Versions Compared

Old Version 1

changes.mady.by.user Pavel Filippov

Saved on

compared with

New Version Current

changes.mady.by.user Pavel Filippov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

Overview

Capabilities are created from message bus events.

When capability or capability set is created - mod-roles-keycloak sends application events to the subscriber stream to process the next steps asynchronously:

  1. Populating capabilities and capability sets for loadable roles in reference data

  2. Upgrading keycloak permissions for updated capabilities and capability sets

Loadable Roles event processing

Capability Application Event

  1. Retrieve permission from capability

  2. Find all LoadableRoles with a capability permission

  3. Assign capability to every LoadableRole by roleId using RoleCapabilityService

Capability Set Application Event

  1. Retrieve permission from capabilitySet

  2. Find all LoadableRoles with a capability set permission

  3. Assign capability set to every LoadableRole by roleId using RoleCapabilitySetService

Adding new default roles

  1. Define the JSON file with role-permissions relation objects for a Folio module:

    Code Block
    {
  "roles": [
    {
      "name": "{{roleName}}",
      "description": "{{role description}}",
      "permissions": [
        {{folio permissions, assigned to a role}}
      ]
    }
  ]
}

  2. Place this file into the following folder: https://github.com/folio-org/mod-roles-keycloak/tree/master/src/main/resources/reference-data/roles

  3. Create a pull-request for Eureka team with the new roles

  4. When it’s merged - the new default roles will appear at the next snapshot environment deployed with the latest version of mod-roles-keycloak