feat: handle geographic roles for users

SocialGouv · Jun 21, 2024 · a214744 · a214744
1 parent 6536585
commit a214744
Show file tree

Hide file tree

Showing 4 changed files with 109 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -174,6 +174,25 @@ PUT /cm2d_users
 }
 ```
 
+### Mise en place des rôles
+
+En utilisant l'interface ELK, naviguez jusqu'à Stack Management > Security > Roles, et créez les rôles suivants (sans configuration particulière) :
+
+- region-france-entiere
+- region-ile-de-france
+- region-normandie
+- region-nouvelle-aquitaine
+- region-hauts-de-france
+- region-auverge-rhone-alpes
+- region-bourgogne-franche-comte
+- region-centre-val-de-loire
+- region-corse
+- region-grand-est
+- region-occitanie
+- region-pays-de-la-loire
+- region-provence-alpes-cote-dazur
+- region-bretagne
+
 ### Mise en place des transformations
 
 En utilisant l'interface ELK, naviguez jusqu'à Stack Management > Transform, et installez les indices de transformation suivants :

diff --git a/webapp-next/components/filters/Regions.tsx b/webapp-next/components/filters/Regions.tsx
@@ -1,6 +1,13 @@
 import { Cm2dContext } from '@/utils/cm2d-provider';
 import { ChevronDownIcon } from '@chakra-ui/icons';
-import { Flex, Menu, MenuButton, MenuItem, MenuList } from '@chakra-ui/react';
+import {
+  Flex,
+  Menu,
+  MenuButton,
+  MenuItem,
+  MenuList,
+  Text
+} from '@chakra-ui/react';
 import { useRouter } from 'next/router';
 import { useContext, useEffect, useState } from 'react';
 
@@ -21,14 +28,20 @@ export const RegionFilter = (props: Props) => {
     filters.region_departments
   );
 
-  let regionFilters: { label: string; value: string[] }[] = [
+  let regionFilters: { label: string; role: string; value: string[] }[] = [
     {
       label: 'Ile-de-France',
+      role: 'region-ile-de-france',
       value: ['75', '77', '78', '91', '92', '93', '94', '95']
     },
-    { label: 'Normandie', value: ['14', '27', '50', '61', '76'] },
+    {
+      label: 'Normandie',
+      role: 'region-normandie',
+      value: ['14', '27', '50', '61', '76']
+    },
     {
       label: 'Nouvelle-Aquitaine',
+      role: 'region-nouvelle-aquitaine',
       value: [
         '16',
         '17',
@@ -44,14 +57,19 @@ export const RegionFilter = (props: Props) => {
         '87'
       ]
     },
-    { label: 'Hauts-de-France', value: ['02', '59', '60', '62', '80'] }
+    {
+      label: 'Hauts-de-France',
+      role: 'region-hauts-de-france',
+      value: ['02', '59', '60', '62', '80']
+    }
   ];
 
   if (mode === 'dev') {
     regionFilters = [
       ...regionFilters,
       {
         label: 'Auvergne-Rhône-Alpes',
+        role: 'region-auverge-rhone-alpes',
         value: [
           '01',
           '03',
@@ -69,20 +87,29 @@ export const RegionFilter = (props: Props) => {
       },
       {
         label: 'Bourgogne-Franche-Comté',
+        role: 'region-bourgogne-franche-comté',
         value: ['21', '25', '39', '58', '70', '71', '89', '90']
       },
-      { label: 'Bretagne', value: ['22', '29', '35', '56'] },
+      {
+        label: 'Bretagne',
+        role: 'region-bretagne',
+        value: ['22', '29', '35', '56']
+      },
       {
         label: 'Centre-Val de Loire',
+        role: 'region-centre-val-de-loire',
         value: ['18', '28', '36', '37', '41', '45']
       },
-      { label: 'Corse', value: ['2A', '2B'] },
+      { label: 'Corse', role: 'region-corse', value: ['2A', '2B'] },
       {
         label: 'Grand Est',
+
+        role: 'region-grand-est',
         value: ['08', '10', '51', '52', '54', '55', '57', '67', '68', '88']
       },
       {
         label: 'Occitanie',
+        role: 'region-occitanie',
         value: [
           '09',
           '11',
@@ -99,9 +126,15 @@ export const RegionFilter = (props: Props) => {
           '82'
         ]
       },
-      { label: 'Pays de la Loire', value: ['44', '49', '53', '72', '85'] },
+      {
+        label: 'Pays de la Loire',
+        role: 'region-pays-de-la-loire',
+        value: ['44', '49', '53', '72', '85']
+      },
       {
         label: "Provence-Alpes-Côte d'Azur",
+
+        role: 'region-provence-alpes-cote-dazur',
         value: ['04', '05', '06', '13', '83', '84']
       }
     ];
@@ -115,11 +148,35 @@ export const RegionFilter = (props: Props) => {
     );
   };
 
+  const getUserRegions = () => {
+    if (
+      context.user &&
+      context.user.roles &&
+      context.user.roles.includes('region-france-entiere')
+    )
+      return regionFilters;
+
+    return regionFilters.filter(region => {
+      return (
+        region.role &&
+        context.user &&
+        context.user.roles &&
+        context.user.roles.includes(region.role)
+      );
+    });
+  };
+
   useEffect(() => {
     if (selectedFilter)
       setFilters({ ...filters, region_departments: selectedFilter });
   }, [selectedFilter]);
 
+  const userRegions = getUserRegions();
+
+  if (userRegions.length === 1) {
+    return <Text as="b">{userRegions[0].label}</Text>;
+  }
+
   return (
     <Menu>
       <MenuButton
@@ -137,7 +194,7 @@ export const RegionFilter = (props: Props) => {
         </Flex>
       </MenuButton>
       <MenuList zIndex={999}>
-        {regionFilters.map(filter => (
+        {getUserRegions().map(filter => (
           <MenuItem
             key={`option-${filter.value}`}
             defaultChecked={

diff --git a/webapp-next/pages/api/auth/user.ts b/webapp-next/pages/api/auth/user.ts
@@ -8,7 +8,6 @@ export default async function handler(
   res: NextApiResponse
 ) {
   if (req.method === 'GET') {
-
     const userCm2dApiKey = req.cookies['cm2d_api_key'];
 
     if (!userCm2dApiKey) return res.status(401).end('Unauthorized');
@@ -19,17 +18,35 @@ export default async function handler(
         apiKey: userCm2dApiKey
       },
       tls: {
-        ca: fs.readFileSync(
-          path.resolve(process.cwd(), './certs/ca/ca.crt')
-        ),
+        ca: fs.readFileSync(path.resolve(process.cwd(), './certs/ca/ca.crt')),
         rejectUnauthorized: false
       }
     });
 
     try {
       const user = await client.security.authenticate();
 
-      res.status(200).json(user);
+      const adminClient = new Client({
+        node: process.env.ELASTIC_HOST,
+        auth: {
+          username: process.env.ELASTIC_USERNAME as string,
+          password: process.env.ELASTIC_PASSWORD as string
+        },
+        tls: {
+          ca: fs.readFileSync(path.resolve(process.cwd(), './certs/ca/ca.crt')),
+          rejectUnauthorized: false
+        }
+      });
+
+      const userDetails = await adminClient.security.getUser({
+        username: user.username
+      });
+
+      let roles: string[] = [];
+      if (user.email && userDetails[user.email])
+        roles = userDetails[user.email].roles;
+
+      res.status(200).json({ ...user, roles });
     } catch (error) {
       res.status(401).end('Unauthorized');
     }

diff --git a/webapp-next/utils/cm2d-provider.tsx b/webapp-next/utils/cm2d-provider.tsx
@@ -29,6 +29,7 @@ export type User = {
   username?: string;
   email?: string;
   fullName?: string;
+  roles: string[];
 };
 
 type Cm2dContextType = {
@@ -108,7 +109,8 @@ export function Cm2dProvider({ children }: Cm2dProviderProps) {
           setUser({
             username: user.username,
             fullName: user.full_name,
-            email: user.email
+            email: user.email,
+            roles: user.roles.filter((r: string) => r !== 'viewer')
           });
         }
       })