Add roles table for assigning/managing user/group roles (opendatahub-io#6099)

* Add roles table for assigning/managing user/group roles

* update UX

* change assigning label color to yellow

Author: DaoDaoNoCode

frontend/src/concepts/permissions/__tests__/utils.spec.ts

@@ -2,6 +2,7 @@ import {
   buildGroupRoleMap,
   buildUserRoleMap,
   getRoleByRef,
+  getRoleLabelTypeForRole,
   getRoleLabelTypeForRoleRef,
   getRoleRefsForSubject,
   getRoleRefKey,
@@ -85,37 +86,22 @@ describe('permissions utils', () => {
   });
 
   it('classifies role label type', () => {
-    expect(
-      getRoleLabelTypeForRoleRef(
-        { kind: 'Role', name: dashboardRole.metadata.name },
-        dashboardRole,
-      ),
-    ).toBe(RoleLabelType.Dashboard);
-    expect(
-      getRoleLabelTypeForRoleRef(
-        { kind: 'Role', name: openshiftDefaultRole.metadata.name },
-        openshiftDefaultRole,
-      ),
-    ).toBe(RoleLabelType.OpenshiftDefault);
-    expect(
-      getRoleLabelTypeForRoleRef(
-        { kind: 'Role', name: openshiftCustomRole.metadata.name },
-        openshiftCustomRole,
-      ),
-    ).toBe(RoleLabelType.OpenshiftCustom);
+    expect(getRoleLabelTypeForRole(dashboardRole)).toBe(RoleLabelType.Dashboard);
+    expect(getRoleLabelTypeForRole(openshiftDefaultRole)).toBe(RoleLabelType.OpenshiftDefault);
+    expect(getRoleLabelTypeForRole(openshiftCustomRole)).toBe(RoleLabelType.OpenshiftCustom);
   });
 
   it('falls back to OpenShift label type when role object is not readable', () => {
-    expect(getRoleLabelTypeForRoleRef({ kind: 'ClusterRole', name: 'admin' }, undefined)).toBe(
+    expect(getRoleLabelTypeForRoleRef({ kind: 'ClusterRole', name: 'admin' })).toBe(
       RoleLabelType.OpenshiftDefault,
     );
-    expect(getRoleLabelTypeForRoleRef({ kind: 'ClusterRole', name: 'edit' }, undefined)).toBe(
+    expect(getRoleLabelTypeForRoleRef({ kind: 'ClusterRole', name: 'edit' })).toBe(
       RoleLabelType.OpenshiftDefault,
     );
-    expect(getRoleLabelTypeForRoleRef({ kind: 'ClusterRole', name: 'unknown' }, undefined)).toBe(
+    expect(getRoleLabelTypeForRoleRef({ kind: 'ClusterRole', name: 'unknown' })).toBe(
       RoleLabelType.OpenshiftCustom,
     );
-    expect(getRoleLabelTypeForRoleRef({ kind: 'Role', name: 'unknown' }, undefined)).toBe(
+    expect(getRoleLabelTypeForRoleRef({ kind: 'Role', name: 'unknown' })).toBe(
       RoleLabelType.OpenshiftCustom,
     );
   });

frontend/src/concepts/permissions/const.ts

@@ -10,3 +10,5 @@ export const DEFAULT_ROLE_DESCRIPTIONS: Partial<Record<string, string>> = {
   'ClusterRole:admin': 'Edit the project and manage user access',
   'ClusterRole:edit': 'View and edit the project components',
 };
+
+export const DEFAULT_CLUSTER_ROLE_NAMES: string[] = ['admin', 'edit'];

frontend/src/concepts/permissions/utils.ts

@@ -8,6 +8,7 @@ import type {
 import { KnownLabels } from '#~/k8sTypes';
 import { getDisplayNameFromK8sResource } from '#~/concepts/k8s/utils';
 import {
+  DEFAULT_CLUSTER_ROLE_NAMES,
   DEFAULT_ROLE_DESCRIPTIONS,
   OPENSHIFT_BOOTSTRAPPING_DEFAULT_VALUE,
   OPENSHIFT_BOOTSTRAPPING_LABEL_KEY,
@@ -78,7 +79,7 @@ export const hasRoleRef = (roleRefs: RoleRef[], target: RoleRef): boolean =>
  * - OpenShift default roles: RoleLabelType.OpenshiftDefault (bootstrapped RBAC defaults).
  * - OpenShift custom roles: RoleLabelType.OpenshiftCustom (everything else).
  */
-const getRoleLabelType = (role: RoleKind | ClusterRoleKind): RoleLabelType => {
+export const getRoleLabelTypeForRole = (role: RoleKind | ClusterRoleKind): RoleLabelType => {
   const labels = role.metadata.labels ?? {};
   if (labels[KnownLabels.DASHBOARD_RESOURCE] === 'true') {
     return RoleLabelType.Dashboard;
@@ -97,15 +98,9 @@ const getRoleLabelType = (role: RoleKind | ClusterRoleKind): RoleLabelType => {
  * - admin/edit ClusterRoles are treated as OpenShift default even when unreadable.
  * - other unreadable roles are treated as OpenShift custom.
  */
-export const getRoleLabelTypeForRoleRef = (
-  roleRef: RoleRef,
-  role?: RoleKind | ClusterRoleKind,
-): RoleLabelType => {
-  if (role) {
-    return getRoleLabelType(role);
-  }
+export const getRoleLabelTypeForRoleRef = (roleRef: RoleRef): RoleLabelType => {
   const name = roleRef.name.toLowerCase();
-  if (roleRef.kind === 'ClusterRole' && (name === 'admin' || name === 'edit')) {
+  if (roleRef.kind === 'ClusterRole' && DEFAULT_CLUSTER_ROLE_NAMES.includes(name)) {
     return RoleLabelType.OpenshiftDefault;
   }
   return RoleLabelType.OpenshiftCustom;

frontend/src/images/icons/AiExperienceIcon.ts

@@ -0,0 +1,13 @@
+import { createIcon } from '@patternfly/react-icons/dist/esm/createIcon';
+
+const AiExperienceIcon = createIcon({
+  name: 'AiExperienceIcon',
+  width: 32,
+  height: 32,
+  svgPath:
+    'M26.03125,16.96191c-5.90527-.46875-10.53076-5.09473-10.99902-11-.0415-.51953-.5166-.96094-1.03809-.96094s-.99658.44238-1.03809.96191c-.46777,5.9043-5.09375,10.53027-10.99121,10.99902-.52344.03711-.96973.51367-.96973,1.03809,0,.52148.44189.99707.96191,1.03809,5.90527.46875,10.53125,5.09473,10.99951,11,.0415.51953.5166.96094,1.0376.96094.52197,0,.99707-.44238,1.03857-.96191.46777-5.9043,5.09326-10.53027,10.99854-10.99902.51953-.04199.96191-.51562.96191-1.03809,0-.52148-.44238-.99707-.96191-1.03809ZM13.99414,25.76465c-1.4126-3.54492-4.21875-6.35059-7.7666-7.76367,3.54639-1.41309,6.354-4.2207,7.76709-7.76562,1.4126,3.54492,4.21826,6.35059,7.76611,7.76367-3.5459,1.41309-6.35352,4.2207-7.7666,7.76562ZM30.50195,7c0,.28906-.20898.53613-.49805.58984-2.2334.4082-4.00879,2.18359-4.41699,4.41699-.05371.28906-.30078.49805-.58984.49805s-.53613-.20898-.58984-.49805c-.40723-2.2334-2.18262-4.00879-4.41699-4.41699-.28906-.05371-.49805-.30078-.49805-.58984s.20898-.53613.49805-.58984c2.23438-.4082,4.00977-2.18359,4.41699-4.41699.05371-.28906.30078-.49805.58984-.49805s.53613.20898.58984.49805c.4082,2.2334,2.18359,4.00879,4.41699,4.41699.28906.05371.49805.30078.49805.58984Z',
+  xOffset: 0,
+  yOffset: 0,
+});
+
+export default AiExperienceIcon;

frontend/src/pages/projects/projectPermissions/ProjectPermissions.tsx

@@ -19,10 +19,8 @@ import { ProjectSectionID } from '#~/pages/projects/screens/detail/types';
 import { usePermissionsContext } from '#~/concepts/permissions/PermissionsContext';
 import FilterToolbar from '#~/components/FilterToolbar';
 import SimpleSelect from '#~/components/SimpleSelect';
-import type { RoleRef } from '#~/concepts/permissions/types';
 import { ProjectDetailsContext } from '#~/pages/projects/ProjectDetailsContext';
 import SubjectRolesTableSection from './SubjectRolesTableSection';
-import RoleDetailsModal from './roleDetails/RoleDetailsModal';
 import {
   FilterDataType,
   initialFilterData,
@@ -41,8 +39,6 @@ const ProjectPermissions: React.FC = () => {
     SubjectScopeFilter.all,
   );
   const [filterData, setFilterData] = React.useState<FilterDataType>(initialFilterData);
-  const [selectedRoleRef, setSelectedRoleRef] = React.useState<RoleRef>();
-
   const clearFilters = React.useCallback(() => {
     setFilterData(initialFilterData);
   }, []);
@@ -70,12 +66,6 @@ const ProjectPermissions: React.FC = () => {
           </StackItem>
         ) : (
           <>
-            {selectedRoleRef ? (
-              <RoleDetailsModal
-                roleRef={selectedRoleRef}
-                onClose={() => setSelectedRoleRef(undefined)}
-              />
-            ) : null}
             <StackItem>
               <Toolbar clearAllFilters={clearFilters}>
                 <ToolbarContent>
@@ -147,7 +137,6 @@ const ProjectPermissions: React.FC = () => {
                   subjectKind="user"
                   filterData={filterData}
                   onClearFilters={clearFilters}
-                  onRoleClick={setSelectedRoleRef}
                 />
               </StackItem>
             ) : null}
@@ -157,7 +146,6 @@ const ProjectPermissions: React.FC = () => {
                   subjectKind="group"
                   filterData={filterData}
                   onClearFilters={clearFilters}
-                  onRoleClick={setSelectedRoleRef}
                 />
               </StackItem>
             ) : null}

frontend/src/pages/projects/projectPermissions/ProjectPermissionsAssignRoles.tsx

@@ -12,6 +12,7 @@ import {
   ActionListItem,
   ActionListGroup,
   Bullseye,
+  Icon,
   Spinner,
   FormHelperText,
   HelperText,
@@ -20,6 +21,8 @@ import {
   Content,
   ContentVariants,
   Alert,
+  FlexItem,
+  Flex,
 } from '@patternfly/react-core';
 import { Link, Navigate, useLocation, useNavigate } from 'react-router-dom';
 import {
@@ -30,7 +33,10 @@ import ApplicationsPage from '#~/pages/ApplicationsPage';
 import { ProjectDetailsContext } from '#~/pages/projects/ProjectDetailsContext';
 import { useAccessReview } from '#~/api/useAccessReview.ts';
 import { getDisplayNameFromK8sResource } from '#~/concepts/k8s/utils.ts';
+import { ProjectObjectType, typedBackgroundColor } from '#~/concepts/design/utils.ts';
+import TypedObjectIcon from '#~/concepts/design/TypedObjectIcon.tsx';
 import SubjectNameTypeaheadSelect from './components/SubjectNameTypeaheadSelect';
+import ManageRolesTable from './manageRoles/ManageRolesTable';
 import { useRoleAssignmentData } from './useRoleAssignmentData';
 
 const ProjectPermissionsAssignRolesForm: React.FC = () => {
@@ -134,7 +140,36 @@ const ProjectPermissionsAssignRolesForm: React.FC = () => {
             >
               {isManageMode ? (
                 <Content component={ContentVariants.p} data-testid="assign-roles-subject-readonly">
-                  {subjectName}
+                  <Flex
+                    spaceItems={{ default: 'spaceItemsSm' }}
+                    alignItems={{ default: 'alignItemsCenter' }}
+                  >
+                    <FlexItem>
+                      <Bullseye
+                        style={{
+                          background: typedBackgroundColor(
+                            subjectKind === 'user'
+                              ? ProjectObjectType.user
+                              : ProjectObjectType.group,
+                          ),
+                          borderRadius: 14,
+                          width: 28,
+                          height: 28,
+                        }}
+                      >
+                        <Icon size="lg">
+                          <TypedObjectIcon
+                            resourceType={
+                              subjectKind === 'user'
+                                ? ProjectObjectType.user
+                                : ProjectObjectType.group
+                            }
+                          />
+                        </Icon>
+                      </Bullseye>
+                    </FlexItem>
+                    <FlexItem>{subjectName}</FlexItem>
+                  </Flex>
                 </Content>
               ) : (
                 <>
@@ -167,6 +202,11 @@ const ProjectPermissionsAssignRolesForm: React.FC = () => {
               )}
             </FormGroup>
           </FormSection>
+          <ManageRolesTable
+            subjectKind={subjectKind}
+            subjectName={subjectName}
+            existingSubjectNames={existingSubjectNames}
+          />
         </Form>
       </PageSection>
       <PageSection hasBodyWrapper={false} stickyOnBreakpoint={{ default: 'bottom' }}>