feat: remove public /permissions/me usage (#300)

Author: andrewwylde

cypress/e2e/specs/spec_renderer.spec.ts

@@ -1,3 +1,4 @@
+import { ProductActionsResponse } from '@kong/sdk-portal-js'
 import { product, versions } from '../fixtures/consts'
 import petstoreJson from '../fixtures/oas_specs/petstoreJson.json'
 import petstoreJson3 from '../fixtures/oas_specs/petstoreJson3.0.json'
@@ -330,18 +331,23 @@ describe('Spec Renderer Page', () => {
         rbac_enabled: true
       }).as('getPortalContext')
 
-      cy.intercept('GET', 'api/v2/portals/*/developers/me/permissions', {
+      const response: ProductActionsResponse = {
+        actions: {
+          register: false,
+          view: false,
+          view_documentation: false
+        }
+      }
+
+      cy.intercept('GET', '/api/v2/products/*/actions', {
         statusCode: 200,
-        body: [{
-          resource: 'krn:konnect:reg/*:org/*:portals/*/services/*',
-          actions: []
-        }],
+        body: response,
         delay: 300
-      }).as('getPermissions')
+      }).as('getProductActions')
 
       cy.visit(`/spec/${product.id}`)
 
-      cy.wait('@getPermissions')
+      cy.wait('@getProductActions')
 
       cy.get('[data-testid="forbidden"]').should('exist')
     })
@@ -351,39 +357,41 @@ describe('Spec Renderer Page', () => {
         rbac_enabled: true
       }).as('getPortalContext')
 
-      cy.intercept('GET', 'api/v2/portals/*/developers/me/permissions', {
+      const response: ProductActionsResponse = {
+        actions: {
+          register: true,
+          view: true,
+          view_documentation: true
+        }
+      }
+
+      cy.intercept('GET', '/api/v2/products/*/actions', {
         statusCode: 200,
-        body: [{
-          resource: 'krn:konnect:reg/*:org/*:portals/*/services/*',
-          actions: [
-            '#view',
-            '#consume'
-          ]
-        }],
+        body: response,
         delay: 300
-      }).as('getPermissions')
+      }).as('getProductActions')
 
       cy.visit(`/spec/${product.id}`)
 
-      cy.wait('@getPermissions')
+      cy.wait('@getProductActions')
 
       cy.get('[data-testid="kong-public-ui-spec-details-swagger"]', { timeout: 12000 })
         .get('.info h2').should('contain', 'Swagger Petstore')
 
       cy.get('[data-testid="register-button"]').should('exist')
     })
 
-    it('does not call developers/me/permissions if rbac not enabled', () => {
+    it('does not retrieve product actions if rbac not enabled', () => {
       cy.intercept('GET', '**/api/v2/portal', {
         rbac_enabled: false
       }).as('getPortalContext')
 
-      cy.intercept('get', 'api/v2/portals/*/developers/me/permissions', cy.spy().as('apiNotCalled'))
+      cy.intercept('get', '/api/v2/products/*/actions', cy.spy().as('apiNotCalled'))
 
       cy.visit(`/spec/${product.id}`)
 
       cy.get('[data-testid="kong-public-ui-spec-details-swagger"]', { timeout: 12000 })
-        .get('.info h2').should('contain', 'Swagger Petstore')
+      .get('.info h2').should('contain', 'Swagger Petstore')
 
       cy.get('[data-testid="register-button"]').should('exist')
 
@@ -405,12 +413,12 @@ describe('Spec Renderer Page', () => {
       cy.mockAppearance()
     })
 
-    it('allows seeing spec when portal is public and rbac enabled, does not call developers/me/permissions', () => {
+    it('allows seeing spec when portal is public and rbac enabled, does not retrieve product actions', () => {
       cy.intercept('GET', '**/portal_api/portal/portal_context', {
         rbac_enabled: true
       }).as('getPortalContext')
 
-      cy.intercept('get', 'api/v2/portals/*/developers/me/permissions', cy.spy().as('apiNotCalled'))
+      cy.intercept('get', '/api/v2/products/*/actions', cy.spy().as('apiNotCalled'))
 
       cy.visit(`/spec/${product.id}`)
 

package.json

@@ -32,7 +32,7 @@
     "@kong-ui-public/document-viewer": "0.10.5",
     "@kong-ui-public/spec-renderer": "0.13.1",
     "@kong/kong-auth-elements": "2.8.0",
-    "@kong/kongponents": "8.123.3",
+    "@kong/kongponents": "8.126.1",
     "@kong/sdk-portal-js": "2.3.6",
     "@xstate/vue": "2.0.0",
     "axios": "1.6.0",

src/components/AuthValidate.vue

@@ -87,10 +87,9 @@ export const portalRouter = () => {
                 name: 'spec',
                 meta: {
                   title: helpText.specTitle,
-                  isAuthorized: (route, { portalId }) => canUserAccess({
-                    service: 'konnect',
-                    action: '#view',
-                    resourcePath: `portals/${portalId}/services/${route.params.product}`
+                  isAuthorized: (route) => canUserAccess({
+                    action: 'view',
+                    productId: route.params.product
                   })
                 },
                 component: () => import('../views/Spec.vue')
@@ -100,10 +99,9 @@ export const portalRouter = () => {
                 name: 'api-documentation-page',
                 meta: {
                   title: helpText.docsTitle,
-                  isAuthorized: (route, { portalId }) => canUserAccess({
-                    service: 'konnect',
-                    action: '#view',
-                    resourcePath: `portals/${portalId}/services/${route.params.product}`
+                  isAuthorized: (route) => canUserAccess({
+                    action: 'view',
+                    productId: route.params.product
                   })
                 },
                 component: () => import('../views/ApiDocumentationPage.vue')

src/helpers/permissions.ts

@@ -1,5 +1,5 @@
 import useLDFeatureFlag from '@/hooks/useLDFeatureFlag'
-import { usePermissionsStore } from '@/stores'
+import { ProductAction, usePermissionsStore } from '@/stores'
 
 export const AUTH_ROUTES = {
   login: true,
@@ -18,7 +18,7 @@ export const PRIVATE_ROUTES = {
   ...AUTH_ROUTES
 }
 
-export function canUserAccess (krnArgs) {
+export function canUserAccess (krnArgs: { action: ProductAction; productId: string }) {
   const { canUserAccess } = usePermissionsStore()
 
   return canUserAccess(krnArgs)

src/router/index.ts

@@ -1,6 +1,4 @@
 import { authApi } from '@/services'
-import { usePermissionsStore, useAppStore } from '@/stores'
-import { storeToRefs } from 'pinia'
 
 /**
  * @typedef {Object} SessionUser
@@ -76,10 +74,6 @@ export default class SessionCookie {
   }
 
   async saveData (data: Record<string, any>, force = true) {
-    const appStore = useAppStore()
-    const permissionsStore = usePermissionsStore()
-    const { portalId, isRbacEnabled, isPublic } = storeToRefs(appStore)
-
     this.data = data
 
     const sessionExists = this.exists()
@@ -88,25 +82,6 @@ export default class SessionCookie {
     if (force || (!force && !sessionExists)) {
       localStorage.setItem(this.sessionName, this.encode(this.data))
     }
-
-    if (sessionExists && !isPublic.value && isRbacEnabled.value) {
-      try {
-        const { data: developerPermissions } = await authApi.client.get(`/api/v2/portals/${portalId.value}/developers/me/permissions`)
-
-        // response can be a JSON (object) or string
-        // when permissions feature flag is not enabled, string with HTTP 200 is returned
-        if (typeof developerPermissions === 'object') {
-          // Add permission krns to the store
-          await permissionsStore.addKrns({
-            krns: developerPermissions,
-            replaceAll: true
-          })
-        }
-      } catch (e) {
-        // eslint-disable-next-line no-console
-        console.error('Failed to fetch permissions', e)
-      }
-    }
   }
 
   getUser () {