🚀 RBAC: Allow applying a conditional permission in a provider implementation #6412
Description
Workspace
rbac
🔖 Feature description
Add support for applying conditional permissions from a custom provider
🎤 Context
In a use-case of mine, I have written a provider which reads roles and permissions files from a git repository for a GitOps approach, so I do not have to modify the Backstage configuration every time a role is to be assigned to a user or a group.
The current implementation of the extension point for RBAC providers apparently allows only the definition of basic permissions, leaving the capability to define conditional permissions to the UI.
If conditional permissions could be applied with a custom provider, the management of all permissions could be aligned.
✌️ Possible Implementation
A new type ConditionalPermission is defined following the schema roughly described in the plugin documentation.
A method applyConditionalPermissions(permissions: ConditionalPermission[]): Promise<void> is added to the RBACProviderConnection interface.
The Connection class shall implement the new RBACProviderConnection method to add the conditional policy/policies to the list of enabled policies.
👀 Have you spent some time to check if this feature request has been raised before?
- I checked and didn't find similar issue
🏢 Have you read the Code of Conduct?
- I have read the Code of Conduct
Are you willing to submit PR?
No, I don't have time to work on this right now