diff --git a/server/routers/external.ts b/server/routers/external.ts index 715988cf3..bb4ee7d31 100644 --- a/server/routers/external.ts +++ b/server/routers/external.ts @@ -700,6 +700,14 @@ authenticated.get( resource.listResourcePolicyRoles ); +authenticated.put( + "/resource-policy/:resourcePolicyId/access-control", + verifyResourcePolicyAccess, + verifyUserHasAction(ActionsEnum.setResourcePolicyUsers), + verifyUserHasAction(ActionsEnum.setResourcePolicyRoles), + policy.setResourcePolicyAccessControl +); + authenticated.get( "/resource-policy/:resourcePolicyId/users", verifyResourcePolicyAccess, diff --git a/server/routers/integration.ts b/server/routers/integration.ts index 41557ba30..a68bcb555 100644 --- a/server/routers/integration.ts +++ b/server/routers/integration.ts @@ -30,7 +30,8 @@ import { verifyApiKeySetResourceClients, verifyLimits, verifyApiKeyDomainAccess, - verifyApiKeyResourcePolicyAccess + verifyApiKeyResourcePolicyAccess, + verifyUserHasAction } from "@server/middlewares"; import HttpCode from "@server/types/HttpCode"; import { Router } from "express"; @@ -619,6 +620,18 @@ authenticated.post( resource.setResourceUsers ); +authenticated.put( + "/resource-policy/:resourcePolicyId/access-control", + verifyApiKeyResourcePolicyAccess, + verifyApiKeyRoleAccess, + verifyLimits, + verifyUserHasAction(ActionsEnum.setResourcePolicyUsers), + verifyUserHasAction(ActionsEnum.setResourcePolicyRoles), + logActionAudit(ActionsEnum.setResourcePolicyUsers), + logActionAudit(ActionsEnum.setResourcePolicyRoles), + policy.setResourcePolicyAccessControl +); + authenticated.post( "/resource/:resourceId/roles/add", verifyApiKeyResourceAccess, diff --git a/server/routers/policy/index.ts b/server/routers/policy/index.ts index 8cd264925..9ad10eb45 100644 --- a/server/routers/policy/index.ts +++ b/server/routers/policy/index.ts @@ -1,2 +1,3 @@ export * from "./getResourcePolicy"; export * from "./updateResourcePolicy"; +export * from "./setResourcePolicyAccessControl"; diff --git a/server/routers/policy/setResourcePolicyAccessControl.ts b/server/routers/policy/setResourcePolicyAccessControl.ts index 98f43f5fa..926478db8 100644 --- a/server/routers/policy/setResourcePolicyAccessControl.ts +++ b/server/routers/policy/setResourcePolicyAccessControl.ts @@ -49,7 +49,7 @@ registry.registerPath({ responses: {} }); -export async function setResourceUsers( +export async function setResourcePolicyAccessControl( req: Request, res: Response, next: NextFunction diff --git a/src/components/resource-policy/EditPolicyForm.tsx b/src/components/resource-policy/EditPolicyForm.tsx index 16f85cdca..88c6ceafa 100644 --- a/src/components/resource-policy/EditPolicyForm.tsx +++ b/src/components/resource-policy/EditPolicyForm.tsx @@ -275,12 +275,11 @@ export function EditPolicyForm({ hidePolicyNameForm }: EditPolicyFormProps) { {/* Name */} {!hidePolicyNameForm && } - {/* */} + {/* ; allRoles: { id: string; text: string }[]; allUsers: { id: string; text: string }[]; allIdps: { id: number; text: string }[]; }; export function PolicyUsersRolesSection({ - form, allRoles, allUsers, allIdps }: PolicyUsersRolesSectionProps) { const t = useTranslations(); + + const { policy } = useResourcePolicyContext(); + + const form = useForm({ + resolver: zodResolver( + createPolicySchema.pick({ + sso: true, + skipToIdpId: true, + users: true, + roles: true + }) + ), + defaultValues: { + sso: policy.sso, + skipToIdpId: policy.idpId + } + }); + const ssoEnabled = useWatch({ control: form.control, name: "sso" }); const selectedIdpId = useWatch({ control: form.control,