Reference Data processing

Overview

Capabilities are created from message bus events.

When capability or capability set is created - mod-roles-keycloak sends application events to the subscriber stream to process the next steps asynchronously:

  1. Populating capabilities and capability sets for loadable roles in reference data

  2. Upgrading keycloak permissions for updated capabilities and capability sets

Loadable Roles event processing

Capability Application Event

  1. Retrieve permission from capability

  2. Find all LoadableRoles with a capability permission

  3. Assign capability to every LoadableRole by roleId using RoleCapabilityService

Capability Set Application Event

  1. Retrieve permission from capabilitySet

  2. Find all LoadableRoles with a capability set permission

  3. Assign capability set to every LoadableRole by roleId using RoleCapabilitySetService

Adding new default roles

  1. Define the JSON file with role-permissions relation objects for a Folio module:

    { "roles": [ { "name": "{{roleName}}", "description": "{{role description}}", "permissions": [ {{folio permissions, assigned to a role}} ] } ] }
  2. Place this file into the following folder: https://github.com/folio-org/mod-roles-keycloak/tree/master/src/main/resources/reference-data/roles

  3. Create a pull-request for Eureka team with the new roles

  4. When it’s merged - the new default roles will appear at the next snapshot environment deployed with the latest version of mod-roles-keycloak