Skip to content

[WIP] Copilot Tweaked out #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 1 commit into from
Closed

[WIP] Copilot Tweaked out #12

Copilot wants to merge 1 commit into from

Conversation

Copy link

Copilot AI commented Jul 9, 2025

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

Original description:

I need you to correctly setup the permissions for all current controllers.

I use Keycloak and Keycloak.AuthServices.Authorization + (Authentication) for my ASP.NET backend and what you can do in terms of knowing "what is my task?" is to look at the ProjectController.cs file and see the usage of the ProtectedResource attribute.

I need you to apply those to other controllers where possible. For reference here is the current keycloak configuration in terms of resources and what scopes exist.

{
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "comments",
"type": "urn:intra:resources:comments",
"ownerManagedAccess": false,
"displayName": "Comments",
"attributes": {},
"uris": [
"/"
],
"scopes": [
{
"name": "comments:write"
},
{
"name": "comments:read"
}
],
"icon_uri": ""
},
{
"name": "Default Resource",
"type": "urn:intra:resources:default",
"ownerManagedAccess": false,
"attributes": {},
"uris": [
"/"
]
},
{
"name": "projects",
"type": "urn:intra:resources:projects",
"ownerManagedAccess": false,
"displayName": "Projects",
"attributes": {},
"uris": [
"/"
],
"scopes": [
{
"name": "projects:write"
},
{
"name": "projects:read"
}
],
"icon_uri": ""
},
{
"name": "goals",
"type": "urn:intra:resources:goals",
"ownerManagedAccess": false,
"displayName": "Learning Goals",
"attributes": {},
"uris": [
"/"
],
"scopes": [
{
"name": "goals:read"
},
{
"name": "goals:write"
}
],
"icon_uri": ""
},
{
"name": "user_settings",
"type": "urn:intra:resources:user_settings",
"ownerManagedAccess": false,
"displayName": "User Settings",
"attributes": {},
"uris": [
"/"
],
"scopes": [
{
"name": "user:settings:read"
},
{
"name": "user:settings:write"
}
],
"icon_uri": ""
},
{
"name": "rubrics",
"type": "urn:intra:resources:rubrics",
"ownerManagedAccess": false,
"displayName": "Rubrics",
"attributes": {},
"uris": [
"/"
],
"scopes": [
{
"name": "rubrics:write"
},
{
"name": "rubrics:read"
}
],
"icon_uri": ""
},
{
"name": "cursus",
"type": "urn:intra:resources:cursus",
"ownerManagedAccess": false,
"displayName": "Cursus",
"attributes": {},
"uris": [
"/"
],
"scopes": [
{
"name": "cursus:read"
},
{
"name": "cursus:write"
}
],
"icon_uri": ""
},
{
"name": "reviews",
"type": "urn:intra:resources:reviews",
"ownerManagedAccess": false,
"displayName": "Reviews",
"attributes": {},
"uris": [
"/"
],
"scopes": [
{
"name": "reviews:write"
},
{
"name": "reviews:read"
}
],
"icon_uri": ""
}
],
"policies": [
{
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
}
},
{
"name": "IsCoreGroup",
"description": "Policy to check whether basic resource permissions should be applied, e.g: project:read",
"type": "group",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"groups": "[{"path":"/Core","extendChildren":false},{"path":"/Core","extendChildren":false}]",
"groupsClaim": ""
}
},
{
"name": "Basics",
"description": "Policy for basic user access (combines all roles)",
"type": "aggregate",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"applyPolicies": "["IsCoreGroup"]"
}
},
{
"name": "ManageResources",
"description": "Policy allows specific roles to write (all) resources",
"type": "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"fetchRoles": "false",
"roles": "[{"id":"intra/creator","required":true}]"
}
},
{
"name": "Default Permission",
"description": "A permission that applies to the default resource type",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"defaultResourceType": "urn:intra:resources:default",
"applyPolicies": "["Default Policy"]"
}
},
{
"name": "Projects Read Permission",
"description": "Allows reading projects",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["projects"]",
"scopes": "["projects:read"]",
"applyPolicies": "["Basics"]"
}
},
{
"name": "Goals Read Permission",
"description": "Allows reading goals",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["goals"]",
"scopes": "["goals:read"]",
"applyPolicies": "["Basics"]"
}
},
{
"name": "Cursus Read Permission",
"description": "Allows reading cursus",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["cursus"]",
"scopes": "["cursus:read"]",
"applyPolicies": "["Basics"]"
}
},
{
"name": "Rubrics Read Permission",
"description": "Allows reading rubrics",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["rubrics"]",
"scopes": "["rubrics:read"]",
"applyPolicies": "["Basics"]"
}
},
{
"name": "Reviews Read Permission",
"description": "Allows reading reviews",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["reviews"]",
"scopes": "["reviews:read"]",
"applyPolicies": "["Basics"]"
}
},
{
"name": "Reviews Write Permission",
"description": "Allows creating and editing reviews",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["reviews"]",
"scopes": "["reviews:write"]",
"applyPolicies": "["Basics"]"
}
},
{
"name": "Comments Read Permission",
"description": "Allows reading comments",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["comments"]",
"scopes": "["comments:read"]",
"applyPolicies": "["Basics"]"
}
},
{
"name": "Comments Write Permission",
"description": "Allows creating and editing comments",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["comments"]",
"scopes": "["comments:write"]",
"applyPolicies": "["Basics"]"
}
},
{
"name": "Access User Settings",
"description": "Allows accessing and editing user settings",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["user_settings"]",
"scopes": "["user:settings:read","user:settings:write"]",
"applyPolicies": "["Basics"]"
}
},
{
"name": "Write Rubrics Permission",
"description": "Able to write rubrics",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["rubrics"]",
"scopes": "["rubrics:write"]",
"applyPolicies": "["ManageResources"]"
}
},
{
"name": "Write Goals Permission",
"description": "Able to write goals",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "["goals"]",
"scopes": "["goals:write"]",
"applyPolicies": "["ManageResources"]"
}
}
],
"scopes": [
{
"name": "projects:read",
"iconUri": ""
},
{
"name": "projects:write",
"iconUri": ""
},
{
"name": "goals:read",
"iconUri": ""
},
{
"name": "goals:write",
"iconUri": ""
},
{
"name": "rubrics:read",
"iconUri": ""
},
{
"name": "rubrics:write",
"iconUri": ""
},
{
"name": "cursus:read",
"iconUri": ""
},
{
"name": "cursus:write",
"iconUri": ""
},
{
"name": "reviews:write",
"iconUri": ""
},
{
"name": "reviews:read",
"iconUri": ""
},
{
"name": "comments:read",
"iconUri": ""
},
{
"name": "comments:write",
"iconUri": ""
},
{
"name": "user:settings:read",
"iconUri": ""
},
{
"name": "user:settings:write",
"iconUri": ""
}
],
"decisionStrategy": "UNANIMOUS"
}

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@W2Wizard W2Wizard closed this Jul 9, 2025
@W2Wizard W2Wizard changed the title [WIP] I need you to correctly setup the permissions for all current controllers. I use Keycloak and Keycloak.AuthServices.Authorization + (Authentication) for my ASP.NET backend and what you can do in terms of knowing "what is my task?" is to look at the Pro... [WIP] Copilot Tweaked out Jul 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@W2Wizard W2Wizard

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@W2Wizard