feat(rbac): hide RBACPage behind read permission again

Signed-off-by: Patrick <[email protected]>

Author: PatAKnight

workspaces/rbac/plugins/rbac-backend/src/database/role-metadata.ts

@@ -73,9 +73,8 @@ export class DataBaseRoleMetadataStorage implements RoleMetadataStorage {
   ): Promise<RoleMetadataDao[]> {
     let filteredRoleMeta: RoleMetadataDao[];
 
-    const roleMetadata: RoleMetadataDao[] = await this.knex.table(
-      ROLE_METADATA_TABLE,
-    );
+    const roleMetadata: RoleMetadataDao[] =
+      await this.knex.table(ROLE_METADATA_TABLE);
 
     if (filter) {
       filteredRoleMeta = roleMetadata.filter(role => {

workspaces/rbac/plugins/rbac/src/components/RbacPage.test.tsx

@@ -15,18 +15,16 @@
  */
 import React from 'react';
 
-import {
-  RequirePermission,
-  usePermission,
-} from '@backstage/plugin-permission-react';
-import { renderInTestApp } from '@backstage/test-utils';
+import { renderInTestApp, TestApiProvider } from '@backstage/test-utils';
 
 import { screen } from '@testing-library/react';
 
 import { useCheckIfLicensePluginEnabled } from '../hooks/useCheckIfLicensePluginEnabled';
 import { useRoles } from '../hooks/useRoles';
 import { RbacPage } from './RbacPage';
 
+import { RBACAPI, rbacApiRef } from '../api/RBACBackendClient';
+
 jest.mock('@backstage/plugin-permission-react', () => ({
   usePermission: jest.fn(),
   RequirePermission: jest.fn(),
@@ -40,25 +38,33 @@ jest.mock('../hooks/useCheckIfLicensePluginEnabled', () => ({
   useCheckIfLicensePluginEnabled: jest.fn(),
 }));
 
-const mockUsePermission = usePermission as jest.MockedFunction<
-  typeof usePermission
->;
-
 const mockUseRoles = useRoles as jest.MockedFunction<typeof useRoles>;
 
 const mockUseCheckIfLicensePluginEnabled =
   useCheckIfLicensePluginEnabled as jest.MockedFunction<
     typeof useCheckIfLicensePluginEnabled
   >;
 
-const RequirePermissionMock = RequirePermission as jest.MockedFunction<
-  typeof RequirePermission
->;
+// Added
+let useAsyncMockResult: { loading: boolean; value?: { status: string } } = {
+  loading: false,
+  value: { status: 'Authorized' },
+};
+
+const mockRbacApi: jest.Mocked<Partial<RBACAPI>> = {
+  getUserAuthorization: jest.fn().mockImplementation(() => useAsyncMockResult),
+};
+
+jest.mock('react-use', () => ({
+  ...jest.requireActual('react-use'),
+  useAsync: jest.fn().mockImplementation((fn: any, _deps: any) => {
+    fn();
+    return useAsyncMockResult;
+  }),
+}));
 
 describe('RbacPage', () => {
   it('should render if authorized', async () => {
-    RequirePermissionMock.mockImplementation(props => <>{props.children}</>);
-    mockUsePermission.mockReturnValue({ loading: false, allowed: true });
     mockUseRoles.mockReturnValue({
       loading: true,
       data: [],
@@ -79,23 +85,40 @@ describe('RbacPage', () => {
         name: '',
       },
     });
-    await renderInTestApp(<RbacPage />);
+
+    await renderInTestApp(
+      <TestApiProvider apis={[[rbacApiRef, mockRbacApi]]}>
+        <RbacPage />
+      </TestApiProvider>,
+    );
     expect(screen.getByText('RBAC')).toBeInTheDocument();
   });
 
   it('should not render if not authorized', async () => {
-    RequirePermissionMock.mockImplementation(_props => <>Not Found</>);
-    mockUsePermission.mockReturnValue({ loading: false, allowed: false });
+    useAsyncMockResult = {
+      loading: false,
+      value: { status: 'Unauthorized' },
+    };
 
-    await renderInTestApp(<RbacPage />);
-    expect(screen.getByText('Not Found')).toBeInTheDocument();
+    await renderInTestApp(
+      <TestApiProvider apis={[[rbacApiRef, mockRbacApi]]}>
+        <RbacPage />
+      </TestApiProvider>,
+    );
+    expect(screen.getByText('ERROR : Not Found')).toBeInTheDocument();
   });
 
   it('should not render if loading', async () => {
-    RequirePermissionMock.mockImplementation(_props => null);
-    mockUsePermission.mockReturnValue({ loading: false, allowed: false });
+    useAsyncMockResult = {
+      loading: true,
+      value: undefined,
+    };
 
-    const { queryByText } = await renderInTestApp(<RbacPage />);
+    const { queryByText } = await renderInTestApp(
+      <TestApiProvider apis={[[rbacApiRef, mockRbacApi]]}>
+        <RbacPage />
+      </TestApiProvider>,
+    );
     expect(queryByText('Not Found')).not.toBeInTheDocument();
     expect(queryByText('RBAC')).not.toBeInTheDocument();
   });

workspaces/rbac/plugins/rbac/src/components/RbacPage.tsx

@@ -16,26 +16,35 @@
 import React from 'react';
 
 import { Content, Header, Page } from '@backstage/core-components';
-import { RequirePermission } from '@backstage/plugin-permission-react';
 
 import { DeleteDialogContextProvider } from '@janus-idp/shared-react';
 
-import { policyEntityCreatePermission } from '@backstage-community/plugin-rbac-common';
-
 import { RolesList } from './RolesList/RolesList';
+import { useApi } from '@backstage/core-plugin-api';
+import { rbacApiRef } from '../api/RBACBackendClient';
+import { useAsync } from 'react-use';
+import { ErrorPage } from '@backstage/core-components';
+
+export const RbacPage = ({ useHeader = true }: { useHeader?: boolean }) => {
+  const rbacApi = useApi(rbacApiRef);
+  const { loading: isUserLoading, value: result } = useAsync(
+    async () => await rbacApi.getUserAuthorization(),
+    [],
+  );
 
-export const RbacPage = ({ useHeader = true }: { useHeader?: boolean }) => (
-  <RequirePermission
-    permission={policyEntityCreatePermission}
-    resourceRef={policyEntityCreatePermission.resourceType}
-  >
-    <Page themeId="tool">
-      {useHeader && <Header title="RBAC" />}
-      <Content>
-        <DeleteDialogContextProvider>
-          <RolesList />
-        </DeleteDialogContextProvider>
-      </Content>
-    </Page>
-  </RequirePermission>
-);
+  if (!isUserLoading) {
+    return result?.status === 'Authorized' ? (
+      <Page themeId="tool">
+        {useHeader && <Header title="RBAC" />}
+        <Content>
+          <DeleteDialogContextProvider>
+            <RolesList />
+          </DeleteDialogContextProvider>
+        </Content>
+      </Page>
+    ) : (
+      <ErrorPage statusMessage="Not Found" />
+    );
+  }
+  return null;
+};