
||||
@@ -13,8 +13,6 @@ import {
|
||||
ModalContent
|
||||
} from "@app/components/v2";
|
||||
import { ProjectPermissionSub } from "@app/context";
|
||||
import { useGetProjectTypeFromRoute } from "@app/hooks";
|
||||
import { ProjectType } from "@app/hooks/api/workspace/types";
|
||||
|
||||
import {
|
||||
PROJECT_PERMISSION_OBJECT,
|
||||
@@ -34,14 +32,11 @@ type ContentProps = {
|
||||
|
||||
const Content = ({ onClose }: ContentProps) => {
|
||||
const rootForm = useFormContext<TFormSchema>();
|
||||
const projectType = useGetProjectTypeFromRoute();
|
||||
|
||||
const [selectedTemplate, setSelectedTemplate] = useState<RoleTemplate>();
|
||||
const [conflictingSubjects, setConflictingSubjects] = useState<ProjectPermissionSub[]>([]);
|
||||
const [showConflictingSubjects, setShowConflictingSubjects] = useState(false);
|
||||
|
||||
const templates = RoleTemplates[projectType ?? ProjectType.SecretManager];
|
||||
|
||||
const onSubmit = (skipConflicting = false) => {
|
||||
if (!selectedTemplate) {
|
||||
createNotification({ type: "error", text: "Please select a template" });
|
||||
@@ -126,12 +121,12 @@ const Content = ({ onClose }: ContentProps) => {
|
||||
type="single"
|
||||
value={selectedTemplate?.id}
|
||||
onValueChange={(value) =>
|
||||
setSelectedTemplate(templates.find((template) => template.id === value))
|
||||
setSelectedTemplate(RoleTemplates.find((template) => template.id === value))
|
||||
}
|
||||
collapsible
|
||||
className="w-full border-collapse"
|
||||
>
|
||||
{templates.map(({ name, description, permissions, id }) => (
|
||||
{RoleTemplates.map(({ name, description, permissions, id }) => (
|
||||
<AccordionItem
|
||||
key={id}
|
||||
value={id}
|
||||
|
||||
@@ -1645,377 +1645,40 @@ export type RoleTemplate = {
|
||||
permissions: { subject: ProjectPermissionSub; actions: string[] }[];
|
||||
};
|
||||
|
||||
const projectManagerTemplate = (
|
||||
additionalPermissions: RoleTemplate["permissions"] = []
|
||||
): RoleTemplate => ({
|
||||
id: "project-manager",
|
||||
name: "Project Management Policies",
|
||||
description: "Grants access to manage project members and settings",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.AuditLogs,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Groups,
|
||||
actions: Object.values(ProjectPermissionGroupActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Member,
|
||||
actions: Object.values(ProjectPermissionMemberActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Identity,
|
||||
actions: Object.values(ProjectPermissionIdentityActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Project,
|
||||
actions: [ProjectPermissionActions.Edit, ProjectPermissionActions.Delete]
|
||||
},
|
||||
{ subject: ProjectPermissionSub.Role, actions: Object.values(ProjectPermissionActions) },
|
||||
{
|
||||
subject: ProjectPermissionSub.Settings,
|
||||
actions: [ProjectPermissionActions.Read, ProjectPermissionActions.Edit]
|
||||
},
|
||||
...additionalPermissions
|
||||
]
|
||||
});
|
||||
|
||||
export const RoleTemplates: Record<ProjectType, RoleTemplate[]> = {
|
||||
[ProjectType.SSH]: [
|
||||
{
|
||||
id: "ssh-viewer",
|
||||
name: "SSH Viewing Policies",
|
||||
description: "Grants read access to SSH certificates and hosts",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificateAuthorities,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificates,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificateTemplates,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshHosts,
|
||||
actions: [ProjectPermissionSshHostActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshHostGroups,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "ssh-cert-editor",
|
||||
name: "SSH Certificate Editing Policies",
|
||||
description: "Grants read and edit access to SSH certificates",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificateAuthorities,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificates,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificateTemplates,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "ssh-host-editor",
|
||||
name: "SSH Host Editing Policies",
|
||||
description: "Grants read and edit access to SSH hosts",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SshHosts,
|
||||
actions: Object.values(ProjectPermissionSshHostActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshHostGroups,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
projectManagerTemplate()
|
||||
],
|
||||
[ProjectType.KMS]: [
|
||||
{
|
||||
id: "kms-viewer",
|
||||
name: "KMS Viewing Policies",
|
||||
description: "Grants read access to KMS keys and KMIP clients",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.Cmek,
|
||||
actions: [ProjectPermissionCmekActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Kmip,
|
||||
actions: [ProjectPermissionKmipActions.ReadClients]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "key-editor",
|
||||
name: "KMS Key Editing Policies",
|
||||
description: "Grants read and edit access to KMS keys",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.Cmek,
|
||||
actions: Object.values(ProjectPermissionCmekActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "kmip-editor",
|
||||
name: "KMIP Client Editing Policies",
|
||||
description: "Grants read and edit access to KMIP clients",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.Kmip,
|
||||
actions: Object.values(ProjectPermissionKmipActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
projectManagerTemplate()
|
||||
],
|
||||
[ProjectType.CertificateManager]: [
|
||||
{
|
||||
id: "cert-viewer",
|
||||
name: "Certificate Viewing Policies",
|
||||
description: "Grants read access to certificates and related resources",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.PkiCollections,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.PkiAlerts,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.CertificateAuthorities,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.CertificateTemplates,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Certificates,
|
||||
actions: [
|
||||
ProjectPermissionCertificateActions.Read,
|
||||
ProjectPermissionCertificateActions.ReadPrivateKey
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "cert-editor",
|
||||
name: "Certificate Editing Policies",
|
||||
description: "Grants read and edit access to certificates and related resources",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.PkiCollections,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.PkiAlerts,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.CertificateAuthorities,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.CertificateTemplates,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Certificates,
|
||||
actions: Object.values(ProjectPermissionCertificateActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
projectManagerTemplate()
|
||||
],
|
||||
[ProjectType.SecretScanning]: [
|
||||
{
|
||||
id: "scanning-viewer",
|
||||
name: "Secret Scanning Viewing Policies",
|
||||
description: "Grants read access to data sources and findings",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningDataSources,
|
||||
actions: [
|
||||
ProjectPermissionSecretScanningDataSourceActions.Read,
|
||||
ProjectPermissionSecretScanningDataSourceActions.ReadResources,
|
||||
ProjectPermissionSecretScanningDataSourceActions.ReadScans
|
||||
]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningFindings,
|
||||
actions: [ProjectPermissionSecretScanningFindingActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningConfigs,
|
||||
actions: [ProjectPermissionSecretScanningConfigActions.Read]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "scanning-editor",
|
||||
name: "Secret Scanning Editing Policies",
|
||||
description: "Grants read and edit access to data sources and findings",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningDataSources,
|
||||
actions: Object.values(ProjectPermissionSecretScanningDataSourceActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningFindings,
|
||||
actions: Object.values(ProjectPermissionSecretScanningFindingActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningConfigs,
|
||||
actions: [ProjectPermissionSecretScanningConfigActions.Read]
|
||||
}
|
||||
]
|
||||
},
|
||||
projectManagerTemplate([
|
||||
export const RoleTemplates = [
|
||||
{
|
||||
id: "project-manager",
|
||||
name: "Project Management Policies",
|
||||
description: "Grants access to manage project members and settings",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningConfigs,
|
||||
actions: Object.values(ProjectPermissionSecretScanningConfigActions)
|
||||
}
|
||||
])
|
||||
],
|
||||
[ProjectType.SecretManager]: [
|
||||
{
|
||||
id: "secret-viewer",
|
||||
name: "Secret Viewing Policies",
|
||||
description: "Grants read access to secrets and related resources",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretRollback,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretImports,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Secrets,
|
||||
actions: [
|
||||
ProjectPermissionSecretActions.DescribeSecret,
|
||||
ProjectPermissionSecretActions.ReadValue
|
||||
]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.DynamicSecrets,
|
||||
actions: [ProjectPermissionDynamicSecretActions.ReadRootCredential]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Environments,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Tags,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretRotation,
|
||||
actions: [ProjectPermissionSecretRotationActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Integrations,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretSyncs,
|
||||
actions: [ProjectPermissionSecretSyncActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Commits,
|
||||
actions: [ProjectPermissionCommitsActions.Read]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "secret-editor",
|
||||
name: "Secret Editing Policies",
|
||||
description: "Grants read and edit access to secrets and related resources",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.Environments,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.DynamicSecrets,
|
||||
actions: Object.values(ProjectPermissionDynamicSecretActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Secrets,
|
||||
actions: [
|
||||
ProjectPermissionSecretActions.DescribeSecret,
|
||||
ProjectPermissionSecretActions.ReadValue,
|
||||
ProjectPermissionSecretActions.Edit,
|
||||
ProjectPermissionSecretActions.Create,
|
||||
ProjectPermissionSecretActions.Delete
|
||||
]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretRollback,
|
||||
actions: [ProjectPermissionActions.Read, ProjectPermissionActions.Create]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Tags,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretImports,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretRotation,
|
||||
actions: Object.values(ProjectPermissionSecretRotationActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretFolders,
|
||||
actions: [
|
||||
ProjectPermissionActions.Create,
|
||||
ProjectPermissionActions.Edit,
|
||||
ProjectPermissionActions.Delete
|
||||
]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Integrations,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretSyncs,
|
||||
actions: Object.values(ProjectPermissionSecretSyncActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Commits,
|
||||
actions: Object.values(ProjectPermissionCommitsActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
projectManagerTemplate([
|
||||
{
|
||||
subject: ProjectPermissionSub.IpAllowList,
|
||||
subject: ProjectPermissionSub.AuditLogs,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Kms,
|
||||
actions: [ProjectPermissionActions.Edit]
|
||||
subject: ProjectPermissionSub.Groups,
|
||||
actions: Object.values(ProjectPermissionGroupActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Member,
|
||||
actions: Object.values(ProjectPermissionMemberActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Identity,
|
||||
actions: Object.values(ProjectPermissionIdentityActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Project,
|
||||
actions: [ProjectPermissionActions.Edit, ProjectPermissionActions.Delete]
|
||||
},
|
||||
{ subject: ProjectPermissionSub.Role, actions: Object.values(ProjectPermissionActions) },
|
||||
{
|
||||
subject: ProjectPermissionSub.Settings,
|
||||
actions: [ProjectPermissionActions.Read, ProjectPermissionActions.Edit]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.IpAllowList,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretApproval,
|
||||
@@ -2029,6 +1692,314 @@ export const RoleTemplates: Record<ProjectType, RoleTemplate[]> = {
|
||||
subject: ProjectPermissionSub.Webhooks,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
}
|
||||
])
|
||||
]
|
||||
};
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "ssh-viewer",
|
||||
name: "SSH Viewing Policies",
|
||||
description: "Grants read access to SSH certificates and hosts",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificateAuthorities,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificates,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificateTemplates,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshHosts,
|
||||
actions: [ProjectPermissionSshHostActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshHostGroups,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "ssh-cert-editor",
|
||||
name: "SSH Certificate Editing Policies",
|
||||
description: "Grants read and edit access to SSH certificates",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificateAuthorities,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificates,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshCertificateTemplates,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "ssh-host-editor",
|
||||
name: "SSH Host Editing Policies",
|
||||
description: "Grants read and edit access to SSH hosts",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SshHosts,
|
||||
actions: Object.values(ProjectPermissionSshHostActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SshHostGroups,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "kms-viewer",
|
||||
name: "KMS Viewing Policies",
|
||||
description: "Grants read access to KMS keys and KMIP clients",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.Cmek,
|
||||
actions: [ProjectPermissionCmekActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Kmip,
|
||||
actions: [ProjectPermissionKmipActions.ReadClients]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "key-editor",
|
||||
name: "KMS Key Editing Policies",
|
||||
description: "Grants read and edit access to KMS keys",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.Cmek,
|
||||
actions: Object.values(ProjectPermissionCmekActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "kmip-editor",
|
||||
name: "KMIP Client Editing Policies",
|
||||
description: "Grants read and edit access to KMIP clients",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.Kmip,
|
||||
actions: Object.values(ProjectPermissionKmipActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "cert-viewer",
|
||||
name: "Certificate Viewing Policies",
|
||||
description: "Grants read access to certificates and related resources",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.PkiCollections,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.PkiAlerts,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.CertificateAuthorities,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.CertificateTemplates,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Certificates,
|
||||
actions: [
|
||||
ProjectPermissionCertificateActions.Read,
|
||||
ProjectPermissionCertificateActions.ReadPrivateKey
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "cert-editor",
|
||||
name: "Certificate Editing Policies",
|
||||
description: "Grants read and edit access to certificates and related resources",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.PkiCollections,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.PkiAlerts,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.CertificateAuthorities,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.CertificateTemplates,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Certificates,
|
||||
actions: Object.values(ProjectPermissionCertificateActions)
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "scanning-viewer",
|
||||
name: "Secret Scanning Viewing Policies",
|
||||
description: "Grants read access to data sources and findings",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningDataSources,
|
||||
actions: [
|
||||
ProjectPermissionSecretScanningDataSourceActions.Read,
|
||||
ProjectPermissionSecretScanningDataSourceActions.ReadResources,
|
||||
ProjectPermissionSecretScanningDataSourceActions.ReadScans
|
||||
]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningFindings,
|
||||
actions: [ProjectPermissionSecretScanningFindingActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningConfigs,
|
||||
actions: [ProjectPermissionSecretScanningConfigActions.Read]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "scanning-editor",
|
||||
name: "Secret Scanning Editing Policies",
|
||||
description: "Grants read and edit access to data sources and findings",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningDataSources,
|
||||
actions: Object.values(ProjectPermissionSecretScanningDataSourceActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningFindings,
|
||||
actions: Object.values(ProjectPermissionSecretScanningFindingActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretScanningConfigs,
|
||||
actions: [ProjectPermissionSecretScanningConfigActions.Read]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "secret-viewer",
|
||||
name: "Secret Viewing Policies",
|
||||
description: "Grants read access to secrets and related resources",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretRollback,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretImports,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Secrets,
|
||||
actions: [
|
||||
ProjectPermissionSecretActions.DescribeSecret,
|
||||
ProjectPermissionSecretActions.ReadValue
|
||||
]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.DynamicSecrets,
|
||||
actions: [ProjectPermissionDynamicSecretActions.ReadRootCredential]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Environments,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Tags,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretRotation,
|
||||
actions: [ProjectPermissionSecretRotationActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Integrations,
|
||||
actions: [ProjectPermissionActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretSyncs,
|
||||
actions: [ProjectPermissionSecretSyncActions.Read]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Commits,
|
||||
actions: [ProjectPermissionCommitsActions.Read]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
id: "secret-editor",
|
||||
name: "Secret Editing Policies",
|
||||
description: "Grants read and edit access to secrets and related resources",
|
||||
permissions: [
|
||||
{
|
||||
subject: ProjectPermissionSub.Environments,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.DynamicSecrets,
|
||||
actions: Object.values(ProjectPermissionDynamicSecretActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Secrets,
|
||||
actions: [
|
||||
ProjectPermissionSecretActions.DescribeSecret,
|
||||
ProjectPermissionSecretActions.ReadValue,
|
||||
ProjectPermissionSecretActions.Edit,
|
||||
ProjectPermissionSecretActions.Create,
|
||||
ProjectPermissionSecretActions.Delete
|
||||
]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretRollback,
|
||||
actions: [ProjectPermissionActions.Read, ProjectPermissionActions.Create]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Tags,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretImports,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretRotation,
|
||||
actions: Object.values(ProjectPermissionSecretRotationActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretFolders,
|
||||
actions: [
|
||||
ProjectPermissionActions.Create,
|
||||
ProjectPermissionActions.Edit,
|
||||
ProjectPermissionActions.Delete
|
||||
]
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Integrations,
|
||||
actions: Object.values(ProjectPermissionActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.SecretSyncs,
|
||||
actions: Object.values(ProjectPermissionSecretSyncActions)
|
||||
},
|
||||
{
|
||||
subject: ProjectPermissionSub.Commits,
|
||||
actions: Object.values(ProjectPermissionCommitsActions)
|
||||
}
|
||||
]
|
||||
}
|
||||
];
|
||||
|
||||
@@ -14,7 +14,6 @@ import { ProjectPermissionSet } from "@app/context/ProjectPermissionContext";
|
||||
import { evaluatePermissionsAbility } from "@app/helpers/permissions";
|
||||
import { useGetProjectRoleBySlug, useUpdateProjectRole } from "@app/hooks/api";
|
||||
import { ProjectMembershipRole } from "@app/hooks/api/roles/types";
|
||||
import { ProjectType } from "@app/hooks/api/workspace/types";
|
||||
|
||||
import { AddPoliciesButton } from "./AddPoliciesButton";
|
||||
import { DynamicSecretPermissionConditions } from "./DynamicSecretPermissionConditions";
|
||||
@@ -30,7 +29,6 @@ import {
|
||||
isConditionalSubjects,
|
||||
PROJECT_PERMISSION_OBJECT,
|
||||
projectRoleFormSchema,
|
||||
ProjectTypePermissionSubjects,
|
||||
rolePermission2Form,
|
||||
TFormSchema
|
||||
} from "./ProjectRoleModifySection.utils";
|
||||
@@ -135,8 +133,6 @@ export const RolePermissionsSection = ({ roleSlug, isDisabled }: Props) => {
|
||||
[JSON.stringify(permissions)]
|
||||
);
|
||||
|
||||
const isSecretManagerProject = currentWorkspace.type === ProjectType.SecretManager;
|
||||
|
||||
return (
|
||||
<div className="w-full">
|
||||
<form
|
||||
@@ -185,7 +181,6 @@ export const RolePermissionsSection = ({ roleSlug, isDisabled }: Props) => {
|
||||
{!isPending && <PermissionEmptyState />}
|
||||
{(Object.keys(PROJECT_PERMISSION_OBJECT) as ProjectPermissionSub[])
|
||||
.filter((subject) => !EXCLUDED_PERMISSION_SUBS.includes(subject))
|
||||
.filter((subject) => ProjectTypePermissionSubjects[currentWorkspace.type][subject])
|
||||
.map((subject) => (
|
||||
<GeneralPermissionPolicies
|
||||
subject={subject}
|
||||
@@ -194,7 +189,6 @@ export const RolePermissionsSection = ({ roleSlug, isDisabled }: Props) => {
|
||||
key={`project-permission-${subject}`}
|
||||
isDisabled={isDisabled}
|
||||
onShowAccessTree={
|
||||
isSecretManagerProject &&
|
||||
[
|
||||
ProjectPermissionSub.Secrets,
|
||||
ProjectPermissionSub.SecretFolders,
|
||||
@@ -212,7 +206,7 @@ export const RolePermissionsSection = ({ roleSlug, isDisabled }: Props) => {
|
||||
</div>
|
||||
</FormProvider>
|
||||
</form>
|
||||
{isSecretManagerProject && showAccessTree && (
|
||||
{showAccessTree && (
|
||||
<AccessTree
|
||||
permissions={formattedPermissions}
|
||||
subject={showAccessTree}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { createFileRoute, linkOptions } from "@tanstack/react-router";
|
||||
|
||||
import { RoleDetailsBySlugPage } from "./RoleDetailsBySlugPage";
|
||||
import { ProjectAccessControlTabs } from "@app/types/project";
|
||||
|
||||
export const Route = createFileRoute(
|
||||
"/_authenticate/_inject-org-details/_org-layout/projects/$projectId/_project-layout/_project-general-layout/roles/$roleSlug"
|
||||
@@ -16,6 +17,9 @@ export const Route = createFileRoute(
|
||||
to: "/projects/$projectId/access-management",
|
||||
params: {
|
||||
projectId: params.projectId
|
||||
},
|
||||
search: {
|
||||
selectedTab: ProjectAccessControlTabs.Roles
|
||||
}
|
||||
})
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user