From 45ca734fc9b240db6447c3825a47f60df0426e05 Mon Sep 17 00:00:00 2001
From: juarez <d.juarez@dkfz-heidelberg.de>
Date: Tue, 14 Nov 2023 19:51:34 +0100
Subject: [PATCH] Added: Central Keycloak configuration based on groups

---
 CHANGELOG.md                            |  3 ++-
 docker/env.template.js                  |  4 +++-
 src/app/security/teiler-auth.service.ts | 13 +++++++++++++
 src/app/teiler/teiler.service.ts        | 19 ++++++++++++++++---
 src/assets/env.js                       | 10 ++++++----
 5 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f9f5460..3f8caf4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [1.0.0] - 2023-10-23
+## [1.0.0] - 2023-11-14
 ### Added
 - Init project
 - Prototype
@@ -54,6 +54,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Dockerignore
 - Gitignore
 - Default template variable for exporter and reporter
+- Central Keycloak configuration based on groups
 
 ## Fixed
 - Update teiler apps in sidebar
diff --git a/docker/env.template.js b/docker/env.template.js
index 4f588ba..460120d 100644
--- a/docker/env.template.js
+++ b/docker/env.template.js
@@ -17,7 +17,9 @@
     "TEILER_DASHBOARD_HTTP_RELATIVE_PATH": "${TEILER_DASHBOARD_HTTP_RELATIVE_PATH}",
     "TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH": "${TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH}",
     "REPORTER_DEFAULT_TEMPLATE_ID": "${REPORTER_DEFAULT_TEMPLATE_ID}",
-    "EXPORTER_DEFAULT_TEMPLATE_ID": "${EXPORTER_DEFAULT_TEMPLATE_ID}"
+    "EXPORTER_DEFAULT_TEMPLATE_ID": "${EXPORTER_DEFAULT_TEMPLATE_ID}",
+    "TEILER_USER": "${TEILER_USER}",
+    "TEILER_ADMIN": "${TEILER_ADMIN}"
   };
 
 })(this);
diff --git a/src/app/security/teiler-auth.service.ts b/src/app/security/teiler-auth.service.ts
index 4beef84..b6cd619 100644
--- a/src/app/security/teiler-auth.service.ts
+++ b/src/app/security/teiler-auth.service.ts
@@ -31,4 +31,17 @@ export class TeilerAuthService {
     return this.keycloakService.loadUserProfile();
   }
 
+  public getGroups(): string[] {
+    const keycloakInstance = this.keycloakService.getKeycloakInstance();
+    const result = keycloakInstance?.tokenParsed?.['groups'] || [];
+
+    return result.map((group: string) => {
+      if (typeof group === 'string' && group.charAt(0) === '/') {
+        return group.substring(1); // Remove the first character if it's '/'
+      }
+      return group;
+    });
+  }
+
+
 }
diff --git a/src/app/teiler/teiler.service.ts b/src/app/teiler/teiler.service.ts
index b63b6f9..72cfc20 100644
--- a/src/app/teiler/teiler.service.ts
+++ b/src/app/teiler/teiler.service.ts
@@ -93,11 +93,14 @@ export class TeilerService {
     let teilerAppRoles = new Set(teilerApp.roles);
     if (teilerAppRoles.size == 0) {
       isAuthorized = true;
-    } else if (teilerAppRoles.has(TeilerRole.TEILER_PUBLIC) && this.authService.getRoles().length == 0) {
+    //} else if (teilerAppRoles.has(TeilerRole.TEILER_PUBLIC) && this.authService.getRoles().length == 0) {
+    } else if (teilerAppRoles.has(TeilerRole.TEILER_PUBLIC)) {
       isAuthorized = true;
     } else {
-      for (let role of this.authService.getRoles()) {
-        if (teilerAppRoles.has(TeilerRole[role as keyof typeof TeilerRole])) {
+      //for (let role of this.authService.getRoles()) {
+      for (let role of this.authService.getGroups()) {
+        let mappedRole = this.fetchRoleFromEnvironment(role);
+        if (mappedRole != undefined && teilerAppRoles.has(mappedRole)) {
           return true;
         }
       }
@@ -106,6 +109,16 @@ export class TeilerService {
     return isAuthorized;
   }
 
+  fetchRoleFromEnvironment(role: string): TeilerRole | undefined {
+    if (role === environment.config.TEILER_USER) {
+      return TeilerRole.TEILER_USER;
+    } else if (role === environment.config.TEILER_ADMIN) {
+      return TeilerRole.TEILER_ADMIN;
+    } else {
+      return undefined; // Role doesn't match any enum values
+    }
+  }
+
   addTeilerDashboardApps(teilerDashboardApps: TeilerApp[]) {
 
     let embeddedTeilerAppsMap = new Map(this.allTeilerApps.map(teilerApp => [teilerApp.name, teilerApp]));
diff --git a/src/assets/env.js b/src/assets/env.js
index 26f4a5c..7002895 100644
--- a/src/assets/env.js
+++ b/src/assets/env.js
@@ -5,9 +5,9 @@
   window["env"]["teiler"]["config"] = {
     "DEFAULT_LANGUAGE": "DE",
     "TEILER_BACKEND_URL": "http://localhost:8085",
-    "KEYCLOAK_URL": "http://localhost:8380/login",
-    "KEYCLOAK_REALM": "teiler",
-    "KEYCLOAK_CLIENT_ID": "teiler",
+    "KEYCLOAK_URL": "https://login.verbis.dkfz.de",
+    "KEYCLOAK_REALM": "test-realm-01",
+    "KEYCLOAK_CLIENT_ID": "bridgehead-test",
     "TEILER_ADMIN_NAME": "Max Mustermann",
     "TEILER_ADMIN_EMAIL": "max.mustermann@teiler-example.com",
     "TEILER_ADMIN_PHONE": "+49 123 456789",
@@ -17,7 +17,9 @@
     "TEILER_DASHBOARD_HTTP_RELATIVE_PATH": "",
     "TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH": "",
     "REPORTER_DEFAULT_TEMPLATE_ID": "ccp-qb",
-    "EXPORTER_DEFAULT_TEMPLATE_ID": "ccp"
+    "EXPORTER_DEFAULT_TEMPLATE_ID": "ccp",
+    "TEILER_USER": "bridgehead-test",
+    "TEILER_ADMIN": "bridgehead-test-admin"
   };
 
 })(this);