Skip to content

UniversityOfHelsinkiCS/jami

BranchesTags

Repository files navigation

Release to staging

Jami

Jämpti autorisaatio mankeli IAM:eille

Running locally

Requirements: docker, npm

# Install dependencies
$ npm i
# Start the server (you can also use npm start)
$ docker compose up

Jami API should now be available at http://localhost:3000/. Configure the port for your needs in docker-compose.yml.

If you need the importer client to work locally (to fetch a person's Sisu roles), you will need an api-gw token. Check documentation in GitLab for information on how to get one. If you already have a token for Oodikone, you can use that. Otherwise, select "Oodikone" when creating a new token. Once you have the token, add it to the .env file like this:

IMPORTER_DB_API_TOKEN=your-token-here

API

POST /

  • Body
{
  "userId": "hy-hlo-12345678",
  "iamGroups": ["hy-employees", "grp-toska"]
}
  • Response
{
  "500-M009": {
    "read": true,
    "write": true,
    "admin": true
  },
  "T920101": {
    "read": true,
    "write": false,
    "admin": false
  },
  "specialGroup": {
    "superAdmin": true
  }
}

POST /user-organisations

  • Response
Array<Faculty>

GET /:userId

  • Response
{
  "id": "hy-hlo-12345678",
  "iamGroups": ["hy-employees", "grp-toska"],
}

GET /access-to-all

  • Response
{
  "500-M009": {
    "read": true,
    "write": true,
    "admin": true
  },
  "T920101": {
    "read": true,
    "write": true,
    "admin": true
  },
  // ...
  "specialGroup": {
    "allProgrammes": true
  }
}

GET /organisation-data

GET /all-access

  • Response: all user's iam groups and their computed access rights:
  [
    {
      "id": "hy-hlo-12345678",
      "iamGroups": ["hy-employees", "grp-toska"],
      "500-M009": {
        "read": true,
        "write": true,
        "admin": true
      },
      "T920101": {
        "read": true,
        "write": false,
        "admin": false
      },
      "specialGroup": {
        "superAdmin": true
      }
    },
    // ...
  ]

POST /access-and-special-groups

Like GET /all-access, but for a specified list of users. This endpoint also includes the information about full access to student data in Sisu.

NB! Might be slow for large amounts of users, if Sisu access info is not in the cache (currently stored for 24 hours).

  • Body
{
  "userIds": ["hy-hlo-12345678", ...],
}
  • Response
[
  {
    "id": "hy-hlo-12345678",
    "iamGroups": [
      "hy-employees",
      "grp-toska"
    ],
    "access": {},
    "specialGroup": {
      "superAdmin": true,
      "fullSisuAccess": true
    }
  },
  ...
]

GET /iam-groups

  • Response: all unique iam groups in Jami DB:
["grp-toska", "hy-employees"]

Other routes

GET /ping => pong

About

Service for UoH IAM authorization

Topics

hacktoberfest

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 45

Remove @helsinki.fi address from the new IAM Latest
Jul 4, 2024
+ 44 releases

Contributors 9

Languages