@spotify/backstage-plugin-rbac 0.5.10 → 0.5.12

package/CHANGELOG.md

@@ -1,5 +1,24 @@
 # @spotify/backstage-plugin-rbac
 
+## 0.5.12
+
+### Patch Changes
+
+- Upgraded Backstage to v1.22.0
+- Minor UI fixes and improvements.
+- Updated dependency `@types/node` to `^20.0.0`.
+- Updated dependencies
+- Updated dependencies
+- Updated dependencies
+  - @spotify/backstage-plugin-rbac-common@0.5.10
+  - @spotify/backstage-plugin-core@0.5.9
+
+## 0.5.11
+
+### Patch Changes
+
+- Downgraded dependency `vanilla-jsoneditor` to `0.19.0`.
+
 ## 0.5.10
 
 ### Patch Changes

package/dist/esm/{Authorized-8bca4a90.esm.js → Authorized-ea25ddf4.esm.js}

@@ -1,2 +1,2 @@
-import{useApi as i}from"@backstage/core-plugin-api";import e from"react";import u from"react-use/lib/useAsync";import{r as m}from"./index-1291dce7.esm.js";function p({children:n,loading:l=null,unauthorized:o=null}){var r;const a=i(m),t=u(()=>a.authorize(),[]);return t.loading?e.createElement(e.Fragment,null,l):(r=t.value)!=null&&r.authorized?e.createElement(e.Fragment,null,n):e.createElement(e.Fragment,null,o)}export{p as A};
-//# sourceMappingURL=Authorized-8bca4a90.esm.js.map
+import{useApi as i}from"@backstage/core-plugin-api";import e from"react";import u from"react-use/lib/useAsync";import{r as m}from"./index-9f94edaa.esm.js";function p({children:n,loading:l=null,unauthorized:o=null}){var r;const a=i(m),t=u(()=>a.authorize(),[]);return t.loading?e.createElement(e.Fragment,null,l):(r=t.value)!=null&&r.authorized?e.createElement(e.Fragment,null,n):e.createElement(e.Fragment,null,o)}export{p as A};
+//# sourceMappingURL=Authorized-ea25ddf4.esm.js.map

package/dist/esm/RBACSidebarItem-6579d7e3.esm.js

@@ -0,0 +1,2 @@
+import t from"react";import e from"@material-ui/icons/Lock";import{SidebarItem as m}from"@backstage/core-components";import{A as i}from"./Authorized-ea25ddf4.esm.js";import"@backstage/core-plugin-api";import"react-use/lib/useAsync";import"./index-9f94edaa.esm.js";import"@spotify/backstage-plugin-rbac-common";import"@backstage/errors";function p({text:r="RBAC",...o}){return t.createElement(i,null,t.createElement(m,{icon:e,to:"rbac",text:r,...o}))}export{p as RBACSidebarItem};
+//# sourceMappingURL=RBACSidebarItem-6579d7e3.esm.js.map

package/dist/esm/Root-315d5957.esm.js

@@ -0,0 +1,3 @@
+import e,{createContext as Ie,useState as R,useCallback as k,useMemo as B,useContext as Oe,useEffect as G,Fragment as Be,useRef as ee,Children as Dt,isValidElement as Le,useReducer as Gn,useLayoutEffect as _n}from"react";import{useNavigate as q,Link as Yn,useParams as tt,Routes as Jn,Route as Me}from"react-router-dom";import{useApi as I,configApiRef as qn,alertApiRef as oe,useRouteRef as Kn,useApp as nt}from"@backstage/core-plugin-api";import ye from"react-use/lib/useAsync";import{isResourcePermission as rt,AuthorizeResult as F}from"@backstage/plugin-permission-common";import{r as H,a as Qn}from"./index-9f94edaa.esm.js";import{forEach as Xn,mapValues as Zn,groupBy as er,uniq as tr}from"lodash";import{Breadcrumbs as nr,Link as ie,Page as rr,Header as lr,Content as ar,EmptyState as Fe,Progress as ze,ErrorPanel as Nt,Table as or,ContentHeader as We,UserIcon as ir}from"@backstage/core-components";import Pt from"react-use/lib/useMount";import{makeStyles as C,Typography as h,Container as cr,Grid as O,Button as P,Card as te,CardContent as ge,Box as E,Chip as ce,Tooltip as he,List as sr,ListItem as Tt,ListItemIcon as se,ListItemText as Q,CardActions as mr,Dialog as me,DialogContent as ne,DialogTitle as He,TextField as ve,DialogActions as lt,CircularProgress as St,IconButton as _,Checkbox as be,TableRow as j,TableCell as D,debounce as dr,Table as je,TableHead as Ue,TableBody as Ve,Tabs as ur,Tab as pr,FormControl as Ce,InputLabel as de,Select as xe,MenuItem as U,Menu as At,FormControlLabel as Rt,FormHelperText as at,Popper as Er,Paper as ot,Divider as it,DialogContentText as fr,ButtonBase as yr,CardHeader as $t,ButtonGroup as gr,MenuList as ct,Input as kt,TableContainer as hr,Accordion as vr,AccordionSummary as br,AccordionDetails as Cr,CardActionArea as xr,Radio as wr}from"@material-ui/core";import{SpotifyLicenseBanner as Dr,useAutoUpdatingRelativeTime as Nr,invariant as Ge}from"@spotify/backstage-plugin-core";import ue from"react-use/lib/useAsyncFn";import Pr,{dump as Tr}from"js-yaml";import{PolicyConfigParser as _e,isConditionalDecision as Ye,isAllOfPermissionCriteria as Sr,isAnyOfPermissionCriteria as Ar,isNotPermissionCriteria as Rr,isMatchingPermission as $r,BackstageUserPlaceholder as we,RoleParser as kr,getMatchingRolePermissions as It,UpdateDraftRequestParser as Ir}from"@spotify/backstage-plugin-rbac-common";import{v4 as pe}from"uuid";import Ot from"lodash/keyBy";import Or from"lodash/isEqual";import Bt from"@material-ui/icons/ReportProblemOutlined";import Br from"@material-ui/icons/CalendarToday";import Lt from"@material-ui/icons/Person";import Lr from"@material-ui/icons/FiberManualRecord";import{DateTime as Je}from"luxon";import Mt from"react-use/lib/useLocalStorage";import{saveAs as Mr}from"file-saver";import Ft from"lodash/omit";import Fr from"lodash/pickBy";import st from"@material-ui/icons/Close";import zr from"@material-ui/icons/Publish";import Wr from"@material-ui/icons/FilterNone";import{parseEntityRef as re,DEFAULT_NAMESPACE as Hr}from"@backstage/catalog-model";import{humanizeEntityRef as jr,catalogApiRef as Ur}from"@backstage/plugin-catalog-react";import{Autocomplete as mt,Alert as zt,ToggleButton as Vr,ToggleButtonGroup as Gr}from"@material-ui/lab";import{List as _r}from"react-virtualized";import De from"@material-ui/icons/Delete";import Yr from"@material-ui/icons/Group";import Jr from"@material-ui/icons/GroupWork";import Wt from"@material-ui/icons/Info";import Ht from"ajv";import qr from"lodash/uniqBy";import{JSONEditor as Kr,isTextContent as Qr,createAjvValidator as Xr,Mode as Zr}from"vanilla-jsoneditor";import dt from"@material-ui/icons/Add";import el from"@material-ui/icons/Remove";import tl from"@material-ui/icons/Edit";import nl from"@material-ui/icons/Check";import rl from"@material-ui/icons/KeyboardArrowDown";import ll from"@material-ui/icons/KeyboardArrowUp";import al from"../images/no-permissions.svg";import ol from"../images/no-roles.svg";import il from"@material-ui/icons/MoreHoriz";import cl from"@material-ui/icons/Undo";import sl from"@material-ui/icons/Save";import ml from"@material-ui/icons/Settings";import dl from"@material-ui/icons/VerticalAlignTop";import ul from"@material-ui/icons/Clear";import pl from"@material-ui/icons/InfoOutlined";import El from"@material-ui/icons/AccountTreeOutlined";import fl from"@material-ui/icons/CheckSharp";import yl from"@material-ui/icons/NotInterested";import gl from"@material-ui/icons/ExpandMore";import{z as jt}from"zod";import{A as hl}from"./Authorized-ea25ddf4.esm.js";import"@backstage/errors";const Ut=Ie(null),vl=({children:t})=>{const n=I(qn),r=I(H),a=I(oe),[l,o]=R(null),i=k(async()=>{var c;if(!l){const m=await r.fetchAllPermissionMetadata((c=n.getOptionalStringArray("permission.permissionedPlugins"))!=null?c:[]),s=Cl(m.rules);Xn(s,u=>{u.length!==1&&a.post({message:`The plugin(s) ${u.slice(1).join(", ")} expose rules which are conflicting with rules exposed by the ${u[0]} plugin. These rules will not be available for use. Please contact RBAC support if you need assistance resolving this issue.`,severity:"error"})});const p=xl(m,s);return o(p),p}return l},[a,l,r,n]);return e.createElement(Ut.Provider,{value:B(()=>({getMetadata:i}),[i])},t)};function qe(){const t=Oe(Ut),{value:n,loading:r}=ye(async()=>t==null?void 0:t.getMetadata(),[t]);return{metadata:n,isLoading:r}}function Vt(){var t;const{metadata:n}=qe();return(t=n==null?void 0:n.rules)!=null?t:null}function Ne(){var t;const{metadata:n,isLoading:r}=qe();return{permissions:(t=n==null?void 0:n.permissions)!=null?t:null,isLoading:r}}function Gt(){const{metadata:t}=qe();return t?[...new Set(t.permissions.filter(n=>rt(n)).map(({resourceType:n})=>n))]:null}function bl(){const{metadata:t}=qe(),n=Gt();return!t||!n?null:n.reduce((r,a)=>{const l=t.rules.find(o=>o.resourceType===a);return l&&(r[a]={pluginId:l.pluginId}),r},{})}function Cl(t){return Zn(er(t,"resourceType"),n=>tr(n.map(({pluginId:r})=>r)))}function xl(t,n){return{...t,rules:t.rules.filter(({resourceType:r,pluginId:a})=>{const l=n[r];return a===l[0]})}}const wl=C(t=>({breadcrumbs:{marginBottom:t.spacing(4)}}));function Dl({pages:t}){const n=Kn(Qn),r=wl();return e.createElement(nr,{className:r.breadcrumbs},e.createElement(ie,{to:n()},"Home"),t.map(({title:a,path:l},o)=>l?e.createElement(ie,{to:l,key:l,relative:"path"},a):e.createElement(h,{key:`${o}`},a)))}function Ke({children:t,header:n,pages:r}){return e.createElement(rr,{themeId:"tool"},e.createElement(Dr,{backend:"rbac",invalidLicenseMessage:"Your existing policy will continue to apply, but you will be unable to make any changes until you enter a valid license."}),e.createElement(lr,{title:"Role Based Access Control"}),e.createElement(ar,null,e.createElement(cr,{maxWidth:"lg"},e.createElement(O,{container:!0,spacing:4},e.createElement(O,{item:!0,xs:12},r&&e.createElement(Dl,{pages:r}),n),t))))}const _t=Ie({hasDraftPolicy:!1,policies:void 0,setPolicies:()=>{},setPolicy:()=>{},getPolicy:()=>{},removePolicy:()=>{}}),Qe=()=>Oe(_t);function Nl({children:t,initialState:n={policies:void 0,cache:{}}}){const[r,a]=R(n),l=k(m=>{a(s=>({...s,policies:m,cache:Yt(s.cache,m)}))},[]),o=k(m=>r.cache[m],[r.cache]),i=k(m=>a(s=>({...s,cache:{...s.cache,[m]:void 0},policies:void 0})),[]),c=k(m=>a(s=>({...s,policies:void 0,cache:Yt(s.cache,[m])})),[]);return e.createElement(_t.Provider,{value:B(()=>{var m;return{hasDraftPolicy:((m=r.policies)==null?void 0:m.some(({status:s})=>s==="draft"))||!1,policies:r.policies,setPolicies:l,setPolicy:c,getPolicy:o,removePolicy:i}},[r.policies,l,c,o,i])},t)}function Yt(t,n){if(!n)return t;const r={...t};return n.forEach(a=>{r[a.id]=a}),r}const Pe=()=>{const t=I(H),{setPolicies:n,policies:r}=Qe(),[{loading:a,error:l},o]=ue(()=>t.getPolicies(),[t],r?{loading:!1,value:{items:r,totalItems:r.length}}:{loading:!0}),i=k(async()=>{const c=await o();n(c.items)},[o,n]);return{loading:a,error:l,fetchPolicies:i}};function Pl(){const t=I(H),n=q(),r=I(oe);function a(l){var o,i;const c=(i=(o=l.target)==null?void 0:o.files)==null?void 0:i[0],m=new FileReader;c&&(m.readAsText(c,"utf-8"),m.onload=async s=>{var p,u;const d=(u=(p=s.target)==null?void 0:p.result)==null?void 0:u.toString();if(d){let x=null;try{x=Pr.load(d)}catch{r.post({message:"YAML file is invalid",severity:"error"});return}const f=_e.safeParse(x);if(!f.success){r.post({message:"Imported policy is invalid",severity:"error"});return}const y=f.data;if((await t.getPolicies()).items.some(w=>w.status==="draft")){r.post({message:"Unable to import new policy due to existing draft policy",severity:"error"});return}const g=await t.createDraft(y);n(`./versions/${g.id}`),r.post({message:"Policy imported successfully",severity:"success"})}})}return e.createElement(P,{variant:"outlined",color:"primary",component:"label"},"Import",e.createElement("input",{role:"input",type:"file",hidden:!0,onChange:a,accept:".yaml"}))}const Tl=C(t=>({cardContent:{padding:t.spacing(6,3),"& > *":{background:"transparent"}}}));function Sl(){const t=Tl(),n=I(H),r=q(),[a,l]=ue(async()=>n.createDraft({roles:[],options:{resolutionStrategy:"any-allow"}}),[n]);return G(()=>{a.value&&r(`./versions/${a.value.id}`)},[r,a.value]),e.createElement(te,null,e.createElement(ge,{className:t.cardContent},e.createElement(Fe,{missing:"content",title:"No policy configured",description:e.createElement(e.Fragment,null,e.createElement(E,{component:"span",display:"block",pb:2},"Until you've configured your policy, authorization will be denied for all permissions."),e.createElement(E,{component:"span",display:"block"},"Click the button below to create the first version of your policy.")),action:e.createElement(P,{variant:"contained",color:"primary",disabled:a.loading,onClick:l},"New version")})))}function Al(t){var n,r;return((r=(n=t==null?void 0:t.body)==null?void 0:n.response)==null?void 0:r.statusCode)===404}const Rl=(t,n)=>{const r={resolutionStrategy:{operation:"UNCHANGED",before:t==null?void 0:t.resolutionStrategy,after:n==null?void 0:n.resolutionStrategy}};for(const a of Object.keys(r)){const l=a;r[l].before!==r[l].after&&(r[l].operation="CHANGED")}return r},ut=(t,n)=>{const r=Object.entries(t);for(const[,a]of r){const l=n(a);for(const[,o]of r){const i=n(o);i.operation!=="ADDED"&&i.operation!=="REMOVED"&&(l.operation==="ADDED"&&l.indexAfter<i.indexAfter?i.indexBefore+=1:l.operation==="REMOVED"&&l.indexBefore<i.indexBefore&&(i.indexBefore-=1))}}for(const[,a]of r){const l=n(a);l.operation==="UNCHANGED"&&l.indexAfter!==l.indexBefore&&(l.operation=l.indexAfter>l.indexBefore?"MOVED_DOWN":"MOVED_UP")}return t},pt=(t,n)=>{if(t==="*")return n==="*"?{"*":{operation:"UNCHANGED",after:"*",before:"*",indexAfter:0,indexBefore:0}}:{"*":{operation:"REMOVED",after:null,before:"*",indexAfter:-1,indexBefore:0},...Object.fromEntries(n.map((a,l)=>[a,{operation:"ADDED",after:a,before:null,indexAfter:l,indexBefore:-1}]))};if(n==="*")return{"*":{operation:"ADDED",after:"*",before:null,indexAfter:0,indexBefore:-1},...Object.fromEntries(t.map((a,l)=>[a,{operation:"REMOVED",after:null,before:a,indexAfter:-1,indexBefore:l}]))};const r=Object.fromEntries(n.map((a,l)=>[a,{operation:"ADDED",after:a,before:null,indexAfter:l,indexBefore:-1}]));for(let a=0;a<t.length;a++){const l=t[a];r[l]?(r[l].before=l,r[l].indexBefore=a,r[l].operation="UNCHANGED"):r[l]={operation:"REMOVED",after:null,before:l,indexAfter:-1,indexBefore:a}}return ut(r,a=>a)},Et=(t,n)=>{const r=Ot(n,"id"),a=Object.fromEntries(n.map((l,o)=>[l.id,{operation:"ADDED",indexAfter:o,indexBefore:-1,after:l,before:null}]));for(let l=0;l<t.length;l++){const o=t[l];if(a[o.id]){const i=!Or(o,r[o.id]);a[o.id].before=o,a[o.id].indexBefore=l,a[o.id].operation=i?"CHANGED":"UNCHANGED"}else a[o.id]={operation:"REMOVED",after:null,before:o,indexAfter:-1,indexBefore:l}}return ut(a,l=>l)},$l=(t=[],n=[])=>{const r=Ot(n,"id"),a=Object.fromEntries(n.map((l,o)=>[l.id,{role:{operation:"ADDED",indexAfter:o,indexBefore:-1,after:l,before:null},members:pt([],l.members),permissions:Et([],l.permissions)}]));for(let l=0;l<t.length;l++){const o=t[l];if(r[o.id]){const i=r[o.id],c=pt(o.members,i.members),m=Et(o.permissions,i.permissions),s=Object.values(m).some(({operation:d})=>d!=="UNCHANGED"),p=Object.values(c).some(({operation:d})=>d!=="UNCHANGED"),u=o.name!==i.name||s||p;a[o.id].role.before=o,a[o.id].role.indexBefore=l,a[o.id].role.operation=u?"CHANGED":"UNCHANGED",a[o.id].members=c,a[o.id].permissions=m}else a[o.id]={role:{operation:"REMOVED",after:null,before:o,indexAfter:-1,indexBefore:l},members:pt(o.members,[]),permissions:Et(o.permissions,[])}}return ut(a,({role:l})=>l)},kl=(t,n)=>{const r=$l((t==null?void 0:t.roles)||[],n.roles||[]),a=Rl(t==null?void 0:t.options,n.options),l=(t==null?void 0:t.name)!==n.name,o=Object.values(a).some(({operation:i})=>i!=="UNCHANGED");return{policy:{operation:l||o?"CHANGED":"UNCHANGED",before:t,after:n},roles:r,options:a}},Jt=t=>{const n=I(H),{value:r,loading:a,error:l}=ye(()=>n.getActivePolicy(),[n]);return B(()=>t&&!a&&!l?kl(r,t):null,[r,t,a,l])},Il=C(t=>({chip:{margin:0},icon:{color:t.palette.success.main}}));function qt(t){const n=Il();return t.status==="inactive"?null:t.status==="draft"?e.createElement(ce,{className:n.chip,label:"Draft",size:t.size}):e.createElement(ce,{className:n.chip,classes:{icon:n.icon},label:"Active",icon:e.createElement(Lr,null),size:t.size})}const Ol=(t,n)=>{switch(n){case"ADDED":return t.palette.success.main;case"REMOVED":return t.palette.errorText;case"CHANGED":return t.palette.infoText;case"MOVED_UP":case"MOVED_DOWN":return t.palette.infoText;case"UNCHANGED":default:return t.palette.text.primary}},Bl=t=>{switch(t){case"ADDED":return"success";case"REMOVED":return"error";case"CHANGED":return"info";case"MOVED_UP":case"MOVED_DOWN":return"info";case"UNCHANGED":default:return"info"}},Ll=t=>{switch(t){case"ADDED":return"New";case"REMOVED":return"Removed";case"CHANGED":return"Changed";case"MOVED_UP":return"Moved up";case"MOVED_DOWN":return"Moved down";case"UNCHANGED":default:return"No changes"}};function Ml(t){var n;return Ye(t.decision)?"Conditional":(n={allow:"Allow",deny:"Deny"}[t.decision])!=null?n:"Unknown"}function ft(t){var n;if(t.match==="*")return"All";if(t.match.name)return t.match.name;const r=[];return t.match.resourceType&&r.push(t.match.resourceType),(n=t.match.actions)!=null&&n.length&&r.push(t.match.actions.join(", ")),r.join(" | ")}const Fl=C(t=>({root:({operation:n})=>({color:Ol(t,n)})})),W=t=>e.createElement(h,{...t,variant:"body2"}),N=t=>{const n=Fl(t);return e.createElement(E,{...t,className:n.root,component:"span",fontWeight:"fontWeightBold"})},Kt=({policy:t})=>{var n,r,a,l;const o=Jt(t),i=(o==null?void 0:o.policy.operation)==="CHANGED"||Object.values((n=o==null?void 0:o.roles)!=null?n:{}).some(u=>u.role.operation!=="UNCHANGED")||((r=o==null?void 0:o.options)==null?void 0:r.resolutionStrategy.operation)==="CHANGED";if(!o||!i)return e.createElement(E,null,"No changes");const c=!!o.policy.before&&!!o.policy.after&&o.policy.before.name!==o.policy.after.name,m=o.options.resolutionStrategy.operation==="CHANGED",s=({before:u,after:d})=>u&&d&&u.name!==d.name,p=({operation:u})=>u!=="ADDED"&&u!=="REMOVED";return e.createElement(E,null,c&&e.createElement(W,null,"Policy name ",e.createElement(N,{operation:"CHANGED"},"changed")," from"," ",e.createElement(N,null,'"',(a=o.policy.before)==null?void 0:a.name,'"')," to"," ",e.createElement(N,null,'"',(l=o.policy.after)==null?void 0:l.name,'"')),m&&e.createElement(W,null,"Resolution Strategy ",e.createElement(N,{operation:"CHANGED"},"changed")," ","from ",e.createElement(N,null,'"',o.options.resolutionStrategy.before,'"')," to"," ",e.createElement(N,null,'"',o.options.resolutionStrategy.after,'"')),Object.entries(o.roles).map(([u,{role:d,permissions:x,members:f}])=>{var y,g,w,S,T,z;return e.createElement(Be,{key:u},d.operation==="ADDED"&&e.createElement(W,null,"Role ",e.createElement(N,null,'"',(y=d.after)==null?void 0:y.name,'"')," has been"," ",e.createElement(N,{operation:"ADDED"},"added")),d.operation==="REMOVED"&&e.createElement(W,null,"Role ",e.createElement(N,null,'"',(g=d.before)==null?void 0:g.name,'"')," has been"," ",e.createElement(N,{operation:"REMOVED"},"removed")),s(d)&&e.createElement(W,null,"Role name changed from ",e.createElement(N,null,'"',(w=d.before)==null?void 0:w.name,'"')," ","to ",e.createElement(N,null,'"',(S=d.after)==null?void 0:S.name,'"')),d.indexAfter>d.indexBefore&&d.indexBefore!==-1&&e.createElement(W,null,"Role ",e.createElement(N,null,'"',(T=d.after)==null?void 0:T.name,'"')," has been"," ",e.createElement(N,{operation:"MOVED_DOWN"},"moved down")," in priority"),d.indexAfter<d.indexBefore&&d.indexAfter!==-1&&e.createElement(W,null,"Role ",e.createElement(N,null,'"',(z=d.after)==null?void 0:z.name,'"')," has been"," ",e.createElement(N,{operation:"MOVED_UP"},"moved up")," in priority"),p(d)&&e.createElement(e.Fragment,null,Object.entries(x).map(([M,b])=>{var A,v,$,L,le;const{before:X,after:Ee}=b,ae=X&&ft(X),Z=Ee&&ft(Ee);return e.createElement(Be,{key:M},b.operation==="ADDED"&&b.after&&e.createElement(W,null,"Permission decision"," ",e.createElement(N,null,'"',Z,'"')," has been"," ",e.createElement(N,{operation:"ADDED"},"added")," to"," ",e.createElement(N,null,'"',(A=d.after)==null?void 0:A.name,'"')),b.operation==="REMOVED"&&b.before&&e.createElement(W,null,"Permission decision"," ",e.createElement(N,null,'"',ae,'"')," has been"," ",e.createElement(N,{operation:"REMOVED"},"removed")," ","from ",e.createElement(N,null,'"',(v=d.after)==null?void 0:v.name,'"')),b.operation==="CHANGED"&&e.createElement(W,null,ae!==Z?e.createElement(e.Fragment,null,"Permission decision"," ",e.createElement(N,null,'"',ae,'"')," has been"," ",e.createElement(N,{operation:"CHANGED"},"updated")," ","to ",e.createElement(N,null,'"',Z,'"')):e.createElement(e.Fragment,null,"Permission decision"," ",e.createElement(N,null,'"',ae,'"')," has been"," ",e.createElement(N,{operation:"CHANGED"},"updated"))," ","in ",e.createElement(N,null,'"',($=d.after)==null?void 0:$.name,'"')),b.indexAfter>b.indexBefore&&b.indexBefore!==-1&&e.createElement(W,null,"Permission decision"," ",e.createElement(N,null,'"',Z,'"')," has been"," ",e.createElement(N,{operation:"MOVED_DOWN"},"moved down")," ","in priority in"," ",e.createElement(N,null,'"',(L=d.after)==null?void 0:L.name,'"')),b.indexAfter<b.indexBefore&&b.indexAfter!==-1&&e.createElement(W,null,"Permission decision"," ",e.createElement(N,null,'"',Z,'"')," has been"," ",e.createElement(N,{operation:"MOVED_UP"},"moved up")," ","in priority in"," ",e.createElement(N,null,'"',(le=d.after)==null?void 0:le.name,'"')))}),Object.entries(f).map(([M,b])=>{var A,v;return e.createElement(Be,{key:M},b.operation==="ADDED"&&b.after&&e.createElement(W,null,"Member ",e.createElement(N,null,'"',b.after,'"')," has been"," ",e.createElement(N,{operation:"ADDED"},"added")," to"," ",e.createElement(N,null,'"',(A=d.after)==null?void 0:A.name,'"')),b.operation==="REMOVED"&&b.before&&e.createElement(W,null,"Member ",e.createElement(N,null,'"',b.before,'"')," has been"," ",e.createElement(N,{operation:"REMOVED"},"removed")," from"," ",e.createElement(N,null,'"',(v=d.after)==null?void 0:v.name,'"')))})))}))},zl=C(()=>({root:{display:"inline-flex"}})),Qt=({timestamp:t,description:n})=>{const r=zl(),a=Je.fromISO(t).toLocaleString(Je.DATETIME_FULL),l=Nr(t),o=n?`${n}${l}`:l;return e.createElement("span",{className:r.root},e.createElement(he,{title:a},e.createElement(h,{component:"span",display:"inline",variant:"inherit"},o)))};function Xt(t,n,r){var a,l;let o=n.created,i=t.createdBy;r!=null&&r.created&&(i=r.created+i);let c=t.createdAt;return t.status==="active"?(o=n.published,i=(a=t.lastPublishedBy)!=null?a:"",r!=null&&r.published&&(i=r.published+i),c=(l=t.lastPublishedAt)!=null?l:""):t.createdAt!==t.updatedAt&&(o=n.updated,i=t.updatedBy,r!=null&&r.updated&&(i=r.updated+i),c=t.updatedAt),{activityDateText:o,activityUser:i,timestamp:c}}const Wl=C(t=>({card:n=>({backgroundImage:n.policy.status==="active"?"linear-gradient(256.15deg, #00782A 19.77%, #1DB954 100%)":"linear-gradient(256.15deg, #BDBDBD 19.77%, #EEEEEE 100%)",backgroundPosition:"top",backgroundSize:"100% 8px",backgroundRepeat:"no-repeat",paddingTop:"8px",height:"100%"}),diffSummaryContainer:{backgroundColor:t.palette.background.default,padding:t.spacing(2),borderWidth:"1px",borderStyle:"solid",borderColor:t.palette.divider,borderRadius:t.shape.borderRadius},header:{display:"flex",justifyContent:"space-between",alignItems:"center"},detailsHeader:{...t.typography.body1,paddingTop:t.spacing(2),color:t.palette.text.secondary},activityList:{color:t.palette.text.secondary},activityListItem:{padding:0},actions:{justifyContent:"flex-start"}}));function Te(t){const n=Wl(t),{policy:r,to:a,withChangeSummary:l}=t,o=`${r.name} ${r.status==="draft"?"- Draft":""}`,i={created:"Created: ",published:"Published: ",updated:"Updated: "},c={created:"Created by ",published:"Published by ",updated:"Updated by "},{activityDateText:m,activityUser:s,timestamp:p}=Xt(r,i,c);return e.createElement(te,{className:n.card},e.createElement(ge,null,e.createElement("div",{className:n.header},a?e.createElement(ie,{to:`versions/${r.id}`},e.createElement(h,{variant:"h5",component:"h1"},o)):e.createElement(h,{variant:"h5",component:"h1"},o),r.status==="active"?e.createElement(qt,{status:"active",size:"small"}):null),r.description?e.createElement(h,{variant:"body1",color:"textSecondary"},'"',r.description,'"'):null,e.createElement(h,{component:"h2",className:n.detailsHeader},"Details"),e.createElement(sr,{className:n.activityList},e.createElement(Tt,{className:n.activityListItem},e.createElement(se,null,e.createElement(Br,null)),e.createElement(Q,{primary:e.createElement(Qt,{timestamp:p,description:m})})),e.createElement(Tt,{className:n.activityListItem},e.createElement(se,null,e.createElement(Lt,null)),e.createElement(Q,{primary:s}))),l&&e.createElement(E,{paddingTop:2},e.createElement(h,{gutterBottom:!0,variant:"subtitle2"},"What's changed"),e.createElement(E,{className:n.diffSummaryContainer},e.createElement(Kt,{policy:r})))),t.actions?e.createElement(mr,{className:n.actions},t.actions):null)}const Hl=C(t=>({icon:{color:t.palette.warning.main,width:"2rem",height:"2rem"},label:{align:"center",display:"block",marginBottom:t.spacing(1),color:t.palette.text.secondary,fontSize:t.typography.caption.fontSize},policiesContainer:{display:"flex",gap:t.spacing(4),marginTop:t.spacing(4),marginBottom:t.spacing(4)},button:{marginTop:t.spacing(4)}})),jl=({localPolicy:t,onSelectLocalPolicy:n,onSelectServerPolicy:r,serverPolicy:a})=>{const l=Hl();return e.createElement(me,{open:!0,maxWidth:"md"},e.createElement(ne,null,e.createElement(E,{display:"flex",flexDirection:"column",gridGap:8},e.createElement(E,{display:"flex",justifyContent:"center"},e.createElement(Bt,{className:l.icon})),e.createElement(h,{align:"center",variant:"h6"},"There is a conflict with your drafts"),e.createElement(E,null,e.createElement(h,{align:"center"},"A newer version of the draft you are trying to edit has been recently saved."),e.createElement(h,{align:"center"},"Please review the changes and decide on a version to keep."))),e.createElement(E,{className:l.policiesContainer},e.createElement(E,{alignItems:"center",display:"flex",flexDirection:"column",flex:"1 1 0%"},e.createElement(h,{className:l.label,variant:"button"},"Your local draft"),e.createElement(Te,{policy:t,withChangeSummary:!0}),e.createElement(P,{className:l.button,color:"primary",onClick:n,variant:"outlined"},"Keep local draft")),e.createElement(E,{alignItems:"center",display:"flex",flexDirection:"column",flex:"1 1 0%"},e.createElement(h,{className:l.label,variant:"button"},"Recently saved draft"),e.createElement(Te,{policy:a,withChangeSummary:!0}),e.createElement(P,{className:l.button,color:"primary",onClick:r,variant:"outlined"},"Keep recently saved draft")))))},Ul=({serverPolicy:t,localPolicy:n})=>!n||!t?{policy:t,policyConflict:!1}:t.status!=="draft"?{policy:t,policyConflict:!1}:n.id!==t.id?{policy:t,policyConflict:!1}:n.updatedAt===t.updatedAt?{policy:n,policyConflict:!1}:{policy:n,policyConflict:!0},Vl=()=>Mt("@spotify/backstage-plugin-rbac:draftPolicy");function Zt(t){const n=new Blob([Gl(t)],{type:"text/yaml"});Mr(n,`${(t.name||"policy").toLocaleLowerCase().replace(/\W/g,"-")}.yaml`)}function Gl(t){const{name:n,roles:r,options:a,description:l}=t;return`# this is an autogenerated file, do not edit
+${Tr(Fr({name:n,description:l,options:a,roles:r.map(({permissions:o,...i})=>({...Ft(i,["id"]),permissions:o.map(c=>Ft(c,["id"]))}))},o=>o!==null||o!==void 0))}`}const _l=C(t=>({icon:{color:t.palette.warning.main,width:"2rem",height:"2rem"}})),Yl=({onConfirm:t,policy:n})=>{const r=_l(),a=()=>{Zt(n)};return e.createElement(me,{open:!0},e.createElement(ne,null,e.createElement(E,{display:"flex",flexDirection:"column",gridGap:16},e.createElement(E,{display:"flex",flexDirection:"column",gridGap:4},e.createElement(E,{display:"flex",justifyContent:"center"},e.createElement(Bt,{className:r.icon})),e.createElement(h,{align:"center",variant:"h6"},"Invalid local draft")),e.createElement(E,{display:"flex",flexDirection:"column",gridGap:8},e.createElement(h,{align:"center"},"You have a local draft that is no longer compatible or has become corrupted."),e.createElement(h,{align:"center"},"Click export to download your draft. You can attempt to restore your draft by importing this file on the RBAC home page."),e.createElement(h,{align:"center"},"Clicking continue will discard your draft."," ",e.createElement(E,{component:"span",fontWeight:"fontWeightBold"},"This action cannot be undone."))),e.createElement(E,{display:"flex",justifyContent:"center",gridGap:8,marginY:3},e.createElement(P,{color:"primary",onClick:a,variant:"outlined"},"Export"),e.createElement(P,{color:"primary",onClick:t,variant:"contained"},"Discard and continue")))))};function yt(){const t=I(H),n=I(oe),r=ue(async(l,o,i)=>{if(l)return await t.publishPolicy(l.id,{description:o,update:i}),t.getPolicy(l.id)},[]),[{error:a}]=r;return G(()=>{a&&n.post({message:a.message,severity:"error"})},[a,n]),r}const Jl=C(t=>({closeButton:{color:t.palette.text.secondary},diffSummaryContainer:{backgroundColor:t.palette.background.default,marginBottom:t.spacing(2)}}));function gt({open:t,onPublish:n,onClose:r,policy:a}){const[l,o]=R(!1),i=Jl(),c=ee(null),m=async()=>{var s,p;o(!0),await n((p=(s=c.current)==null?void 0:s.value)!=null?p:""),o(!1)};return e.createElement(me,{open:t,onClose:r,fullWidth:!0},e.createElement(He,null,e.createElement(E,{display:"flex",justifyContent:"space-between",alignItems:"center"},"Ready to publish?",e.createElement(P,{startIcon:e.createElement(st,null),onClick:r,className:i.closeButton},"Close")),e.createElement(h,null,"Double check your changes, then click Publish to activate this version of your policy. This will immediately apply the permissions defined in this version across Backstage.")),e.createElement(ne,{className:i.diffSummaryContainer,dividers:!0},e.createElement(Kt,{policy:a})),e.createElement(ne,null,e.createElement(ve,{variant:"outlined",fullWidth:!0,label:"Summary (optional)",placeholder:"Briefly describe this version (or changes from a previous version)",inputRef:c})),e.createElement(lt,null,e.createElement(P,{color:"primary",onClick:m,disabled:l},l?e.createElement(St,{size:20}):"Publish")))}const ql=C(t=>({paper:{padding:t.spacing(2,2,0,2)}})),ht=({isOpen:t,onClose:n,policy:r})=>{const a=ql();return e.createElement(me,{classes:{...a},open:t,onClose:n},e.createElement(He,{disableTypography:!0},e.createElement(E,{display:"flex",flexDirection:"row"},e.createElement(E,null,e.createElement(h,{variant:"h4",component:"h2"},"Success!"),e.createElement(h,null,r.name," has been published and is now your active policy.")),e.createElement(E,null,e.createElement(_,{onClick:n,title:"Close dialog"},e.createElement(st,null))))),e.createElement(ne,null,e.createElement(Te,{policy:r})),e.createElement(lt,null,e.createElement(E,{display:"flex",flexDirection:"row",flexGrow:1,justifyContent:"flex-start"},e.createElement(P,{component:Yn,color:"primary",onClick:n,role:"link",to:"/rbac"},"View all versions"))))},Kl={canPublish:!1,diff:null,hasChanges:!1,isValid:!1,policy:void 0,createNewRole:()=>"",discardLocalDraft:()=>{},exportPolicy:()=>{},publish:()=>{},saveLocalDraftToServer:()=>Promise.reject(),saveAndPublish:()=>Promise.reject(),refetchPolicy:()=>Promise.reject(),updateLocalDraft:()=>{}},en=Ie(Kl),Y=()=>Oe(en);function Xe({children:t,policyId:n}){const r=q(),a=I(oe),l=I(H),{getPolicy:o,setPolicy:i}=Qe(),c=nt(),{NotFoundErrorPage:m}=c.getComponents(),[s,p]=R({active:!1,update:!1}),[u,d]=R(!1),[{loading:x,value:f},y]=yt(),g=o(n),[w,S,T]=Vl(),z=!w||_e.safeParse(w).success,M=z?w:void 0,{policy:b,policyConflict:A}=Ul({serverPolicy:g,localPolicy:M}),v=Jt(b),$=_e.safeParse(b).success,L=$&&!M&&!x,[{loading:le,error:X},Ee]=ue(()=>l.getPolicy(n),[l,n],g?{loading:!1,value:g}:{loading:!0}),ae=()=>{p({active:!0,update:!1})},Z=()=>{p({active:!0,update:!0})},K=k(async()=>{const V=await Ee();i(V)},[Ee,i]),Ln=k(async V=>{await y(b,V,s.update?b:void 0),p({active:!1,update:!1}),K==null||K()},[b,s,y,p,K]),Mn=async()=>{d(!1)},Fn=()=>{S(V=>V&&g&&{...V,updatedAt:g.updatedAt})},zn=k(async()=>{if(!b)throw new Error("No policy to save");try{await l.updateDraft(b.id,{name:b.name,roles:b.roles,options:b.options}),a.post({message:"Policy saved",severity:"success"}),T(),K==null||K()}catch(V){a.post({message:(V==null?void 0:V.message)||"An error occurred while updating the policy",severity:"error"})}},[a,l,b,K,T]),Wn=k(()=>{if(!b)throw new Error("No policy to create a new role");const V=new Set(b.roles.map(Vn=>Vn.id));let fe;do fe=pe().split("-")[0];while(V.has(fe));const Un={name:`Role ${fe}`,permissions:[],members:"*",id:fe};return S({...b,roles:[...b.roles,Un]}),fe},[b,S]),Hn=()=>{T(),r("/rbac")},jn=()=>{b&&Zt(b)};return G(()=>{g||K()},[K,g]),G(()=>{f&&d(!0)},[f]),z?b?e.createElement(en.Provider,{value:{canPublish:L,diff:v,hasChanges:!!M,isValid:$,policy:b,createNewRole:Wn,discardLocalDraft:T,exportPolicy:jn,publish:ae,saveLocalDraftToServer:zn,refetchPolicy:K,updateLocalDraft:S,saveAndPublish:Z}},A&&M&&g&&e.createElement(jl,{localPolicy:M,onSelectLocalPolicy:Fn,onSelectServerPolicy:T,serverPolicy:g}),e.createElement(gt,{open:s.active,onClose:()=>p({active:!1,update:!1}),onPublish:Ln,policy:b}),f&&e.createElement(ht,{isOpen:u,onClose:Mn,policy:f}),t):le?e.createElement(ze,null):X?Al(X)?e.createElement(m,null):e.createElement(Nt,{error:X!=null?X:new Error("Unknown")}):null:e.createElement(Yl,{onConfirm:Hn,policy:w})}function Ql(t){throw new Error("Invalid state")}function vt(){const t=I(H),n=I(oe),r=q(),{fetchPolicies:a}=Pe();return ue(async l=>{if(!l)return;const{roles:o,name:i,options:c}=l;try{const m=await t.createDraft({roles:o,options:c,name:i});return await a(),r(`/rbac/versions/${m.id}`),m}catch(m){throw m instanceof Error&&n.post({message:m.message,severity:"error"}),m}},[r,t,n,a])}const Xl=[{title:"Name",field:"name",render:t=>e.createElement(ie,{to:`versions/${t.id}`},t.name)},{title:"Status",field:"status",render:t=>{switch(t.status){case"active":return"Active";case"draft":return"Draft";case"inactive":return"Inactive";default:return Ql(t.status)}}},{title:"Publish date",field:"lastPublishedAt",render:t=>t.lastPublishedAt?Je.fromISO(t.lastPublishedAt).toLocaleString(Je.DATETIME_MED_WITH_SECONDS):"",type:"datetime",defaultSort:"desc"},{title:"Published by",field:"lastPublishedBy"}];function Zl(t){const n=t.data.length>3,{fetchPolicies:r}=Pe(),[{loading:a},l]=vt(),[{loading:o,value:i},c]=yt(),[m,s]=R(void 0),[p,u]=R(!1),d=()=>{s(void 0),r()},x=(m==null?void 0:m.id)===(i==null?void 0:i.id)?i:void 0,f=[y=>{const{tableData:g,...w}=y;return{icon:zr,tooltip:"Republish",onClick:()=>{s(w),u(!0)},disabled:o}},y=>{const{tableData:g,...w}=y;return{icon:Wr,tooltip:"Duplicate",disabled:a||!t.canDuplicate,onClick:()=>l(w)}}];return e.createElement(e.Fragment,null,e.createElement(or,{title:"Previous Versions",columns:Xl,data:t.data,options:{paging:n,pageSize:3,pageSizeOptions:[3,5,10,20],actionsColumnIndex:-1,loadingType:"linear"},actions:f}),m&&e.createElement(gt,{open:p,onPublish:y=>{c(m,y),u(!1)},onClose:()=>{s(void 0),u(!1)},policy:m}),x&&e.createElement(ht,{isOpen:!0,policy:x,onClose:d}))}const ea=t=>{const[n,r]=R(!1),{fetchPolicies:a}=Pe(),[{loading:l,value:o},i]=yt(),{policy:c,hasChanges:m}=Y(),s=_e.safeParse(c).success,p=!m&&s,u=async x=>{await i(c,x),r(!1)},d=()=>{a()};return e.createElement(e.Fragment,null,e.createElement(P,{...t,onClick:()=>r(!0),disabled:!p||l},"Publish"),e.createElement(gt,{open:n,onClose:()=>r(!1),onPublish:u,policy:c}),o&&e.createElement(ht,{isOpen:!0,onClose:d,policy:o}))};function ta(t){const n=I(H),r=I(oe),{fetchPolicies:a}=Pe();return ue(async()=>{if(t)return n.deleteDraft(t.id).then(a).catch(l=>(r.post({message:l.message,severity:"error"}),Promise.reject(l)))},[t])}function na({policies:t}){const n=t.find(s=>s.status==="draft"),r=t.find(s=>s.status==="active"),[a,l]=vt(),[o,i]=ta(n),c=q(),m=ra(t);return e.createElement(O,{container:!0,spacing:4},r?e.createElement(O,{item:!0,xs:12,md:6},e.createElement(Te,{policy:r,to:`./versions/${r.id}`,actions:e.createElement(P,{color:"primary",disabled:a.loading||!!n,onClick:()=>l(r)},"Duplicate")})):null,n?e.createElement(O,{item:!0,xs:12,md:6},e.createElement(Te,{policy:n,to:`./versions/${n.id}`,actions:e.createElement(e.Fragment,null,e.createElement(P,{onClick:()=>c(`versions/${n.id}`),color:"primary"},"Edit"),e.createElement(P,{color:"primary",disabled:o.loading,onClick:i},"Delete Draft"),e.createElement(Xe,{policyId:n.id},e.createElement(ea,{color:"primary"})))})):null,e.createElement(O,{item:!0,xs:12},e.createElement(Zl,{data:m,canDuplicate:!n})))}function ra(t){return t.filter(({status:n})=>n==="inactive")}function la(){const{policies:t}=Qe(),{loading:n,error:r,fetchPolicies:a}=Pe();Pt(()=>{t||a()});let l;return n?l=e.createElement(O,{item:!0,xs:12},e.createElement(ze,null)):r?l=e.createElement(Nt,{error:r}):!t||t.length===0?l=e.createElement(Sl,null):l=e.createElement(na,{policies:t}),e.createElement(Ke,{pages:void 0,header:e.createElement(We,{title:"RBAC Policies"},e.createElement(Pl,null))},l)}const aa=C(t=>({titleWrapper:{display:"flex",alignItems:"center",gap:t.spacing(2)}}));function tn({children:t}){const n=aa();return e.createElement(h,{noWrap:!0,variant:"h4",component:"h2",color:"textSecondary",className:n.titleWrapper},t)}const oa=e.forwardRef(function({children:t,role:n,...r},a){const l=B(()=>{const i=[];return Dt.forEach(t,c=>{if(Le(c)){const m=c.props.children[0];Le(m)&&i.push(m);const s=c.props.children[1];if(Le(s)){const p=Dt.toArray(s.props.children).filter(Le);i.push(...p)}}}),i},[t]),o=l.length;return e.createElement("div",{ref:a},e.createElement("ul",{...r},e.createElement(_r,{height:250,width:250,rowHeight:54,overscanCount:5,rowCount:o,rowRenderer:i=>e.cloneElement(l[i.index],{style:{...i.style,whiteSpace:"nowrap"}}),role:n})))}),ia=C({autocomplete:{display:"flex",flex:1}});function ca({members:t,options:n,namespaceOptions:r,loading:a=!1,disabled:l=!1,isMultiNamespaces:o=!1,onTextChange:i,onToggleMember:c,onChange:m}){const[s,p]=R(!1),u=ia(),[d,x]=Gn(g=>g+1,0),f=(g,w)=>{w&&(c(w),x())};G(()=>{s&&i("")},[s,i]);const y=o?r.concat((n==null?void 0:n.members)||[]):(n==null?void 0:n.members)||[];return e.createElement(E,{width:250},e.createElement(mt,{key:`${d}`,open:s,onOpen:()=>{p(!0)},onClose:()=>{p(!1)},onChange:f,getOptionLabel:Se,groupBy:sa,ListboxComponent:oa,renderOption:g=>e.createElement(e.Fragment,null,e.createElement(be,{id:`checkbox-${g.entityRef}`,checked:t.includes(g.entityRef),color:"primary"}),e.createElement("label",{htmlFor:`checkbox-${g.entityRef}`},o?Se(g,!1):Se(g))),options:y,openOnFocus:!0,disabled:l,loading:a,className:u.autocomplete,renderInput:g=>e.createElement(ve,{...g,label:o?"Select members":"Select specific users/groups",variant:"standard",onChange:m,InputProps:{...g.InputProps,endAdornment:e.createElement(e.Fragment,null,a?e.createElement(St,{color:"inherit",size:20}):null,g.InputProps.endAdornment)}})}))}function Se(t,n=!0){var r;const a=re(t.entityRef);return a.name==="*"?a.namespace:jr({...a,name:(r=t.name)!=null?r:a.name},{defaultKind:a.kind,defaultNamespace:n?Hr:!1})}const nn={user:"USERS",group:"GROUPS",namespace:"NAMESPACES"};function sa(t){const{name:n,kind:r}=re(t.entityRef),a=n==="*"?"namespace":r;if(!nn[a])throw new Error(`Group '${a}' is not supported for members in a policy`);return nn[a]}function rn(t,n){switch(n){case"small":return t.typography.caption;case"medium":return t.typography.body1;case"large":return t.typography.subtitle1;default:return t.typography.caption}}function ln(t){switch(t){case"small":return .2;case"medium":return .3;case"large":return 1;default:return .8}}const ma=C(t=>({root:{display:"inline-flex",fontWeight:"bold",borderRadius:"1000px",margin:t.spacing(1),padding:t.spacing(0,1)},message:({size:n})=>({fontSize:rn(t,n).fontSize,font:rn(t,n).font,verticalAlign:"middle",padding:t.spacing(ln(n),0,ln(n),0)})}),{name:"MuiAlert"});function an(t){var n;const r=ma({size:t.size||"small"});return e.createElement(zt,{classes:{root:r.root,message:r.message},role:"textbox",severity:t.severity,icon:(n=t.icon)!=null?n:!1,variant:t.outlined?"outlined":"standard",title:t.text},t.text)}const Ae=t=>{const n=Ll(t.operation);return!t.operation||t.operation==="UNCHANGED"?null:e.createElement(an,{size:t.size,text:n,severity:Bl(t.operation),outlined:!0})},da=C(t=>({actionCol:{width:48},typeIconCol:{paddingRight:"0.4rem"},nameCol:{paddingLeft:0},typeIcon:{color:t.palette.grey[500]}}));function ua({diff:t,loading:n,isMultiNamespaces:r,members:a,error:l,onToggleMember:o,readonly:i=!1}){const c=da();if(n)return e.createElement(j,null,e.createElement(D,{scope:"row",colSpan:i?4:5},e.createElement(ze,null)));if(l&&l.message!=null,a==="*")return e.createElement(j,null,e.createElement(D,{colSpan:2,height:80},"All"),e.createElement(D,{colSpan:i?2:3},e.createElement(Ae,{operation:t==null?void 0:t.members["*"].operation})));if(a.length===0)return e.createElement(j,null,e.createElement(D,{scope:"row",colSpan:i?4:5},"Select users or groups using the drop-down menu above."));const m=a.sort((s,p)=>{let u=0;r&&p.name==="*"&&s.name!=="*"?u=1:r&&s.name==="*"&&p.name!=="*"&&(u=-1);const d=s.type.localeCompare(p.type),x=re(s.entityRef).namespace.localeCompare(re(p.entityRef).namespace),f=re(s.entityRef).name.localeCompare(re(p.entityRef).name);return u||d||x||f});return e.createElement(e.Fragment,null,m.map(s=>{var p;const{name:u,type:d,entityRef:x}=s;return e.createElement(j,{key:x},e.createElement(D,{className:c.typeIconCol},d==="group"&&e.createElement(Yr,{className:c.typeIcon})||r&&u==="*"&&e.createElement(Jr,{className:c.typeIcon})||e.createElement(Lt,{className:c.typeIcon})),e.createElement(D,{scope:"row",className:c.nameCol},(p=r?Se(s,!1):Se(s))!=null?p:"Unknown"),e.createElement(D,{scope:"row"},u==="*"&&r?"namespace":d),e.createElement(D,null,u&&e.createElement(Ae,{operation:t==null?void 0:t.members[x].operation})),!i&&e.createElement(D,{scope:"row",className:c.actionCol},e.createElement(_,{"aria-label":"delete",onClick:()=>o(s),size:"small"},e.createElement(De,null))))}))}const on=Ie({loading:!1}),pa=({children:t})=>{const n=I(H),r=ye(async()=>await n.searchMembers({query:""}),[n]);return e.createElement(on.Provider,{value:r},t)},Ea=()=>Oe(on),fa=C(()=>({header:{display:"flex",flexDirection:"row",justifyContent:"space-between",paddingLeft:"1rem",paddingRight:"1rem",gap:"1rem"},actionCol:{width:48},typeIconCol:{paddingRight:"0.4rem"},nameCol:{paddingLeft:0}}));function ya({diff:t,policyId:n,role:r,onToggleMember:a,readonly:l=!1,debounceTime:o=1e3}){const i=I(H),c=I(Ur),m=fa(),s=r.members==="*",[p,u]=R(""),{current:d}=ee({}),x=v=>{d[v.entityRef]=v,a(v.entityRef)},f=v=>{var $;if(d[v])return d[v];const L=re(v);return{entityRef:v,type:L.kind.toLowerCase(),name:($=L.name)!=null?$:v}},{value:y,loading:g}=Ea(),{loading:w,value:S}=ye(async()=>{const v=await c.getEntityFacets({facets:["metadata.namespace"]}).then($=>$.facets["metadata.namespace"].map(L=>L.value));return ga(v)},[c]),T=S?(S==null?void 0:S.length)>1:!1,z=S?S.filter(v=>v.entityRef.toLowerCase().includes(p)):[],M=B(()=>dr(v=>{u(v.target.value.toLowerCase())},o),[u,o]),{loading:b,error:A}=ye(async()=>{r.members==="*"||r.members.length===0||(await i.getPolicy(n)).roles.find(v=>v.id===r.id)===void 0||r.members.forEach(v=>{const $=f(v);d[$.entityRef]=$})},[n,s]);return e.createElement(e.Fragment,null,e.createElement("div",{className:m.header},e.createElement("h2",null,"Members"),e.createElement(ca,{onToggleMember:x,members:r.members,disabled:l,options:y,namespaceOptions:z,isMultiNamespaces:T,loading:g||w,onTextChange:u,onChange:M})),e.createElement(je,null,e.createElement(Ue,null,e.createElement(j,null,e.createElement(D,{className:m.typeIconCol}),e.createElement(D,{className:m.nameCol},"Name"),e.createElement(D,null,"Type"),e.createElement(D,null),!l&&e.createElement(D,{className:m.actionCol}))),e.createElement(Ve,null,e.createElement(ua,{diff:t,loading:b||w,isMultiNamespaces:T,error:A,members:Array.isArray(r.members)?r.members.map(f):r.members,onToggleMember:x,readonly:l}))))}function ga(t){return t.map(n=>({name:"*",type:"user",entityRef:`user:${n}/*`})).sort((n,r)=>n.entityRef.toLowerCase().localeCompare(r.entityRef.toLowerCase()))}function cn(t){return`${t.palette.primary.main}50`}const ha=C(t=>({indicator:{right:"unset"},tab:{maxWidth:"none","&.Mui-selected":{backgroundColor:cn(t),color:t.palette.primary.main}}}));function va({options:t,selected:n,onChange:r,readonly:a=!1}){const l=ha();return e.createElement(ur,{orientation:"vertical",value:t.map(({id:o})=>o).indexOf(n),onChange:(o,i)=>r(t[i].id),indicatorColor:"primary",TabIndicatorProps:{className:l.indicator}},t.map(o=>e.createElement(pr,{key:o.id,label:o.displayText.toUpperCase(),className:l.tab,disabled:a})))}const ba=["condition","anyOf","allOf","not"],sn={condition:"Condition",anyOf:"Any of",allOf:"All of",not:"Not"};function bt(t){return t===null?!1:t.hasOwnProperty("id")&&t.hasOwnProperty("ruleName")&&t.hasOwnProperty("parameters")}function Re(t){return t.hasOwnProperty("levelType")}function Ca(t){return t==="anyOf"||t==="allOf"||t==="not"}function xa(t){return t?{id:t.id,match:wa(t),decisionType:Da(t),criteria:Ye(t.decision)?$e(t.decision.conditions):null}:{id:pe(),match:{method:"specificPermission"},decisionType:"allow",criteria:null}}function wa(t){var n;return t.match==="*"?{method:"all"}:t.match.name?{method:"specificPermission",name:t.match.name}:t.match.resourceType||(n=t.match.actions)!=null&&n.length?{method:"filter",resourceType:t.match.resourceType,actions:t.match.actions}:{method:"specificPermission"}}function Da(t){return typeof t.decision=="string"?t.decision:"conditional"}function $e(t){const n=pe();return Sr(t)?{id:n,levelType:"allOf",children:t.allOf.map(r=>$e(r))}:Ar(t)?{id:n,levelType:"anyOf",children:t.anyOf.map(r=>$e(r))}:Rr(t)?{id:n,levelType:"not",children:[$e(t.not)]}:{id:n,ruleName:t.rule,parameters:t.params}}function mn(t,n){if(!t)return!1;if(Re(t))return t.children.length>0&&t.children.every(a=>mn(a,n));if(!t.ruleName)return!1;const r=n==null?void 0:n.find(({name:a})=>a===t.ruleName);return r?r.paramsSchema?new Ht({allErrors:!0}).compile(r.paramsSchema)(t.parameters):!0:!1}function Na(t,n,r){return{id:t,match:dn(n,r),decision:r}}function dn({method:t,...n},r){return t==="all"?"*":r&&Ye(r)?{resourceType:r.resourceType,...n}:n}function Ct(t){return bt(t)?{rule:t.ruleName,params:t.parameters}:t.levelType==="not"?{not:Ct(t.children[0])}:{[t.levelType]:t.children.map(n=>Ct(n))}}const Pa=C(t=>({toggleButton:{"&.Mui-selected":{backgroundColor:cn(t),color:t.palette.primary.main},"&.Mui-selected:hover":{backgroundColor:"#97BBE8"},color:t.palette.primary.main,border:`1px solid ${t.palette.primary.main}`}}));function xt({className:t,...n}){const r=Pa();return e.createElement(Vr,{className:`${r.toggleButton} ${t}`,...n})}const Ta=C({fullWidth:{width:"100%","& > *":{flexGrow:1}}});function Sa({className:t,fullWidth:n,...r}){const a=Ta();return e.createElement(Gr,{className:`${n?a.fullWidth:""} ${t}`,...r})}function Aa(t,n){const r=(t!=null?t:[]).filter(o=>$r(o,dn(n))),a=qr(r,o=>rt(o)?o.resourceType:void 0),l=a.length===1&&rt(a[0])?a[0].resourceType:void 0;return{permissions:r,commonResourceType:l}}const Ra=C(()=>({fullWidth:{width:"100%","& > *":{flexGrow:1}}})),un="Permission name";function $a({name:t="",readonly:n,onNameChange:r}){const a=Ra(),{permissions:l}=Ne();return e.createElement(Ce,{className:a.fullWidth,variant:"outlined",disabled:n},e.createElement(de,{id:"match-by-name-dropdown"},un),e.createElement(xe,{labelId:"match-by-name-dropdown",label:un,value:l?t:"",onChange:o=>r==null?void 0:r(o.target.value)},l==null?void 0:l.map(o=>e.createElement(U,{key:o.name,value:o.name},o.name))))}const ka=C(()=>({fullWidth:{width:"100%","& > *":{flexGrow:1}}})),pn="Resource type";function Ia({resourceType:t="",readonly:n,onResourceTypeChange:r}){const a=ka(),l=Gt();return e.createElement(Ce,{className:a.fullWidth,variant:"outlined",disabled:n},e.createElement(de,{id:"match-by-resource-dropdown"},pn),e.createElement(xe,{labelId:"match-by-resource-dropdown",label:pn,value:l?t:"",onChange:o=>r==null?void 0:r(o.target.value),displayEmpty:!0},l==null?void 0:l.map(o=>e.createElement(U,{key:o,value:o},o))))}const Oa="Action";function Ba({actions:t,readonly:n,onActionsChange:r}){return e.createElement(mt,{multiple:!0,id:"match-by-attribute-dropdown",options:["create","read","update","delete"],getOptionLabel:a=>a,value:t!=null?t:[],onChange:(a,l)=>r==null?void 0:r(l),filterSelectedOptions:!0,renderInput:a=>e.createElement(ve,{...a,variant:"outlined",label:Oa,placeholder:"Choose attributes",margin:"normal"}),disabled:n})}const La=C(()=>({root:{fontFamily:"monospace"}})),En=({children:t})=>{const n=La();return e.createElement(h,{variant:"body2",className:n.root},t)},Ma=C(t=>({rule:{color:t.palette.type==="light"?"#EB0014":"#FF8F9C"},parameters:{color:t.palette.type==="light"?"#E22134":"#EE96A0"}}));function fn({condition:t}){const n=Ma();return e.createElement(En,null,e.createElement(E,{component:"span",className:n.rule},t.ruleName,"(",e.createElement(E,{component:"span",className:n.parameters},JSON.stringify(t.parameters,null,1)),")"))}const Fa=({children:t})=>e.createElement(E,{pl:2},t);function yn({level:t}){return e.createElement(e.Fragment,null,e.createElement(En,null,sn[t.levelType]),e.createElement(Fa,null,t.children.map((n,r)=>Re(n)?e.createElement(yn,{key:r,level:n}):e.createElement(fn,{key:r,condition:n}))))}const za=C(t=>({resultsBox:{border:`1px solid ${t.palette.border}`,borderRadius:t.shape.borderRadius,padding:t.spacing(2)}}));function Wa({permissionCriteria:t}){const n=za();return e.createElement(E,{className:n.resultsBox},bt(t)&&e.createElement(fn,{condition:t}),Re(t)&&e.createElement(yn,{level:t}))}const Ha=C(t=>({conditionResultText:{color:t.palette.success.main},conditionDecisionText:{padding:`0 0 ${t.spacing(3)}px`}}));function gn({permissionCriteria:t}){const n=Ha();return e.createElement("div",null,e.createElement(h,{component:"p",variant:"body1",className:n.conditionDecisionText},"If the below conditions are met then the action is"," ",e.createElement("strong",{className:n.conditionResultText},"allowed.")),e.createElement(Wa,{permissionCriteria:t}))}const ja=C(()=>({addButton:{paddingLeft:40,paddingRight:40}}));function hn({onSelect:t}){const n=ja(),r=ee(null),[a,l]=R(!1),o=()=>{l(i=>!i)};return e.createElement("div",null,e.createElement(P,{className:n.addButton,variant:"outlined",color:"primary",onClick:o,ref:r},"Add"),e.createElement(At,{anchorEl:r.current,open:a,onClose:o,BackdropProps:{}},ba.map(i=>e.createElement(U,{key:i,onClick:()=>{t==null||t(i),l(!1)}},sn[i]))))}const Ua=C(t=>({editor:{"--jse-main-border":`1px solid ${t.palette.divider}`,"--jse-panel-border":`1px solid ${t.palette.divider}`,"--jse-message-error-background":t.palette.error.main,"--jse-message-warning-background":t.palette.warning.main,"--jse-background-color":t.palette.background.default,"--jse-panel-background":t.palette.background.default,"--jse-delimiter-color":t.palette.type==="light"?"rgba(0, 0, 0, 0.38)":"rgba(255, 255, 255, 0.38)","--jse-error-color":t.palette.text.primary,"--jse-key-color":t.palette.text.primary,"--jse-value-color":t.palette.text.primary,"--jse-text-color":t.palette.text.primary,"--jse-panel-color-readonly":t.palette.text.hint,"--jse-value-color-string":t.palette.status.ok,"--jse-value-color-null":t.palette.status.warning,"--jse-value-color-number":t.palette.status.error,"--jse-value-color-boolean":t.palette.status.running,"--jse-font-family":"inherit"}})),Va=t=>"parseError"in t,Ga=t=>{var n;return t?Va(t)?!!t.parseError:((n=t==null?void 0:t.validationErrors)==null?void 0:n.length)>0:!1};function _a({onChange:t,schema:n,value:r}){const a=ee(null),l=ee(),o=Ua();return G(()=>(a.current&&!l.current&&(l.current=new Kr({target:a.current,props:{onChange:(i,c,{contentErrors:m})=>{!Ga(m)&&Qr(i)&&t(JSON.parse(i.text))},validator:Xr({schema:n}),content:{json:{}},mainMenuBar:!1,mode:Zr.text}})),()=>{var i;(i=l.current)==null||i.destroy(),l.current=void 0}),[t,n]),Pt(()=>{var i;(i=l.current)==null||i.updateProps({content:{json:r}})}),e.createElement("div",{ref:a,className:o.editor,style:{height:300}})}const Ya=[];function Ja(t){const{onChange:n,schema:r,name:a}=t,{description:l,items:o}=r,[i,c]=e.useState(!1),m=Array.isArray(t.value)?t.value:Ya,s=m.includes(we),p=(g,w)=>{if(!Array.isArray(w)){const S=[...m];S[g]=w||"",n(S)}},u=k(()=>{n([...m,""])},[n,m]),d=g=>{n(m.filter((w,S)=>S!==g))},x=()=>{n(s?[]:[we])},f=()=>{s&&c(!0)},y=()=>{c(!1)};return G(()=>{m.length?s&&m.length>1&&n([we]):u()},[u,n,m,s]),!o||!("type"in o)?null:e.createElement(e.Fragment,null,(m!=null?m:[]).map((g,w,{length:S})=>e.createElement(bn,{allowEmptyStrings:!0,key:w,onChange:T=>p(w,T),name:w===0?a:"",schema:{description:w===S-1?l:"",type:o.type},value:g,controls:e.createElement(_,{size:"small",onClick:()=>d(w)},e.createElement(el,null))})),!!(m!=null&&m.length)&&e.createElement(E,{alignItems:"center",display:"flex",flexDirection:"row",justifyContent:"space-between"},e.createElement(E,null,e.createElement(Rt,{control:e.createElement(be,{checked:s,onChange:x,name:"checkedB",color:"primary"}),label:"Use the claims from the logged in users token"})),e.createElement(E,null,e.createElement(he,{onClose:y,onOpen:f,open:i,title:"To add additional entries you must uncheck using the claims from the logged in user."},e.createElement("span",null,e.createElement(_,{disabled:s,size:"small",onClick:u},e.createElement(dt,null)))))))}function qa(t){const{onChange:n,schema:r,name:a,value:l}=t,{description:o}=r;return e.createElement(E,{mb:1},e.createElement(Rt,{control:e.createElement(be,{checked:l===!0,onChange:i=>{n(i.target.checked)},name:a,color:"primary"}),label:a}),o&&e.createElement(h,{display:"block",variant:"caption",color:"textSecondary"},o))}function Ka({allowEmptyStrings:t,controls:n,name:r,onChange:a,schema:l,value:o}){const i=c=>{a(Xa({value:c.currentTarget.value,type:l.type}))};return e.createElement(E,{mb:1},e.createElement(E,{display:"flex",gridGap:6},e.createElement(ve,{fullWidth:!0,id:r,label:r,placeholder:"Enter",variant:"outlined",size:"small",value:Qa(o,t),onChange:wt(o,t)?void 0:i,disabled:wt(o,t)}),n&&e.createElement(E,{alignSelf:"center"},n)),l.description&&e.createElement(h,{variant:"caption",color:"textSecondary"},l.description,wt(o)&&!t&&e.createElement(e.Fragment,null," (switch to JSON editor to edit)")))}function wt(t,n=!1){return!n&&t===""||t===null||t===we}function Qa(t,n=!1){return!n&&t===""?"[empty string]":t===null?"[null]":t===we?"[BackstageUserClaims]":t||""}function Xa({value:t,type:n}){switch(n){case"string":return t===""?void 0:t;case"number":case"integer":return Number.isNaN(Number(t))?void 0:Number(t);case"null":return t==="null"?null:void 0;default:return}}function vn(t){return!!t&&"type"in t&&(t.type==="array"||t.type==="boolean"||t.type==="null"||t.type==="number"||t.type==="integer"||t.type==="string")}function Za(t){return"type"in t&&t.type==="array"}function eo(t){return"type"in t&&t.type==="boolean"}function bn({schema:t,...n}){return vn(t)?Za(t)?e.createElement(Ja,{...n,schema:t}):eo(t)?e.createElement(qa,{...n,schema:t}):e.createElement(Ka,{...n,schema:t}):null}const to=new Ht({allErrors:!0});function no({onChange:t,schema:n,value:r}){var a;const l=B(()=>to.compile(n),[n]),o=B(()=>l(r),[l,r]),i=Object.entries(n.properties),c=m=>s=>{t({...r,[m]:s})};return e.createElement(e.Fragment,null,i.map(([m,s])=>{var p;return e.createElement(bn,{isRequired:((p=n.required)==null?void 0:p.includes(m))||!1,key:m,name:m,onChange:c(m),schema:s,value:r==null?void 0:r[m]})}),e.createElement(at,{error:!o},(a=l.errors)==null?void 0:a[0].message))}const ro=t=>!!t&&"properties"in t;function lo({onChange:t,rule:n,value:r}){const[a,l]=R(!1),{paramsSchema:o}=n!=null?n:{},i=()=>l(p=>!p);if(!ro(o))return null;const c=!ao(o),m=c||a,s=e.createElement(P,{size:"small",onClick:i,disabled:c},m?"Close editor":"Edit as JSON");return e.createElement(E,{marginTop:2},e.createElement("form",null,m?e.createElement(_a,{onChange:t,schema:o,value:r}):e.createElement(e.Fragment,null,e.createElement(E,{marginBottom:2},e.createElement(de,null,"Parameters")),e.createElement(no,{onChange:t,schema:o,value:r}))),e.createElement(E,{display:"flex",flexDirection:"column",alignItems:"flex-end",marginTop:1},c?e.createElement(he,{title:"Only JSON editing is supported for this parameter",arrow:!0},e.createElement("span",null,s)):s))}function ao(t){return Object.values(t.properties).every(vn)}const oo=C(t=>({conditionCard:{minWidth:t.spacing(63)},conditionCardBar:{height:t.spacing(1),backgroundImage:"linear-gradient(90deg, #007DFF 0%, #0057B2 100%)"},autocomplete:{flex:1}}));function Cn({ruleName:t,parameters:n,resourceType:r,onChange:a,onDelete:l}){var o;const i=oo(),c=Vt(),m=(o=c==null?void 0:c.filter(d=>d.resourceType===r))!=null?o:[],s=m.find(d=>d.name===t),p=d=>{a(d,{})},u=k(d=>{a(t,d)},[a,t]);return e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(te,{className:i.conditionCard},e.createElement("div",{className:i.conditionCardBar}),e.createElement(ge,null,e.createElement(E,null,e.createElement(E,null,e.createElement(mt,{className:i.autocomplete,"data-testid":"rule-select",getOptionLabel:d=>d.name,getOptionSelected:(d,x)=>d.name===x.name,options:m,onChange:(d,x)=>p(x?x.name:null),renderInput:d=>e.createElement(e.Fragment,null,e.createElement(E,{marginBottom:2},e.createElement(de,null,"Rule")),e.createElement(ve,{...d,placeholder:"Select",variant:"outlined",size:"small",name:"rule"})),renderOption:d=>e.createElement(E,null,e.createElement(h,{variant:"body2"},d.name),e.createElement(h,{noWrap:!0,variant:"caption"},d.description)),value:s||null,PopperComponent:d=>e.createElement(Er,{...d,style:{width:"auto"},placement:"bottom-start"})})),e.createElement(E,{flex:"1"},e.createElement(E,{display:"flex",flexDirection:"column"},e.createElement(lo,{rule:s,onChange:u,value:n})))))),e.createElement(E,{ml:1},e.createElement(_,{"aria-label":"delete",onClick:l,size:"small"},e.createElement(De,null))))}function Ze(){return{id:pe(),ruleName:null,parameters:{}}}const io=C(t=>({conditionTypeFormControl:{minWidth:80,marginLeft:t.spacing(1)}}));function co({level:t,onSelect:n}){const r=io(),a=t.children.length>1;return e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(Ce,{className:r.conditionTypeFormControl},e.createElement(xe,{value:t.levelType,onChange:l=>n==null?void 0:n(l.target.value)},e.createElement(U,{key:"anyOf",value:"anyOf"},"Any of"),e.createElement(U,{key:"allOf",value:"allOf"},"All of"),e.createElement(U,{key:"not",value:"not",disabled:a},"Not"))),e.createElement(E,{ml:1},e.createElement(_,{"aria-label":"delete",onClick:()=>n==null?void 0:n(null),size:"small"},e.createElement(De,null))))}const so=C(t=>({treeVerticalSpacer:{width:t.spacing(2),borderLeft:`1px solid ${t.palette.status.aborted}`},treeHorizontalSpacer:{height:t.spacing(3),borderLeft:`1px solid ${t.palette.status.aborted}`},treeVerticalBranchHalf:{position:"absolute",height:"50%",borderLeft:`1px solid ${t.palette.status.aborted}`,alignSelf:"flex-start"},treeVerticalBranchFull:{borderLeft:`1px solid ${t.palette.status.aborted}`,alignSelf:"stretch"},treeHorizontalBranch:{width:t.spacing(2),borderTop:`1px solid ${t.palette.status.aborted}`}}));function xn({level:t,resourceType:n,onChange:r,parentConditionType:a,isRoot:l=!1}){const o=so(),i=k((f,y)=>{const g=[...t.children];return g.splice(f,1,y),g},[t]),c=k(f=>{r({...t,children:f})},[r,t]),m=k(f=>{f===null?r(null):f==="not"&&t.children.length>1?r({...t,levelType:f,children:t.children.slice(0,1)}):r({...t,levelType:f})},[r,t]),s=k((f,y)=>{c(f===null?wn(t.children,y):i(y,f))},[t,c,i]),p=f=>{const y=pe();f==="condition"?c([...t.children,Ze()]):f==="not"?c([...t.children,{id:y,levelType:f,children:[]}]):Ca(f)&&c([...t.children,{id:y,levelType:f,children:[Ze()]}])},u=f=>{c(wn(t.children,f))},d=B(()=>t.children.map((f,y)=>(g,w)=>{c(i(y,{...f,ruleName:g,parameters:w}))}),[t.children,c,i]),x=B(()=>t.children.map((f,y)=>g=>s(g,y)),[t.children,s]);return e.createElement("div",null,!l&&e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(E,{display:"flex",alignItems:"center",position:"relative"},!l&&e.createElement(e.Fragment,null,e.createElement("div",{className:a==="not"?o.treeVerticalBranchHalf:o.treeVerticalBranchFull}),e.createElement("div",{className:o.treeHorizontalBranch})),e.createElement(co,{level:t,onSelect:m})),e.createElement(E,{display:"flex"},l||a==="not"?e.createElement(E,{pl:2}):e.createElement("div",{className:o.treeVerticalSpacer}),!l&&e.createElement(E,{pl:2}),e.createElement("div",null,t.children.map((f,y)=>Re(f)?e.createElement(E,{key:f.id},e.createElement(xn,{level:f,resourceType:n,parentConditionType:t.levelType,onChange:x[y]})):e.createElement(Be,{key:f.id},e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(E,{display:"flex",alignItems:"center",position:"relative"},e.createElement("div",{className:t.levelType==="not"?o.treeVerticalBranchHalf:o.treeVerticalBranchFull}),e.createElement("div",{className:o.treeHorizontalBranch}),e.createElement(Cn,{ruleName:f.ruleName,parameters:f.parameters,resourceType:n,onChange:d[y],onDelete:()=>u(y)})))),!(t.levelType==="not"&&t.children.length>=1)&&e.createElement(e.Fragment,null,e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(E,{display:"flex",alignItems:"center",position:"relative"},e.createElement("div",{className:o.treeVerticalBranchHalf}),e.createElement("div",{className:o.treeHorizontalBranch}),e.createElement(hn,{onSelect:p}))))))}function wn(t,n){const r=[...t];return r.splice(n,1),r}const mo=C(t=>({paper:{backgroundColor:t.palette.background.default,padding:t.spacing(3),marginBottom:t.spacing(3),minHeight:t.spacing(48)}}));function uo({permissionCriteria:t,resourceType:n,onUpdate:r,readonly:a=!1}){const l=mo(),o=k(p=>{r(u=>({...u,...p}))},[r]),i=k(p=>{const u=pe();o(p==="condition"?Ze():p==="not"?{id:u,levelType:p,children:[]}:{id:u,levelType:p,children:[Ze()]})},[o]),c=k((p,u)=>{r(d=>({...d,ruleName:p,parameters:u}))},[r]),m=k(()=>{r(null)},[r]);let s;return a?s=e.createElement(gn,{permissionCriteria:t}):t===null?s=e.createElement(hn,{onSelect:i}):bt(t)?s=e.createElement(Cn,{ruleName:t.ruleName,parameters:t.parameters,resourceType:n,onChange:c,onDelete:m}):Re(t)&&(s=e.createElement(xn,{level:t,resourceType:n,onChange:r,isRoot:!0})),e.createElement(ot,{variant:"outlined",className:l.paper},s)}const po=C(t=>({dialogTitle:{display:"flex",alignItems:"center",justifyContent:"space-between"},fullWidth:{width:"100%","& > *":{flexGrow:1}},infoIcon:{position:"absolute",right:t.spacing(3)},content:{padding:t.spacing(7)},saveButton:{paddingLeft:t.spacing(5),paddingRight:t.spacing(5)},contentContainerConditional:{display:"flex",gap:t.spacing(5),maxWidth:1480}})),Eo={specificPermission:"Choose a specific permission",filter:"Filter by permission properties",all:"Match all permissions"},Dn="Choose the name of a resource permission or filter by resource type to set a conditional decision.";function fo({rolePermission:t,readonly:n=!1,onClose:r,onSave:a}){const l=po(),{permissions:o}=Ne(),i=Vt(),c=bl(),m=xa(t),[s,p]=R(m.match),[u,d]=R(m.decisionType),[x,f]=R(m.criteria),y=B(()=>Aa(o,s),[o,s]),g=u==="conditional",w=g?"xl":"sm";G(()=>{g&&o&&!y.commonResourceType&&d("allow")},[g,o,y.commonResourceType,d]);const S=A=>{A!==null&&d(A)},T=B(()=>s.method==="specificPermission"&&!s.name||s.method==="filter"&&!s.resourceType&&!s.actions,[s]),z=B(()=>y.permissions.length===0?!1:!T,[y,T]),M=B(()=>u!=="conditional"?!0:!(!y.commonResourceType||!(c!=null&&c[y.commonResourceType].pluginId)||!mn(x,i)),[u,y,c,x,i]),b=()=>{a==null||a(Na(m.id,s,u==="conditional"?{resourceType:y.commonResourceType,pluginId:c[y.commonResourceType].pluginId,conditions:Ct(x)}:u))};return e.createElement(me,{open:!0,maxWidth:w,onClose:r,fullWidth:!0},e.createElement(He,{disableTypography:!0,className:l.dialogTitle},e.createElement(h,{variant:"h4",component:"h2"},"New Permission Decision"),e.createElement(P,{startIcon:e.createElement(st,null),onClick:r},"Close")),e.createElement(ne,{dividers:!0,className:l.content},e.createElement(E,{className:g?l.contentContainerConditional:void 0},e.createElement(E,{mb:5,flex:1},e.createElement(va,{options:Object.entries(Eo).map(([A,v])=>({id:A,displayText:v})),selected:s.method,onChange:A=>p({method:A}),readonly:n})),e.createElement(E,{mb:5,height:189,flex:1},s.method==="specificPermission"&&e.createElement($a,{name:s.name,readonly:n,onNameChange:A=>p({...s,name:A})}),s.method==="filter"&&e.createElement(e.Fragment,null,e.createElement(Ia,{resourceType:s.resourceType,readonly:n,onResourceTypeChange:A=>p({...s,resourceType:A})}),e.createElement(Ba,{actions:s.actions,readonly:n,onActionsChange:A=>p({...s,actions:A.length?A:void 0})}),T?null:e.createElement(e.Fragment,null,e.createElement(E,{marginY:2},e.createElement(it,{variant:"middle"})),e.createElement(at,null,`Matched ${y.permissions.length} ${y.permissions.length===1?"permission":"permissions"}`)))),e.createElement(E,{mb:5,flex:1},e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(Sa,{value:u,exclusive:!0,fullWidth:!0,"aria-label":"Decision result",onChange:(A,v)=>S(v)},e.createElement(xt,{value:"allow","aria-label":"Decision allowed",disabled:n},"Allow"),e.createElement(xt,{value:"deny","aria-label":"Decision denied",disabled:n},"Deny"),e.createElement(xt,{value:"conditional","aria-label":"Decision conditionally allowed",disabled:!y.commonResourceType||n},"Conditional")),!g&&!n&&e.createElement(he,{title:Dn},e.createElement(Wt,{className:l.infoIcon,color:"primary","aria-label":Dn}))))),u==="conditional"&&!!y.commonResourceType&&e.createElement(uo,{permissionCriteria:x,resourceType:y.commonResourceType,onUpdate:f,readonly:n}),!n&&e.createElement(E,{display:"flex",justifyContent:"flex-end"},e.createElement(P,{variant:"contained",color:"primary",className:l.saveButton,onClick:b,disabled:!z||!M},"Save"))))}const yo=C(t=>({container:{display:"flex",position:"relative",alignItems:"center",gap:t.spacing(1),flexShrink:1,maxWidth:"100%",minWidth:0},input:({invalid:n})=>({boxSizing:"content-box",display:"block",maxWidth:"100%",padding:0,borderWidth:2,borderStyle:"solid",borderColor:n?t.palette.error.main:"transparent",borderRadius:t.shape.borderRadius,backgroundColor:"transparent",color:t.palette.textContrast,fontFamily:"inherit",fontSize:"inherit",lineHeight:"inherit",fontWeight:"inherit",textOverflow:"ellipsis"}),hiddenSpan:{position:"absolute",top:0,left:0,borderWidth:1,whiteSpace:"pre",opacity:0,pointerEvents:"none"}}));function Nn({invalid:t,name:n,value:r,onTextChange:a}){const l=yo({invalid:t}),[o,i]=R(!1),[c,m]=R(null),s=ee(null),[p,u]=R(r);G(()=>{u(r)},[r]),_n(()=>{s.current&&c&&s.current.style.setProperty("width",`max(${c.getBoundingClientRect().width}px, 3ch)`)},[c,p]);const d=()=>{i(!1),u(r)},x=()=>{i(!1),a==null||a(p)},f=()=>{var g;o?x():(i(!0),(g=s.current)==null||g.focus())},y=g=>{var w;g.key==="Enter"&&((w=s.current)==null||w.blur()),g.key==="Escape"&&d()};return e.createElement(e.Fragment,null,e.createElement("div",{className:l.container},e.createElement("input",{"aria-label":n,className:l.input,name:n,ref:s,onChange:g=>u(g.target.value),onFocus:f,onBlur:x,onKeyDown:y,value:p}),e.createElement("span",{"aria-hidden":"true",className:l.hiddenSpan,ref:m},p),e.createElement(_,{onClick:f,size:"small"},o?e.createElement(nl,{"aria-label":"Save title"}):e.createElement(tl,{"aria-label":"Edit title"}))))}const Pn=t=>{if(t.success)return{};const n={};for(const r of t.error.issues)n[r.path.join(".")]=!0;return n},Tn=({children:t,onConfirm:n,message:r,title:a})=>{const[l,o]=R(!1),i=()=>o(!1),c=()=>o(!0),m=()=>{n(),i()};return e.createElement(e.Fragment,null,t({onClick:c}),e.createElement(me,{open:l,onClose:i},e.createElement(He,null,e.createElement(E,{display:"flex",justifyContent:"space-between",alignItems:"center"},a)),e.createElement(ne,null,e.createElement(fr,null,r)),e.createElement(lt,null,e.createElement(P,{"aria-label":"Cancel action",color:"primary",onClick:i},"Cancel"),e.createElement(P,{"aria-label":"Confirm action",color:"secondary",onClick:m,variant:"contained"},"Confirm"))))},Sn=({helpText:t})=>e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(E,{component:"span",mr:1},e.createElement(h,{variant:"body2",noWrap:!0},"Reorder")),e.createElement(he,{title:t},e.createElement(Wt,{color:"primary","aria-label":t}))),An=(t,n,r)=>{const a=n+r;if(a<0||a>=t.length)return t;const l=[...t];return[l[a],l[n]]=[l[n],l[a]],l},Rn=({array:t,index:n,onReorder:r})=>{const a=n===0,l=n===t.length-1;return e.createElement(E,{display:"flex"},e.createElement(_,{disabled:a,onClick:()=>r(An(t,n,-1)),"aria-label":"Move up",size:"small"},e.createElement(ll,null)),e.createElement(_,{disabled:l,onClick:()=>r(An(t,n,1)),"aria-label":"Move down",size:"small"},e.createElement(rl,null)))},go=C(()=>({emptyStateImage:{width:"95%",zIndex:2,position:"relative",left:"50%",top:"50%",transform:"translate(-50%, 15%)"}}));function $n({src:t,alt:n}){const r=go();return e.createElement("img",{src:t,className:`${r.emptyStateImage} `,alt:n})}const ho="Use the arrows to change the order in which permission decisions are evaluated.";function vo({diff:t,permissions:n,onReorderPermissions:r,onNewPermissionClick:a,onOpenPermission:l,onRemovePermissionClick:o,anyAllow:i,readonly:c=!1}){return e.createElement(e.Fragment,null,e.createElement(E,{display:"flex",justifyContent:"space-between",padding:2},e.createElement(h,{variant:"h5"},"Permission Decisions"),!c&&n.length!==0&&e.createElement(P,{color:"primary",variant:"outlined",startIcon:e.createElement(dt,null),onClick:a},"New")),e.createElement(je,null,e.createElement(Ue,null,e.createElement(j,null,!c&&!i&&e.createElement(D,{style:{width:0}},e.createElement(Sn,{helpText:ho})),e.createElement(D,null,"Match by"),e.createElement(D,null,"Decision"),e.createElement(D,null),!c&&e.createElement(D,null))),e.createElement(Ve,null,n.length===0&&e.createElement(j,null,e.createElement(D,{colSpan:5},e.createElement(Fe,{title:"No permission decisions set",description:"Click the button below to create your first permission.",missing:{customImage:e.createElement($n,{src:al,alt:"No permission placeholder"})},action:e.createElement(P,{variant:"contained",color:"primary",onClick:a},"New permission decision")}))),n.map((m,s)=>e.createElement(j,{key:s},!c&&!i&&e.createElement(D,null,e.createElement(Rn,{array:n,index:s,onReorder:r})),e.createElement(D,null,e.createElement(yr,{onClick:()=>l(s)},e.createElement(h,{variant:"body2",color:"primary"},ft(m)))),e.createElement(D,null,Ml(m)),e.createElement(D,null,e.createElement(Ae,{operation:t==null?void 0:t.permissions[m.id].operation})),!c&&e.createElement(D,{align:"right"},e.createElement(Tn,{message:"Are you sure you want to remove this permission decision?",onConfirm:()=>o(s),title:"Remove?"},p=>e.createElement(_,{...p,"aria-label":"Remove permission decision",size:"small"},e.createElement(De,null)))))))))}function bo({roleId:t}){const{versionId:n,roleId:r}=tt(),a=t!=null?t:r;return Ge(a),Ge(n),e.createElement(Xe,{policyId:n},e.createElement(xo,{roleId:a}))}const Co=C(t=>({cardContainer:{margin:t.spacing(0)}}));function xo({roleId:t}){const{diff:n,updateLocalDraft:r,policy:a}=Y(),l=a.roles.find(v=>v.id===t),o=n==null?void 0:n.roles[t],[i,c]=R(null),[m,s]=R(!1),p=nt(),{NotFoundErrorPage:u}=p.getComponents(),d=q(),x=Co();if(!l)return e.createElement(u,null);const f=l.name,y=v=>{const $=a.roles.findIndex(le=>le.id===v.id),L=[...a.roles];L.splice($,1,v),r({...a,roles:L})},g=v=>{y({...l,name:v})},w=v=>{if(i===null)y({...l,permissions:[v,...l.permissions]});else{const $=[...l.permissions];$.splice(i,1,v),y({...l,permissions:$})}s(!1)},S=v=>{if(v==="*")y({...l,members:l.members==="*"?[]:"*"});else if(l.members==="*")y({...l,members:[v]});else{const $=l.members.includes(v)?l.members.filter(L=>L!==v):[...l.members,v];y({...l,members:$.length===0?"*":$})}},T=v=>{y({...l,permissions:l.permissions.filter(($,L)=>v!==L)})},z=v=>{y({...l,permissions:v})},M=Pn(kr.safeParse(l)).name,b=a.status!=="draft",A=a.options.resolutionStrategy==="any-allow";return e.createElement(e.Fragment,null,e.createElement(Ke,{pages:[{title:a.name,path:`../../../${a.id}`},{title:f}],header:e.createElement(We,{titleComponent:e.createElement(tn,null,a.name," \xA0\u01C0",b?e.createElement(e.Fragment,null,"\xA0",f):e.createElement(Nn,{invalid:M,value:f,onTextChange:g}),e.createElement(Ae,{operation:o==null?void 0:o.role.operation,size:"medium"})),description:a.description||void 0},e.createElement(P,{variant:"outlined",color:"primary",onClick:()=>d("../..",{relative:"path"})},"Back to policy"))},e.createElement(O,{container:!0,className:x.cardContainer,spacing:4,direction:"row"},e.createElement(O,{item:!0,xs:6},e.createElement(te,null,e.createElement(ya,{diff:o||null,role:l,policyId:a.id,onToggleMember:S,readonly:b}))),e.createElement(O,{item:!0,xs:6},e.createElement(te,null,e.createElement(vo,{diff:o||null,permissions:l.permissions,onNewPermissionClick:()=>{c(null),s(!0)},onOpenPermission:v=>{c(v),s(!0)},onReorderPermissions:z,onRemovePermissionClick:T,anyAllow:A,readonly:b}))))),m&&e.createElement(fo,{rolePermission:i!==null?l.permissions[i]:void 0,onClose:()=>s(!1),onSave:w,readonly:b}))}const wo="Use the arrows to change the order in which roles are evaluated.";function Do({}){const{diff:t,policy:n,createNewRole:r,updateLocalDraft:a}=Y(),l=q(),o=No(n),i=n.status!=="draft",c=n.options.resolutionStrategy==="any-allow",m=u=>{a({...n,roles:u})},s=u=>{a({...n,roles:n.roles.filter(({id:d})=>d!==u)})},p=()=>{l(`./roles/${r()}`)};return e.createElement(ot,null,e.createElement(E,{display:"flex",justifyContent:"space-between",padding:2},e.createElement(h,{variant:"h3"},"Roles"),!i&&e.createElement(P,{color:"primary",variant:"outlined",startIcon:e.createElement(dt,null),onClick:()=>p()},"New role")),e.createElement(je,null,e.createElement(Ue,null,e.createElement(j,null,!i&&!c&&e.createElement(D,{style:{width:0}},e.createElement(Sn,{helpText:wo})),e.createElement(D,null,"Name"),e.createElement(D,null,"Users"),e.createElement(D,null,"Groups"),!i&&e.createElement(D,{style:{width:0}}))),e.createElement(Ve,null,o.map((u,d)=>e.createElement(j,{key:d},!i&&!c&&e.createElement(D,null,e.createElement(Rn,{array:n.roles,index:d,onReorder:m})),e.createElement(D,null,e.createElement(E,{alignItems:"center",display:"flex",gridGap:8},e.createElement(ie,{to:`roles/${u.id}`},u.name),e.createElement(Ae,{operation:t==null?void 0:t.roles[u.id].role.operation}))),e.createElement(D,null,u.userCount),e.createElement(D,null,u.groupCount),!i&&e.createElement(D,{align:"right"},e.createElement(Tn,{message:"Are you sure you want to remove this role?",title:"Remove role?",onConfirm:()=>s(u.id)},x=>e.createElement(_,{...x,"aria-label":"Remove role",size:"small"},e.createElement(De,null)))))))))}function No(t){return t.roles.map(n=>({id:n.id,name:n.name,userCount:Array.isArray(n.members)?n.members.filter(r=>r.startsWith("user:")).length:n.members,groupCount:Array.isArray(n.members)?n.members.filter(r=>r.startsWith("group:")).length:n.members}))}const Po=C(t=>({cardHeader:{padding:t.spacing(3,3),borderBottom:`1px solid ${t.palette.border}`},cardContent:{padding:t.spacing(6,3),"& > *":{background:"transparent"}},emptyStateImage:{width:"95%",zIndex:2,position:"relative",left:"50%",top:"50%",transform:"translate(-50%, 15%)"}}));function To({readonly:t}){const n=Po(),r=q(),{createNewRole:a}=Y(),l=()=>{const o=a();r(`./roles/${o}`)};return e.createElement(te,null,e.createElement($t,{title:"Roles",className:n.cardHeader}),e.createElement(ge,{className:n.cardContent},t?e.createElement(Fe,{title:"No roles configured",missing:"content"}):e.createElement(Fe,{title:"No roles yet",description:"Click the button below to create your first role.",missing:{customImage:e.createElement($n,{src:ol,alt:"No roles placeholder"})},action:e.createElement(P,{variant:"contained",color:"primary",onClick:()=>l()},"New role")})))}function So(){const[t,n]=R(null),{hasDraftPolicy:r}=Qe(),{isValid:a,discardLocalDraft:l,exportPolicy:o,hasChanges:i,policy:c,saveLocalDraftToServer:m,saveAndPublish:s,publish:p}=Y(),u=q(),[d,x]=vt(),f=g=>{n(g.currentTarget)},y=()=>{n(null)};return e.createElement(e.Fragment,null,e.createElement(gr,{variant:"contained",color:"primary"},c.status==="draft"&&e.createElement(P,{disabled:!a,onClick:()=>m()},"Save"),c.status==="inactive"&&e.createElement(P,{onClick:()=>p()},"Republish"),c.status==="active"&&e.createElement(P,{disabled:r||d.loading,onClick:()=>x(c)},"Duplicate"),e.createElement(P,{color:"primary",title:"options",size:"small",onClick:f},e.createElement(il,null))),e.createElement(At,{getContentAnchorEl:null,anchorEl:t,anchorOrigin:{vertical:"bottom",horizontal:"right"},open:!!t,onClose:y,PaperProps:{style:{width:240}}},c.status==="draft"&&e.createElement(ct,null,e.createElement(U,{disabled:!a,onClick:()=>s()},e.createElement(se,null,e.createElement(sl,{fontSize:"small"})),e.createElement(Q,null,"Save & Publish")),e.createElement(U,{disabled:!i,onClick:()=>l()},e.createElement(se,null,e.createElement(cl,{color:i?"secondary":"inherit",fontSize:"small"})),e.createElement(Q,null,e.createElement(h,{color:i?"secondary":"inherit"},"Discard changes"))),e.createElement(it,null)),e.createElement(ct,null,e.createElement(U,{onClick:()=>o()},e.createElement(se,null,e.createElement(dl,{fontSize:"small"})),e.createElement(Q,null,"Export"))),e.createElement(it,null),e.createElement(ct,null,e.createElement(U,{disabled:!a,onClick:()=>u("./options")},e.createElement(se,null,e.createElement(ml,{fontSize:"small"})),e.createElement(Q,null,"Options")))))}const Ao=C(t=>({chipContainer:{marginTop:t.spacing(1),marginLeft:t.spacing(1),display:"flex",flexWrap:"wrap"}})),Ro=({selectedRoleIds:t,setSelectedRoleIds:n})=>{const r=Ao(),{policy:a}=Y();return e.createElement(e.Fragment,null,e.createElement(Ce,{fullWidth:!0},e.createElement(de,{id:"selectLabel"},"Select roles"),e.createElement(xe,{native:!1,displayEmpty:!0,multiple:!0,value:t,onChange:l=>n(l.target.value),input:e.createElement(kt,null),"aria-labelledby":"selectLabel",renderValue:l=>e.createElement("div",{className:r.chipContainer,"aria-labelledby":"selectLabel"},a.roles.filter(o=>l.includes(o.id)).map(o=>e.createElement(ce,{key:o.name,label:o.name})))},a.roles.map(l=>e.createElement(U,{key:l.id,value:l.id},e.createElement(be,{color:"primary",checked:t.includes(l.id),name:l.name,value:l.id}),e.createElement(Q,{primary:l.name}))))))},$o=C(t=>({chipContainer:{marginTop:t.spacing(1),marginLeft:t.spacing(1),display:"flex",flexWrap:"wrap"}})),ko=e.forwardRef(({selectedPermissionNames:t,setSelectedPermissionNames:n,errorMessage:r},a)=>{const l=$o(),{permissions:o}=Ne();return e.createElement(e.Fragment,null,e.createElement(Ce,{fullWidth:!0,error:!!r},e.createElement(de,{id:"selectLabel"},"Select permissions"),e.createElement(xe,{ref:a,native:!1,displayEmpty:!0,multiple:!0,value:t,onChange:i=>n(i.target.value),input:e.createElement(kt,null),"aria-labelledby":"selectLabel",renderValue:i=>e.createElement("div",{className:l.chipContainer,"aria-labelledby":"selectLabel"},o==null?void 0:o.filter(c=>i.includes(c.name)).map(c=>e.createElement(ce,{key:c.name,label:c.name})))},o==null?void 0:o.map(i=>e.createElement(U,{key:i.name,value:i.name},e.createElement(be,{color:"primary",checked:t.includes(i.name),name:i.name,value:i.name,required:!0}),e.createElement(Q,{primary:i.name})))),e.createElement(at,null,r)))}),Io=()=>{const{policy:t}=Y(),{permissions:n}=Ne(),r=I(H),[a,l]=R([]),o=k(async(c,m)=>{if(!n)return;const s=(await r.testPolicyDecisions(n.filter(p=>m.includes(p.name)).map(p=>({policyConfig:t,roleIds:c,permission:p})))).map(p=>({...p,roles:t.roles.filter(u=>c.includes(u.id))}));l(s)},[t,n,r,l]),i=k(()=>{l([])},[l]);return[a,o,i]},J=({name:t})=>{const n=B(()=>t.includes(".")?t.split(/(\.)/g).flatMap(r=>[r,e.createElement("wbr",null)]):[t],[t]);return e.createElement(e.Fragment,null,n.map((r,a)=>e.createElement(e.Fragment,{key:a},r)))},Oo=C(t=>({container:{display:"flex",flexDirection:"row",gap:t.spacing(1)},infoIcon:{color:t.palette.textSubtle}})),Bo=({policy:t,roles:n,permission:r})=>{const a=n.flatMap(o=>It(o,r));let l;if(n.length===0)l=e.createElement(e.Fragment,null,"A user with no assigned roles will be denied access to"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),".");else if(!a.length)l=e.createElement(e.Fragment,null,"None of the roles explicitly sets a rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),", which means that a user who has all of these roles will be denied access to"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),".");else if(t.options.resolutionStrategy==="any-allow")l=e.createElement(e.Fragment,null,"None of the roles explicitly sets an allow or conditional rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", a user who has all of these roles will be denied access to"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),".");else throw t.options.resolutionStrategy==="first-match"?new Error("Trying to render ImplicitDecisionInfo for a first-match policy that has matching role permission. This should not happen, since the decision should be explicit by the matching role permission."):new Error(`Unknown resolution strategy ${t.options.resolutionStrategy}. Cannot render ImplicitDecisionInfo.`);return e.createElement(e.Fragment,null,e.createElement("strong",null,"Implicit decision")," \u2013 ",l)},Lo=({policy:t,permission:n,roles:r,decision:a,decisionOrigin:l})=>{const o=r.find(c=>c.id===l[0].roleId);let i;if(t.options.resolutionStrategy==="first-match"){if(!o)throw new Error("Expected decision origin role for first-match explicit decision but found none.");i=e.createElement(e.Fragment,null,"The role ",e.createElement("strong",null,o.name)," explicitly sets a rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"first-match"),", no other roles are applied.")}else if(t.options.resolutionStrategy==="any-allow"){if(a.result===F.ALLOW){if(!o)throw new Error("Expected decision origin role for any-allow explicit allow decision but found none.");i=e.createElement(e.Fragment,null,"The role ",e.createElement("strong",null,o.name)," is the first role that explicitly sets an allow decision for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", this decides the outcome.")}else if(a.result===F.CONDITIONAL)if(l.length===1){if(!o)throw new Error("Expected decision origin role for any-allow explicit allow decision but found none.");i=e.createElement(e.Fragment,null,"The role ",e.createElement("strong",null,o.name)," is the first role that explicitly sets a decision for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", this decides the outcome.")}else i=e.createElement(e.Fragment,null,"Multiple roles explicitly set a rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", these decide the outcome.")}else throw new Error(`Unknown resolution strategy ${t.options.resolutionStrategy}. Cannot render ExplicitDecisionInfo.`);return e.createElement(e.Fragment,null,e.createElement("strong",null,"Explicit decision")," \u2013 ",i)},Mo=({roles:t,permission:n,decision:r,decisionOrigin:a})=>{const{policy:l}=Y(),o=Oo();return e.createElement("div",{className:o.container},e.createElement(pl,{fontSize:"small",titleAccess:"",className:o.infoIcon}),e.createElement(h,{variant:"body1",component:"p"},a.length===0?e.createElement(Bo,{policy:l,roles:t,permission:n}):e.createElement(Lo,{policy:l,permission:n,roles:t,decision:r,decisionOrigin:a})))},Fo=C(t=>({userCell:{borderRight:`1px solid ${t.palette.border}`,color:t.palette.text.secondary,background:t.palette.background.paper}})),zo=({rowCount:t})=>{const n=Fo();return e.createElement(D,{size:"small",padding:"none",align:"center",rowSpan:t,classes:{root:n.userCell}},e.createElement(ir,null))},Wo=C(()=>({decisionRowCell:{fontWeight:"bold"}})),et=({children:t,ledToDecision:n,color:r})=>{const a=Wo();return e.createElement(h,{variant:"body1",component:"span",classes:{root:n?a.decisionRowCell:void 0},color:r},t)},Ho=({role:t,ledToDecision:n})=>e.createElement(ie,{to:`roles/${t.id}`},e.createElement(et,{ledToDecision:n,color:"primary"},t.name)),jo=({permissionName:t,ledToDecision:n})=>e.createElement(et,{ledToDecision:n,color:n===!1?"textSecondary":void 0},e.createElement(J,{name:t})),kn=({authorizeResult:t,size:n})=>{switch(t){case F.ALLOW:return e.createElement(fl,{fontSize:n});case F.DENY:return e.createElement(yl,{fontSize:n});case F.CONDITIONAL:return e.createElement(El,{fontSize:n});default:return null}},Uo=C(t=>({decisionCell:{display:"flex",justifyItems:"center"},decisionIconContainer:{display:"flex",alignItems:"center",marginRight:t.spacing(1)},decisionIconAllow:{color:t.palette.success.main},decisionIconDeny:{color:t.palette.error.main},decisionIconConditional:{color:t.palette.info.main}})),Vo=t=>{switch(t){case F.ALLOW:return"Allow";case F.DENY:return"Deny";case F.CONDITIONAL:return"Conditional";default:return"Permission not found in role"}},Go=(t,n)=>{let r;switch(t){case F.ALLOW:r=n.decisionIconAllow;break;case F.DENY:r=n.decisionIconDeny;break;case F.CONDITIONAL:r=n.decisionIconConditional;break;default:return}return`${n.decisionIconContainer} ${r}`},_o=({ledToDecision:t,authorizeResult:n})=>{const r=Uo();return e.createElement("div",{className:r.decisionCell},n!==null&&e.createElement("span",{className:Go(n,r)},e.createElement(kn,{authorizeResult:n,size:"small"})),e.createElement(et,{ledToDecision:t,color:t===!1?"textSecondary":void 0},Vo(n)))},Yo=({ledToDecision:t})=>e.createElement(et,{ledToDecision:t,color:t===!1?"textSecondary":void 0},t?"Yes":"No"),Jo=C(t=>({tableHeader:{borderBottom:`1px solid ${t.palette.border}`}})),ke=({children:t})=>{const n=Jo();return e.createElement(D,{size:"small",classes:{root:n.tableHeader}},t)},qo=C(t=>({tableContainer:{border:`1px solid ${t.palette.border}`,borderRadius:t.shape.borderRadius},tableRow:{"&, &:nth-child(odd)":{background:t.palette.background.paper}},decisionTableRow:{"&, &:nth-child(odd)":{background:t.palette.type==="light"?t.palette.infoBackground:t.palette.grey[900]}}})),Ko=t=>{if(Ye(t))return F.CONDITIONAL;if(typeof t=="string")switch(t){case"allow":return F.ALLOW;case"deny":return F.DENY;default:throw new Error(`Unknown decision: ${t}`)}throw new Error("Unknown decision type found.")},Qo=(t,n)=>n.some(r=>r.rolePermissionId===t.id),Xo=t=>B(()=>{const{roles:n,permission:r,decisionOrigin:a}=t,l=[];for(const o of n){const i=It(o,r);if(i.length>0)for(const c of i)l.push({role:o,permission:r,authorizeResult:Ko(c.decision),ledToDecision:Qo(c,a)});else l.push({role:o,permission:r,authorizeResult:null,ledToDecision:!1})}return l},[t]),Zo=({resultRow:t})=>{const n=qo(),r=Xo(t);return e.createElement(E,{marginTop:3,marginBottom:3},e.createElement(hr,{classes:{root:n.tableContainer}},e.createElement(je,null,e.createElement(Ue,null,e.createElement(j,{classes:{root:n.tableRow}},e.createElement(ke,null),e.createElement(ke,null,"Role"),e.createElement(ke,null,"Permission"),e.createElement(ke,null,"Decision"),e.createElement(ke,null,"Is deciding role"))),e.createElement(Ve,null,r.map((a,l)=>{const o=l===0;return e.createElement(j,{key:l,classes:{root:a.ledToDecision?n.decisionTableRow:n.tableRow}},o?e.createElement(zo,{rowCount:r.length}):null,e.createElement(D,{size:"small"},e.createElement(Ho,{role:a.role,ledToDecision:a.ledToDecision})),e.createElement(D,{size:"small"},e.createElement(jo,{permissionName:a.permission.name,ledToDecision:a.ledToDecision})),e.createElement(D,{size:"small"},e.createElement(_o,{authorizeResult:a.authorizeResult,ledToDecision:a.ledToDecision})),e.createElement(D,{size:"small"},e.createElement(Yo,{ledToDecision:a.ledToDecision})))})))))},ei=C(t=>({heading:{fontWeight:"bold"},subtitle:{color:t.palette.text.secondary},criteriaSummarySpacing:{marginBottom:t.spacing(3)}})),ti=({resultRow:t})=>{const n=ei();return e.createElement(e.Fragment,null,t.roles.length>0?e.createElement(e.Fragment,null,e.createElement(h,{variant:"body1",component:"h6",className:n.heading},"Decision breakdown"),e.createElement(h,{variant:"subtitle1",component:"p",className:n.subtitle},"See what role results in this decision."),e.createElement(Zo,{resultRow:t})):null,t.decision.result===F.CONDITIONAL?e.createElement("div",{className:n.criteriaSummarySpacing},e.createElement(gn,{permissionCriteria:$e(t.decision.conditions)})):null,e.createElement(Mo,{roles:t.roles,permission:t.permission,decision:t.decision,decisionOrigin:t.decisionOrigin}))};function ni({decision:t}){let n;switch(t.result){case"ALLOW":n={severity:"success",text:"Allow"};break;case"DENY":n={severity:"error",text:"Deny"};break;default:n={severity:"info",text:"Conditional"};break}return e.createElement(an,{text:n.text,severity:n.severity,icon:e.createElement(kn,{authorizeResult:t.result}),title:`${n.text} decision chip`,size:"large"})}const ri=C(t=>({permissionName:{display:"flex",alignItems:"center",height:"100%",fontWeight:"bold"},detailsContainer:{padding:`${t.spacing(2)}px  ${t.spacing(1)}px 0`,borderTop:`1px solid ${t.palette.divider}`}})),li=({resultRow:t})=>{const n=ri();return e.createElement(vr,null,e.createElement(br,{expandIcon:e.createElement(gl,null),"aria-controls":"result{$resultIndex}-content",id:t.permission.name},e.createElement(O,{container:!0},e.createElement(O,{item:!0,xs:12,md:4},e.createElement(h,{variant:"body1",className:n.permissionName,component:"h5"},e.createElement(J,{name:t.permission.name}))),e.createElement(O,{item:!0,xs:12,md:8},e.createElement(h,{variant:"body2"},t.roles.length>0?"For a user who has all the selected roles, the result will be:":"For a user with no assigned roles, the result will be:"),e.createElement(ni,{decision:t.decision})))),e.createElement(Cr,null,e.createElement("div",{className:n.detailsContainer},e.createElement(ti,{resultRow:t}))))},ai=C(t=>({header:{borderTop:`1px solid ${t.palette.divider}`,padding:`${t.spacing(3)}px ${t.spacing(1)}px`,borderBottom:`1px solid ${t.palette.divider}`},resultHeading:{marginBottom:t.spacing(1)},accordionHeader:{padding:`${t.spacing(1)}px ${t.spacing(6)}px ${t.spacing(1)}px ${t.spacing(0)}px`,margin:"0"}})),oi=({results:t,resolutionStrategy:n})=>{const r=ai();return t.length?e.createElement(e.Fragment,null,e.createElement("div",{className:r.header},e.createElement(h,{variant:"h5",component:"h4",color:"textPrimary",className:r.resultHeading},"Test results"),e.createElement(zt,{severity:"info"},"All the tests are evaluated using"," ",e.createElement("strong",null,n),", which is the policy resolution strategy")),e.createElement(O,{container:!0,className:r.accordionHeader},e.createElement(O,{item:!0,xs:12,md:4},e.createElement(h,{variant:"body1",color:"textSecondary"},"Permission")),e.createElement(O,{item:!0,xs:12,md:8},e.createElement(h,{variant:"body1",color:"textSecondary"},"Result"))),t.map(a=>e.createElement(li,{resultRow:a,key:a.permission.name}))):null},ii=jt.array(jt.string()),In=(t,n,r)=>{const[a,l]=Mt(`@spotify/backstage-plugin-rbac:policyTesterForm:${t}`,[],{raw:!1,serializer:i=>JSON.stringify(i),deserializer:i=>{let c;try{c=JSON.parse(i)}catch(s){return console.error("Failed to parse json",s),[]}const m=ii.safeParse(c);return m.success?m.data:(console.error(`Stored value for ${t} has the wrong shape`,m.error),[])}}),o=B(()=>a!=null?a:[],[a]);return G(()=>{const i=new Set(n),c=o.some(m=>!i.has(m));!r&&c&&l(o.filter(m=>i.has(m)))},[n,o,l,r]),[o,l]},ci=C(t=>({fieldset:{border:"none",margin:`${t.spacing(3)}px 0 ${t.spacing(3)}px`,paddingLeft:"0"}})),On=({children:t,title:n})=>{const r=ci();return e.createElement("fieldset",{className:r.fieldset},e.createElement(h,{variant:"h6",component:"legend"},n),t)},si=C(t=>({bodyText:{margin:`${t.spacing(1)}px 0`},clearButton:{marginLeft:t.spacing(1)}}));function mi(){const{policy:t}=Y(),{permissions:n,isLoading:r}=Ne(),a=B(()=>t.roles.map(T=>T.id),[t.roles]),l=B(()=>(n==null?void 0:n.map(T=>T.name))||[],[n]),o=ee(null),[i,c]=In("roleIds",a),[m,s]=In("permissionNames",l,r),[p,u]=R(""),[d,x,f]=Io();G(()=>{f()},[t.roles,t.options,f]);const y=()=>{var T,z;m.length===0?((z=(T=o.current)==null?void 0:T.firstChild)==null||z.focus(),u("Please select at least one permission.")):x(i,m)},g=()=>{c([]),s([]),f(),u("")},w=si(),S=T=>{s(T),T.length>0&&u("")};return e.createElement(ot,null,e.createElement(E,{justifyContent:"space-between",padding:2},e.createElement(h,{variant:"h3"},"Policy Tester"),e.createElement(h,{variant:"body1",component:"p",className:w.bodyText},"Use the policy tester to check if your changes will provide the access you intended for a user that has the roles you select below."),e.createElement(On,{title:"Which permissions do you want to test?"},e.createElement(ko,{selectedPermissionNames:m,setSelectedPermissionNames:S,ref:o,errorMessage:p})),e.createElement(On,{title:"Which roles should the simulated user have?"},e.createElement(Ro,{selectedRoleIds:i,setSelectedRoleIds:c})),e.createElement(E,{marginTop:3,component:"section"},e.createElement(P,{onClick:y,variant:"contained",color:"primary"},"Run tests"),e.createElement(P,{className:w.clearButton,color:"primary",variant:"outlined",startIcon:e.createElement(ul,null),onClick:g},"Clear")),d&&d.length?e.createElement(E,{sx:{flexGrow:1},marginTop:4},e.createElement(oi,{results:d,resolutionStrategy:t.options.resolutionStrategy})):null))}function di(){const{versionId:t}=tt();return Ge(t),e.createElement(Xe,{policyId:t},e.createElement(ui,null))}function ui(){const{policy:t,updateLocalDraft:n}=Y(),r=o=>{n({...t,name:o})},a=Pn(Ir.safeParse(t)).name,l=t.status!=="draft";return e.createElement(Ke,{pages:[{title:t.name}],header:e.createElement(We,{title:t.name,titleComponent:e.createElement(e.Fragment,null,e.createElement(tn,null,l?t.name:e.createElement(Nn,{invalid:a,name:"Policy name",value:t.name,onTextChange:r}),e.createElement(qt,{status:t.status})),pi(t))},e.createElement(So,null))},e.createElement(O,{container:!0,spacing:4},e.createElement(O,{item:!0,xs:12},t.roles.length>0?e.createElement(Do,null):e.createElement(To,{readonly:l})),e.createElement(O,{item:!0,xs:12},e.createElement(mi,null))))}function pi(t){const n={created:"Created by ",published:"Last published by ",updated:"Last updated by "},{activityDateText:r,activityUser:a,timestamp:l}=Xt(t,n);return e.createElement(h,{variant:"body2"},e.createElement(h,{component:"span",display:"inline",variant:"body2"},`${r} ${a} `),e.createElement(Qt,{timestamp:l}))}const Ei=C(t=>({card:n=>({marginTop:t.spacing(3),height:"100%","&:hover":n.readonly?{pointerEvents:"none"}:{}}),cardHeader:{paddingBottom:t.spacing(2),alignItems:"flex-start"},defaultChip:{marginLeft:t.spacing(1),marginBottom:0},title:{display:"flex",alignItems:"center",paddingTop:t.spacing(.5),paddingBottom:t.spacing(1)}}));function Bn(t){const n=Ei(t),{title:r,description:a,active:l,changeResolutionStrategy:o,defaultOption:i,readonly:c}=t,m=()=>{c||o()};return e.createElement(te,{className:`${n.card}`,onClick:m},e.createElement(xr,{disabled:c},e.createElement(ge,null,e.createElement($t,{className:n.cardHeader,avatar:e.createElement(wr,{checked:l,color:"primary",disabled:c}),title:e.createElement("div",{className:n.title},e.createElement(h,{variant:"h6",component:"h2"},r),i?e.createElement(ce,{label:"Default",size:"small",className:n.defaultChip}):null),subheader:a}))))}const fi=C(t=>({title:{display:"flex",alignItems:"center",paddingBottom:t.spacing(2)},maxWidthWrapper:{maxWidth:"800px"},readOnlyChip:{marginLeft:t.spacing(1)},paragraph:{paddingBottom:t.spacing(1)}}));function yi(){const{versionId:t}=tt();return Ge(t),e.createElement(Xe,{policyId:t},e.createElement(gi,null))}function gi(){const t=fi(),{policy:n,updateLocalDraft:r}=Y(),a=q(),l=n.status!=="draft",o=i=>{r({...n,options:{...n.options,resolutionStrategy:i}})};return e.createElement(Ke,{pages:[{title:n.name,path:".."},{title:"Options"}],header:e.createElement(We,{title:"Options"},e.createElement(P,{variant:"outlined",color:"primary",onClick:()=>a("..",{relative:"path"})},"Back to policy"))},e.createElement(O,{item:!0,xs:12,className:t.maxWidthWrapper},e.createElement("div",null,e.createElement("div",{className:t.title},e.createElement(h,{variant:"h5",component:"h1"},"Decision resolution strategy"),l?e.createElement(ce,{label:"Read only",className:t.readOnlyChip}):null),e.createElement(h,{variant:"body2",component:"p",className:t.paragraph},"Multiple decisions from multiple roles could be applicable to a single user when authorizing a permission request. Please select the decision resolution strategy that makes sense for your policy."),e.createElement(h,{variant:"body2",component:"p",className:t.paragraph},"Please note this strategy will be applied to the whole policy and greatly affects the outcome of permission decisions."),e.createElement(Bn,{title:"Any-allow",changeResolutionStrategy:()=>o("any-allow"),readonly:l,defaultOption:!0,description:e.createElement(e.Fragment,null,e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"The first allow decision from all of the roles and decisions is the final result. A single explicit allow or an allow as a result of a conditional decision would result in a final allow decision, otherwise the decision is deny."),e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"With this option, the order of roles and decisions does not matter.")),active:n.options.resolutionStrategy==="any-allow"}),e.createElement(Bn,{title:"First match",changeResolutionStrategy:()=>o("first-match"),readonly:l,description:e.createElement(e.Fragment,null,e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"The first matching decision from the first matching role that is applicable to the user is the final result, regardless if that decision is an allow, deny or conditional."),e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"With this option, the order in which you define roles and decisions matters.")),active:n.options.resolutionStrategy==="first-match"}))))}function hi(){const t=nt(),{NotFoundErrorPage:n}=t.getComponents();return e.createElement(hl,{loading:e.createElement(ze,null),unauthorized:e.createElement(n,null)},e.createElement(Nl,null,e.createElement(vl,null,e.createElement(pa,null,e.createElement(Jn,null,e.createElement(Me,{element:e.createElement(la,null),path:"/"}),e.createElement(Me,{element:e.createElement(di,null),path:"/versions/:versionId"}),e.createElement(Me,{element:e.createElement(yi,null),path:"/versions/:versionId/options"}),e.createElement(Me,{element:e.createElement(bo,null),path:"/versions/:versionId/roles/:roleId"}))))))}export{hi as RBACRoot};
+//# sourceMappingURL=Root-315d5957.esm.js.map

package/dist/esm/index-9f94edaa.esm.js

@@ -0,0 +1,2 @@
+import{createApiRef as B,createRouteRef as C,createPlugin as $,createApiFactory as S,fetchApiRef as U,discoveryApiRef as T,createRoutableExtension as O,createComponentExtension as k}from"@backstage/core-plugin-api";import{PolicyResponseParser as D,PolicyParser as w,SearchMemberResponseParser as E,AuthorizeResponseParser as I,DraftResponseParser as A,TestPolicyDecisionResponseParser as j}from"@spotify/backstage-plugin-rbac-common";import{ResponseError as M}from"@backstage/errors";var z=Object.defineProperty,J=(s,t,i)=>t in s?z(s,t,{enumerable:!0,configurable:!0,writable:!0,value:i}):s[t]=i,b=(s,t,i)=>(J(s,typeof t!="symbol"?t+"":t,i),i),N=(s,t,i)=>{if(!t.has(s))throw TypeError("Cannot "+i)},y=(s,t,i)=>{if(t.has(s))throw TypeError("Cannot add the same private member more than once");t instanceof WeakSet?t.add(s):t.set(s,i)},r=(s,t,i)=>(N(s,t,"access private method"),i),f,v,d,g,o,c;const R=B({id:"plugin.rbac"});class W{constructor(t){y(this,f),y(this,d),y(this,o),b(this,"fetchApi"),b(this,"discoveryApi"),this.fetchApi=t.fetchApi,this.discoveryApi=t.discoveryApi}async getPolicies(){const{fetch:t}=this.fetchApi,i=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies`),e=await r(this,o,c).call(this,i);return D.parse(e)}async getPolicy(t){const{fetch:i}=this.fetchApi,e=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${t}`),a=await r(this,o,c).call(this,e);return w.parse(a)}async getActivePolicy(){const{fetch:t}=this.fetchApi,i=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/active`),e=await r(this,o,c).call(this,i);return w.parse(e)}async searchMembers(t){const{fetch:i}=this.fetchApi,e=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/members?query=${encodeURIComponent(t.query)}`),a=await r(this,o,c).call(this,e);return E.parse(a)}async authorize(){const{fetch:t}=this.fetchApi,i=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/authorize`),e=await r(this,o,c).call(this,i);return I.parse(e)}async createDraft(t){const{fetch:i}=this.fetchApi,e=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/policies`,{method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json"}}),a=await r(this,o,c).call(this,e);return A.parse(a)}async updateDraft(t,i){const{fetch:e}=this.fetchApi,a=await e(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${t}`,{method:"PATCH",body:JSON.stringify(i),headers:{"Content-Type":"application/json"}}),n=await r(this,o,c).call(this,a);return A.parse(n)}async deleteDraft(t){const{fetch:i}=this.fetchApi,e=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${t}`,{method:"DELETE"});return await r(this,o,c).call(this,e)}async publishPolicy(t,i){const{fetch:e}=this.fetchApi,a=await e(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${t}/publish`,{method:"PUT",headers:{"Content-Type":"application/json"},body:JSON.stringify(i)});return await r(this,o,c).call(this,a)}async testPolicyDecisions(t){return await Promise.all(t.map(async i=>{const{policyConfig:e,roleIds:a,permission:n}=i,{decision:p,decisionOrigin:h}=await r(this,f,v).call(this,e,a,n);return{decision:p,permission:n,decisionOrigin:h}}))}async fetchAllPermissionMetadata(t){const i=await Promise.all(t.map(e=>r(this,d,g).call(this,e)));return{permissions:i.flatMap(({permissions:e})=>e),rules:i.flatMap(({rules:e})=>e)}}}f=new WeakSet,v=async function(s,t,i){const{fetch:e}=this.fetchApi,a=await e(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/test-policy-decision`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({policyConfig:s,roleIds:t,permission:i})}),n=await r(this,o,c).call(this,a);return j.parse(n)},d=new WeakSet,g=async function(s){var t,i,e,a;const n=await this.discoveryApi.getBaseUrl(s);let p;try{const l=await this.fetchApi.fetch(`${n}/.well-known/backstage/permissions/metadata`);p=await r(this,o,c).call(this,l)}catch{return{permissions:[],rules:[]}}const h=(i=(t=p.permissions)==null?void 0:t.filter(Boolean))!=null?i:[],P=(a=(e=p.rules)==null?void 0:e.filter(Boolean))!=null?a:[];return{permissions:h,rules:P.map(l=>({...l,pluginId:s}))}},o=new WeakSet,c=async function(s){var t,i;if(s.ok)return s.status===204?void 0:s.json();const e=await M.fromResponse(s);throw e.message=(i=(t=e.body.error.message)!=null?t:e.message)!=null?i:"Unknown error",e};const m=C({id:"rbac"}),u=$({id:"rbac",routes:{root:m},apis:[S({api:R,deps:{fetchApi:U,discoveryApi:T},factory(s){return new W(s)}})]}),x=u.provide(O({name:"RBACRoot",component:()=>import("./Root-315d5957.esm.js").then(s=>s.RBACRoot),mountPoint:m})),q=u.provide(k({name:"RBACSidebarItem",component:{lazy:()=>import("./RBACSidebarItem-6579d7e3.esm.js").then(s=>s.RBACSidebarItem)}}));export{x as R,m as a,u as b,q as c,R as r};
+//# sourceMappingURL=index-9f94edaa.esm.js.map

package/dist/index.esm.js

@@ -1,2 +1,2 @@
-import{R as i,c as m,b as R}from"./esm/index-1291dce7.esm.js";import"@backstage/core-plugin-api";import"@backstage/errors";export{i as RBACRoot,m as RBACSidebarItem,R as rbacPlugin};
+import{R as m,c as p,b as R}from"./esm/index-9f94edaa.esm.js";import"@backstage/core-plugin-api";import"@spotify/backstage-plugin-rbac-common";import"@backstage/errors";export{m as RBACRoot,p as RBACSidebarItem,R as rbacPlugin};
 //# sourceMappingURL=index.esm.js.map

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@spotify/backstage-plugin-rbac",
   "description": "Control access to actions and data in Backstage with ease.",
-  "version": "0.5.10",
+  "version": "0.5.12",
   "license": "SEE LICENSE IN LICENSE.md",
   "homepage": "https://backstage.spotify.com",
   "main": "dist/index.esm.js",
@@ -25,23 +25,22 @@
   },
   "dependencies": {
     "@backstage/catalog-model": "^1.4.3",
-    "@backstage/core-components": "^0.13.9",
-    "@backstage/core-plugin-api": "^1.8.1",
+    "@backstage/core-components": "^0.13.10",
+    "@backstage/core-plugin-api": "^1.8.2",
     "@backstage/errors": "^1.2.3",
-    "@backstage/plugin-catalog-react": "^1.9.2",
-    "@backstage/plugin-permission-common": "^0.7.11",
-    "@backstage/plugin-permission-node": "^0.7.19",
-    "@backstage/plugin-permission-react": "^0.4.18",
+    "@backstage/plugin-catalog-react": "^1.9.3",
+    "@backstage/plugin-permission-common": "^0.7.12",
+    "@backstage/plugin-permission-node": "^0.7.20",
+    "@backstage/plugin-permission-react": "^0.4.19",
     "@backstage/theme": "^0.5.0",
     "@backstage/types": "^1.1.1",
     "@material-ui/core": "^4.12.2",
     "@material-ui/icons": "^4.9.1",
     "@material-ui/lab": "4.0.0-alpha.61",
-    "@spotify/backstage-plugin-core": "^0.5.8",
-    "@spotify/backstage-plugin-rbac-common": "^0.5.9",
+    "@spotify/backstage-plugin-core": "^0.5.9",
+    "@spotify/backstage-plugin-rbac-common": "^0.5.10",
     "ajv": "^8.11.2",
     "file-saver": "^2.0.5",
-    "immutable-json-patch": "^5.1.3",
     "js-yaml": "^4.1.0",
     "json-schema": "^0.4.0",
     "lodash": "^4.17.21",
@@ -49,21 +48,21 @@
     "react-use": "^17.2.4",
     "react-virtualized": "^9.22.5",
     "uuid": "^9.0.0",
-    "vanilla-jsoneditor": "^0.20.0",
+    "vanilla-jsoneditor": "0.19.0",
     "zod": "^3.20.0",
     "zod-to-json-schema": "^3.20.2"
   },
   "peerDependencies": {
-    "@backstage/plugin-permission-node": "^0.7.19",
+    "@backstage/plugin-permission-node": "^0.7.20",
     "react": "^16.13.1 || ^17.0.0",
     "react-router-dom": "6.0.0-beta.0 || ^6.3.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.25.0",
-    "@backstage/core-app-api": "^1.11.2",
-    "@backstage/dev-utils": "^1.0.25",
+    "@backstage/cli": "^0.25.1",
+    "@backstage/core-app-api": "^1.11.3",
+    "@backstage/dev-utils": "^1.0.26",
     "@backstage/e2e-test-utils": "^0.1.0",
-    "@backstage/test-utils": "^1.4.6",
+    "@backstage/test-utils": "^1.4.7",
     "@playwright/test": "^1.32.3",
     "@testing-library/jest-dom": "^6.0.0",
     "@testing-library/react": "^12.1.5",
@@ -71,7 +70,7 @@
     "@testing-library/user-event": "^14.0.0",
     "@types/file-saver": "^2.0.5",
     "@types/jest": "^29.4.0",
-    "@types/node": "^18.0.0",
+    "@types/node": "^20.0.0",
     "@types/react-virtualized": "^9.21.21",
     "cross-fetch": "^4.0.0",
     "msw": "^1.0.0"

package/dist/esm/RBACSidebarItem-2a1cccb8.esm.js

@@ -1,2 +0,0 @@
-import t from"react";import e from"@material-ui/icons/Lock";import{SidebarItem as m}from"@backstage/core-components";import{A as i}from"./Authorized-8bca4a90.esm.js";import"@backstage/core-plugin-api";import"react-use/lib/useAsync";import"./index-1291dce7.esm.js";import"@backstage/errors";function p({text:r="RBAC",...o}){return t.createElement(i,null,t.createElement(m,{icon:e,to:"rbac",text:r,...o}))}export{p as RBACSidebarItem};
-//# sourceMappingURL=RBACSidebarItem-2a1cccb8.esm.js.map

package/dist/esm/Root-dbaad539.esm.js

@@ -1,3 +0,0 @@
-import e,{createContext as Ie,useState as A,useCallback as $,useMemo as B,useContext as Oe,useEffect as G,Fragment as Be,useRef as ae,Children as wt,isValidElement as Le,useReducer as Gn,useLayoutEffect as _n}from"react";import{useNavigate as q,Link as Yn,useParams as tt,Routes as Jn,Route as Me}from"react-router-dom";import{useApi as k,configApiRef as qn,alertApiRef as oe,useRouteRef as Kn,useApp as nt}from"@backstage/core-plugin-api";import ye from"react-use/lib/useAsync";import{isResourcePermission as rt,AuthorizeResult as F}from"@backstage/plugin-permission-common";import{r as W,a as Qn}from"./index-1291dce7.esm.js";import{forEach as Xn,mapValues as Zn,groupBy as er,uniq as tr}from"lodash";import{Breadcrumbs as nr,Link as ie,Page as rr,Header as lr,Content as ar,EmptyState as Fe,Progress as ze,ErrorPanel as Dt,Table as or,ContentHeader as We,UserIcon as ir}from"@backstage/core-components";import Nt from"react-use/lib/useMount";import{makeStyles as C,Typography as h,Container as cr,Grid as I,Button as P,Card as ee,CardContent as ge,Box as E,Chip as ce,Tooltip as he,List as sr,ListItem as Pt,ListItemIcon as se,ListItemText as Q,CardActions as mr,Dialog as me,DialogContent as te,DialogTitle as He,TextField as ve,DialogActions as lt,CircularProgress as Tt,IconButton as _,Checkbox as be,TableRow as H,TableCell as w,debounce as dr,Table as je,TableHead as Ue,TableBody as Ve,Tabs as ur,Tab as pr,FormControl as Ce,InputLabel as de,Select as xe,MenuItem as j,Menu as St,FormControlLabel as At,FormHelperText as Rt,Popper as Er,Paper as at,Divider as ot,DialogContentText as fr,ButtonBase as yr,CardHeader as $t,ButtonGroup as gr,MenuList as it,Input as kt,TableContainer as hr,Accordion as vr,AccordionSummary as br,AccordionDetails as Cr,CardActionArea as xr,Radio as wr}from"@material-ui/core";import{SpotifyLicenseBanner as Dr,useAutoUpdatingRelativeTime as Nr,invariant as Ge}from"@spotify/backstage-plugin-core";import ue from"react-use/lib/useAsyncFn";import Pr,{dump as Tr}from"js-yaml";import{PolicyConfigParser as _e,isConditionalDecision as Ye,isAllOfPermissionCriteria as Sr,isAnyOfPermissionCriteria as Ar,isNotPermissionCriteria as Rr,isMatchingPermission as $r,BackstageUserPlaceholder as we,RoleParser as kr,getMatchingRolePermissions as It,UpdateDraftRequestParser as Ir}from"@spotify/backstage-plugin-rbac-common";import{v4 as pe}from"uuid";import Ot from"lodash/keyBy";import Or from"lodash/isEqual";import Bt from"@material-ui/icons/ReportProblemOutlined";import Br from"@material-ui/icons/CalendarToday";import Lt from"@material-ui/icons/Person";import Lr from"@material-ui/icons/FiberManualRecord";import{DateTime as Je}from"luxon";import Mt from"react-use/lib/useLocalStorage";import{saveAs as Mr}from"file-saver";import Ft from"lodash/omit";import Fr from"lodash/pickBy";import ct from"@material-ui/icons/Close";import zr from"@material-ui/icons/Publish";import Wr from"@material-ui/icons/FilterNone";import{parseEntityRef as ne,DEFAULT_NAMESPACE as Hr}from"@backstage/catalog-model";import{humanizeEntityRef as jr,catalogApiRef as Ur}from"@backstage/plugin-catalog-react";import{Autocomplete as st,Alert as zt,ToggleButton as Vr,ToggleButtonGroup as Gr}from"@material-ui/lab";import{List as _r}from"react-virtualized";import De from"@material-ui/icons/Delete";import Yr from"@material-ui/icons/Group";import Jr from"@material-ui/icons/GroupWork";import Wt from"@material-ui/icons/Info";import Ht from"ajv";import qr from"lodash/uniqBy";import{JSONEditor as Kr,isTextContent as Qr,createAjvValidator as Xr,Mode as Zr}from"vanilla-jsoneditor";import mt from"@material-ui/icons/Add";import el from"@material-ui/icons/Remove";import tl from"@material-ui/icons/Edit";import nl from"@material-ui/icons/Check";import rl from"@material-ui/icons/KeyboardArrowDown";import ll from"@material-ui/icons/KeyboardArrowUp";import al from"../images/no-permissions.svg";import ol from"../images/no-roles.svg";import il from"@material-ui/icons/MoreHoriz";import cl from"@material-ui/icons/Undo";import sl from"@material-ui/icons/Save";import ml from"@material-ui/icons/Settings";import dl from"@material-ui/icons/VerticalAlignTop";import ul from"@material-ui/icons/Clear";import pl from"@material-ui/icons/InfoOutlined";import El from"@material-ui/icons/AccountTreeOutlined";import fl from"@material-ui/icons/CheckSharp";import yl from"@material-ui/icons/NotInterested";import gl from"@material-ui/icons/ExpandMore";import{z as jt}from"zod";import{A as hl}from"./Authorized-8bca4a90.esm.js";import"@backstage/errors";const Ut=Ie(null),vl=({children:t})=>{const n=k(qn),r=k(W),a=k(oe),[l,o]=A(null),i=$(async()=>{var c;if(!l){const m=await r.fetchAllPermissionMetadata((c=n.getOptionalStringArray("permission.permissionedPlugins"))!=null?c:[]),s=Cl(m.rules);Xn(s,u=>{u.length!==1&&a.post({message:`The plugin(s) ${u.slice(1).join(", ")} expose rules which are conflicting with rules exposed by the ${u[0]} plugin. These rules will not be available for use. Please contact RBAC support if you need assistance resolving this issue.`,severity:"error"})});const p=xl(m,s);return o(p),p}return l},[a,l,r,n]);return e.createElement(Ut.Provider,{value:B(()=>({getMetadata:i}),[i])},t)};function qe(){const t=Oe(Ut),{value:n,loading:r}=ye(async()=>t==null?void 0:t.getMetadata(),[t]);return{metadata:n,isLoading:r}}function Vt(){var t;const{metadata:n}=qe();return(t=n==null?void 0:n.rules)!=null?t:null}function Ne(){var t;const{metadata:n,isLoading:r}=qe();return{permissions:(t=n==null?void 0:n.permissions)!=null?t:null,isLoading:r}}function Gt(){const{metadata:t}=qe();return t?[...new Set(t.permissions.filter(n=>rt(n)).map(({resourceType:n})=>n))]:null}function bl(){const{metadata:t}=qe(),n=Gt();return!t||!n?null:n.reduce((r,a)=>{const l=t.rules.find(o=>o.resourceType===a);return l&&(r[a]={pluginId:l.pluginId}),r},{})}function Cl(t){return Zn(er(t,"resourceType"),n=>tr(n.map(({pluginId:r})=>r)))}function xl(t,n){return{...t,rules:t.rules.filter(({resourceType:r,pluginId:a})=>{const l=n[r];return a===l[0]})}}const wl=C(t=>({breadcrumbs:{marginBottom:t.spacing(4)}}));function Dl({pages:t}){const n=Kn(Qn),r=wl();return e.createElement(nr,{className:r.breadcrumbs},e.createElement(ie,{to:n()},"Home"),t.map(({title:a,path:l},o)=>l?e.createElement(ie,{to:l,key:l,relative:"path"},a):e.createElement(h,{key:`${o}`},a)))}function Ke({children:t,header:n,pages:r}){return e.createElement(rr,{themeId:"tool"},e.createElement(Dr,{backend:"rbac",invalidLicenseMessage:"Your existing policy will continue to apply, but you will be unable to make any changes until you enter a valid license."}),e.createElement(lr,{title:"Role Based Access Control"}),e.createElement(ar,null,e.createElement(cr,{maxWidth:"lg"},e.createElement(I,{container:!0,spacing:4},e.createElement(I,{item:!0,xs:12},r&&e.createElement(Dl,{pages:r}),n),t))))}const _t=Ie({hasDraftPolicy:!1,policies:void 0,setPolicies:()=>{},setPolicy:()=>{},getPolicy:()=>{},removePolicy:()=>{}}),Qe=()=>Oe(_t);function Nl({children:t,initialState:n={policies:void 0,cache:{}}}){const[r,a]=A(n),l=$(m=>{a(s=>({...s,policies:m,cache:Yt(s.cache,m)}))},[]),o=$(m=>r.cache[m],[r.cache]),i=$(m=>a(s=>({...s,cache:{...s.cache,[m]:void 0},policies:void 0})),[]),c=$(m=>a(s=>({...s,policies:void 0,cache:Yt(s.cache,[m])})),[]);return e.createElement(_t.Provider,{value:B(()=>{var m;return{hasDraftPolicy:((m=r.policies)==null?void 0:m.some(({status:s})=>s==="draft"))||!1,policies:r.policies,setPolicies:l,setPolicy:c,getPolicy:o,removePolicy:i}},[r.policies,l,c,o,i])},t)}function Yt(t,n){if(!n)return t;const r={...t};return n.forEach(a=>{r[a.id]=a}),r}const Pe=()=>{const t=k(W),{setPolicies:n,policies:r}=Qe(),[{loading:a,error:l},o]=ue(()=>t.getPolicies(),[t],r?{loading:!1,value:{items:r,totalItems:r.length}}:{loading:!0}),i=$(async()=>{const c=await o();n(c.items)},[o,n]);return{loading:a,error:l,fetchPolicies:i}};function Pl(){const t=k(W),n=q(),r=k(oe);function a(l){var o,i;const c=(i=(o=l.target)==null?void 0:o.files)==null?void 0:i[0],m=new FileReader;c&&(m.readAsText(c,"utf-8"),m.onload=async s=>{var p,u;const d=(u=(p=s.target)==null?void 0:p.result)==null?void 0:u.toString();if(d){let x=null;try{x=Pr.load(d)}catch{r.post({message:"YAML file is invalid",severity:"error"});return}const y=_e.safeParse(x);if(!y.success){r.post({message:"Imported policy is invalid",severity:"error"});return}const f=y.data;if((await t.getPolicies()).items.some(N=>N.status==="draft")){r.post({message:"Unable to import new policy due to existing draft policy",severity:"error"});return}const g=await t.createDraft(f);n(`./versions/${g.id}`),r.post({message:"Policy imported successfully",severity:"success"})}})}return e.createElement(P,{variant:"outlined",color:"primary",component:"label"},"Import",e.createElement("input",{role:"input",type:"file",hidden:!0,onChange:a,accept:".yaml"}))}const Tl=C(t=>({cardContent:{padding:t.spacing(6,3),"& > *":{background:"transparent"}}}));function Sl(){const t=Tl(),n=k(W),r=q(),[a,l]=ue(async()=>n.createDraft({roles:[],options:{resolutionStrategy:"any-allow"}}),[n]);return G(()=>{a.value&&r(`./versions/${a.value.id}`)},[r,a.value]),e.createElement(ee,null,e.createElement(ge,{className:t.cardContent},e.createElement(Fe,{missing:"content",title:"No policy configured",description:e.createElement(e.Fragment,null,e.createElement(E,{component:"span",display:"block",pb:2},"Until you've configured your policy, authorization will be denied for all permissions."),e.createElement(E,{component:"span",display:"block"},"Click the button below to create the first version of your policy.")),action:e.createElement(P,{variant:"contained",color:"primary",disabled:a.loading,onClick:l},"New version")})))}function Al(t){var n,r;return((r=(n=t==null?void 0:t.body)==null?void 0:n.response)==null?void 0:r.statusCode)===404}const Rl=(t,n)=>{const r={resolutionStrategy:{operation:"UNCHANGED",before:t==null?void 0:t.resolutionStrategy,after:n==null?void 0:n.resolutionStrategy}};for(const a of Object.keys(r)){const l=a;r[l].before!==r[l].after&&(r[l].operation="CHANGED")}return r},dt=(t,n)=>{const r=Object.entries(t);for(const[,a]of r){const l=n(a);for(const[,o]of r){const i=n(o);i.operation!=="ADDED"&&i.operation!=="REMOVED"&&(l.operation==="ADDED"&&l.indexAfter<i.indexAfter?i.indexBefore+=1:l.operation==="REMOVED"&&l.indexBefore<i.indexBefore&&(i.indexBefore-=1))}}for(const[,a]of r){const l=n(a);l.operation==="UNCHANGED"&&l.indexAfter!==l.indexBefore&&(l.operation=l.indexAfter>l.indexBefore?"MOVED_DOWN":"MOVED_UP")}return t},ut=(t,n)=>{if(t==="*")return n==="*"?{"*":{operation:"UNCHANGED",after:"*",before:"*",indexAfter:0,indexBefore:0}}:{"*":{operation:"REMOVED",after:null,before:"*",indexAfter:-1,indexBefore:0},...Object.fromEntries(n.map((a,l)=>[a,{operation:"ADDED",after:a,before:null,indexAfter:l,indexBefore:-1}]))};if(n==="*")return{"*":{operation:"ADDED",after:"*",before:null,indexAfter:0,indexBefore:-1},...Object.fromEntries(t.map((a,l)=>[a,{operation:"REMOVED",after:null,before:a,indexAfter:-1,indexBefore:l}]))};const r=Object.fromEntries(n.map((a,l)=>[a,{operation:"ADDED",after:a,before:null,indexAfter:l,indexBefore:-1}]));for(let a=0;a<t.length;a++){const l=t[a];r[l]?(r[l].before=l,r[l].indexBefore=a,r[l].operation="UNCHANGED"):r[l]={operation:"REMOVED",after:null,before:l,indexAfter:-1,indexBefore:a}}return dt(r,a=>a)},pt=(t,n)=>{const r=Ot(n,"id"),a=Object.fromEntries(n.map((l,o)=>[l.id,{operation:"ADDED",indexAfter:o,indexBefore:-1,after:l,before:null}]));for(let l=0;l<t.length;l++){const o=t[l];if(a[o.id]){const i=!Or(o,r[o.id]);a[o.id].before=o,a[o.id].indexBefore=l,a[o.id].operation=i?"CHANGED":"UNCHANGED"}else a[o.id]={operation:"REMOVED",after:null,before:o,indexAfter:-1,indexBefore:l}}return dt(a,l=>l)},$l=(t=[],n=[])=>{const r=Ot(n,"id"),a=Object.fromEntries(n.map((l,o)=>[l.id,{role:{operation:"ADDED",indexAfter:o,indexBefore:-1,after:l,before:null},members:ut([],l.members),permissions:pt([],l.permissions)}]));for(let l=0;l<t.length;l++){const o=t[l];if(r[o.id]){const i=r[o.id],c=ut(o.members,i.members),m=pt(o.permissions,i.permissions),s=Object.values(m).some(({operation:d})=>d!=="UNCHANGED"),p=Object.values(c).some(({operation:d})=>d!=="UNCHANGED"),u=o.name!==i.name||s||p;a[o.id].role.before=o,a[o.id].role.indexBefore=l,a[o.id].role.operation=u?"CHANGED":"UNCHANGED",a[o.id].members=c,a[o.id].permissions=m}else a[o.id]={role:{operation:"REMOVED",after:null,before:o,indexAfter:-1,indexBefore:l},members:ut(o.members,[]),permissions:pt(o.permissions,[])}}return dt(a,({role:l})=>l)},kl=(t,n)=>{const r=$l((t==null?void 0:t.roles)||[],n.roles||[]),a=Rl(t==null?void 0:t.options,n.options),l=(t==null?void 0:t.name)!==n.name,o=Object.values(a).some(({operation:i})=>i!=="UNCHANGED");return{policy:{operation:l||o?"CHANGED":"UNCHANGED",before:t,after:n},roles:r,options:a}},Jt=t=>{const n=k(W),{value:r,loading:a,error:l}=ye(()=>n.getActivePolicy(),[n]);return B(()=>t&&!a&&!l?kl(r,t):null,[r,t,a,l])},Il=C(t=>({chip:{margin:0},icon:{color:t.palette.success.main}}));function qt(t){const n=Il();return t.status==="inactive"?null:t.status==="draft"?e.createElement(ce,{className:n.chip,label:"Draft",size:t.size}):e.createElement(ce,{className:n.chip,classes:{icon:n.icon},label:"Active",icon:e.createElement(Lr,null),size:t.size})}const Ol=(t,n)=>{switch(n){case"ADDED":return t.palette.success.main;case"REMOVED":return t.palette.errorText;case"CHANGED":return t.palette.infoText;case"MOVED_UP":case"MOVED_DOWN":return t.palette.infoText;case"UNCHANGED":default:return t.palette.text.primary}},Bl=t=>{switch(t){case"ADDED":return"success";case"REMOVED":return"error";case"CHANGED":return"info";case"MOVED_UP":case"MOVED_DOWN":return"info";case"UNCHANGED":default:return"info"}},Ll=t=>{switch(t){case"ADDED":return"New";case"REMOVED":return"Removed";case"CHANGED":return"Changed";case"MOVED_UP":return"Moved up";case"MOVED_DOWN":return"Moved down";case"UNCHANGED":default:return"No changes"}};function Ml(t){var n;return Ye(t.decision)?"Conditional":(n={allow:"Allow",deny:"Deny"}[t.decision])!=null?n:"Unknown"}function Et(t){var n;if(t.match==="*")return"All";if(t.match.name)return t.match.name;const r=[];return t.match.resourceType&&r.push(t.match.resourceType),(n=t.match.actions)!=null&&n.length&&r.push(t.match.actions.join(", ")),r.join(" | ")}const Fl=C(t=>({root:({operation:n})=>({color:Ol(t,n)})})),z=t=>e.createElement(h,{...t,variant:"body2"}),D=t=>{const n=Fl(t);return e.createElement(E,{...t,className:n.root,component:"span",fontWeight:"fontWeightBold"})},Kt=({policy:t})=>{var n,r,a,l;const o=Jt(t),i=(o==null?void 0:o.policy.operation)==="CHANGED"||Object.values((n=o==null?void 0:o.roles)!=null?n:{}).some(u=>u.role.operation!=="UNCHANGED")||((r=o==null?void 0:o.options)==null?void 0:r.resolutionStrategy.operation)==="CHANGED";if(!o||!i)return e.createElement(E,null,"No changes");const c=!!o.policy.before&&!!o.policy.after&&o.policy.before.name!==o.policy.after.name,m=o.options.resolutionStrategy.operation==="CHANGED",s=({before:u,after:d})=>u&&d&&u.name!==d.name,p=({operation:u})=>u!=="ADDED"&&u!=="REMOVED";return e.createElement(E,null,c&&e.createElement(z,null,"Policy name ",e.createElement(D,{operation:"CHANGED"},"changed")," from"," ",e.createElement(D,null,'"',(a=o.policy.before)==null?void 0:a.name,'"')," to"," ",e.createElement(D,null,'"',(l=o.policy.after)==null?void 0:l.name,'"')),m&&e.createElement(z,null,"Resolution Strategy ",e.createElement(D,{operation:"CHANGED"},"changed")," ","from ",e.createElement(D,null,'"',o.options.resolutionStrategy.before,'"')," to"," ",e.createElement(D,null,'"',o.options.resolutionStrategy.after,'"')),Object.entries(o.roles).map(([u,{role:d,permissions:x,members:y}])=>{var f,g,N,S,O,U;return e.createElement(Be,{key:u},d.operation==="ADDED"&&e.createElement(z,null,"Role ",e.createElement(D,null,'"',(f=d.after)==null?void 0:f.name,'"')," has been"," ",e.createElement(D,{operation:"ADDED"},"added")),d.operation==="REMOVED"&&e.createElement(z,null,"Role ",e.createElement(D,null,'"',(g=d.before)==null?void 0:g.name,'"')," has been"," ",e.createElement(D,{operation:"REMOVED"},"removed")),s(d)&&e.createElement(z,null,"Role name changed from ",e.createElement(D,null,'"',(N=d.before)==null?void 0:N.name,'"')," ","to ",e.createElement(D,null,'"',(S=d.after)==null?void 0:S.name,'"')),d.indexAfter>d.indexBefore&&d.indexBefore!==-1&&e.createElement(z,null,"Role ",e.createElement(D,null,'"',(O=d.after)==null?void 0:O.name,'"')," has been"," ",e.createElement(D,{operation:"MOVED_DOWN"},"moved down")," in priority"),d.indexAfter<d.indexBefore&&d.indexAfter!==-1&&e.createElement(z,null,"Role ",e.createElement(D,null,'"',(U=d.after)==null?void 0:U.name,'"')," has been"," ",e.createElement(D,{operation:"MOVED_UP"},"moved up")," in priority"),p(d)&&e.createElement(e.Fragment,null,Object.entries(x).map(([M,b])=>{var T,v,R,L,re;const{before:X,after:Ee}=b,le=X&&Et(X),Z=Ee&&Et(Ee);return e.createElement(Be,{key:M},b.operation==="ADDED"&&b.after&&e.createElement(z,null,"Permission decision"," ",e.createElement(D,null,'"',Z,'"')," has been"," ",e.createElement(D,{operation:"ADDED"},"added")," to"," ",e.createElement(D,null,'"',(T=d.after)==null?void 0:T.name,'"')),b.operation==="REMOVED"&&b.before&&e.createElement(z,null,"Permission decision"," ",e.createElement(D,null,'"',le,'"')," has been"," ",e.createElement(D,{operation:"REMOVED"},"removed")," ","from ",e.createElement(D,null,'"',(v=d.after)==null?void 0:v.name,'"')),b.operation==="CHANGED"&&e.createElement(z,null,le!==Z?e.createElement(e.Fragment,null,"Permission decision"," ",e.createElement(D,null,'"',le,'"')," has been"," ",e.createElement(D,{operation:"CHANGED"},"updated")," ","to ",e.createElement(D,null,'"',Z,'"')):e.createElement(e.Fragment,null,"Permission decision"," ",e.createElement(D,null,'"',le,'"')," has been"," ",e.createElement(D,{operation:"CHANGED"},"updated"))," ","in ",e.createElement(D,null,'"',(R=d.after)==null?void 0:R.name,'"')),b.indexAfter>b.indexBefore&&b.indexBefore!==-1&&e.createElement(z,null,"Permission decision"," ",e.createElement(D,null,'"',Z,'"')," has been"," ",e.createElement(D,{operation:"MOVED_DOWN"},"moved down")," ","in priority in"," ",e.createElement(D,null,'"',(L=d.after)==null?void 0:L.name,'"')),b.indexAfter<b.indexBefore&&b.indexAfter!==-1&&e.createElement(z,null,"Permission decision"," ",e.createElement(D,null,'"',Z,'"')," has been"," ",e.createElement(D,{operation:"MOVED_UP"},"moved up")," ","in priority in"," ",e.createElement(D,null,'"',(re=d.after)==null?void 0:re.name,'"')))}),Object.entries(y).map(([M,b])=>{var T,v;return e.createElement(Be,{key:M},b.operation==="ADDED"&&b.after&&e.createElement(z,null,"Member ",e.createElement(D,null,'"',b.after,'"')," has been"," ",e.createElement(D,{operation:"ADDED"},"added")," to"," ",e.createElement(D,null,'"',(T=d.after)==null?void 0:T.name,'"')),b.operation==="REMOVED"&&b.before&&e.createElement(z,null,"Member ",e.createElement(D,null,'"',b.before,'"')," has been"," ",e.createElement(D,{operation:"REMOVED"},"removed")," from"," ",e.createElement(D,null,'"',(v=d.after)==null?void 0:v.name,'"')))})))}))},zl=C(()=>({root:{display:"inline-flex"}})),Qt=({timestamp:t,description:n})=>{const r=zl(),a=Je.fromISO(t).toLocaleString(Je.DATETIME_FULL),l=Nr(t),o=n?`${n}${l}`:l;return e.createElement("span",{className:r.root},e.createElement(he,{title:a},e.createElement(h,{component:"span",display:"inline",variant:"inherit"},o)))};function Xt(t,n,r){var a,l;let o=n.created,i=t.createdBy;r!=null&&r.created&&(i=r.created+i);let c=t.createdAt;return t.status==="active"?(o=n.published,i=(a=t.lastPublishedBy)!=null?a:"",r!=null&&r.published&&(i=r.published+i),c=(l=t.lastPublishedAt)!=null?l:""):t.createdAt!==t.updatedAt&&(o=n.updated,i=t.updatedBy,r!=null&&r.updated&&(i=r.updated+i),c=t.updatedAt),{activityDateText:o,activityUser:i,timestamp:c}}const Wl=C(t=>({card:n=>({backgroundImage:n.policy.status==="active"?"linear-gradient(256.15deg, #00782A 19.77%, #1DB954 100%)":"linear-gradient(256.15deg, #BDBDBD 19.77%, #EEEEEE 100%)",backgroundPosition:"top",backgroundSize:"100% 8px",backgroundRepeat:"no-repeat",paddingTop:"8px",height:"100%"}),diffSummaryContainer:{backgroundColor:t.palette.background.default,padding:t.spacing(2),borderWidth:"1px",borderStyle:"solid",borderColor:t.palette.divider,borderRadius:t.shape.borderRadius},header:{display:"flex",justifyContent:"space-between",alignItems:"center"},detailsHeader:{...t.typography.body1,paddingTop:t.spacing(2),color:t.palette.text.secondary},activityList:{color:t.palette.text.secondary},activityListItem:{padding:0},actions:{justifyContent:"flex-start"}}));function Te(t){const n=Wl(t),{policy:r,to:a,withChangeSummary:l}=t,o=`${r.name} ${r.status==="draft"?"- Draft":""}`,i={created:"Created: ",published:"Published: ",updated:"Updated: "},c={created:"Created by ",published:"Published by ",updated:"Updated by "},{activityDateText:m,activityUser:s,timestamp:p}=Xt(r,i,c);return e.createElement(ee,{className:n.card},e.createElement(ge,null,e.createElement("div",{className:n.header},a?e.createElement(ie,{to:`versions/${r.id}`},e.createElement(h,{variant:"h5",component:"h1"},o)):e.createElement(h,{variant:"h5",component:"h1"},o),r.status==="active"?e.createElement(qt,{status:"active",size:"small"}):null),r.description?e.createElement(h,{variant:"body1",color:"textSecondary"},'"',r.description,'"'):null,e.createElement(h,{component:"h2",className:n.detailsHeader},"Details"),e.createElement(sr,{className:n.activityList},e.createElement(Pt,{className:n.activityListItem},e.createElement(se,null,e.createElement(Br,null)),e.createElement(Q,{primary:e.createElement(Qt,{timestamp:p,description:m})})),e.createElement(Pt,{className:n.activityListItem},e.createElement(se,null,e.createElement(Lt,null)),e.createElement(Q,{primary:s}))),l&&e.createElement(E,{paddingTop:2},e.createElement(h,{gutterBottom:!0,variant:"subtitle2"},"What's changed"),e.createElement(E,{className:n.diffSummaryContainer},e.createElement(Kt,{policy:r})))),t.actions?e.createElement(mr,{className:n.actions},t.actions):null)}const Hl=C(t=>({icon:{color:t.palette.warning.main,width:"2rem",height:"2rem"},label:{align:"center",display:"block",marginBottom:t.spacing(1),color:t.palette.text.secondary,fontSize:t.typography.caption.fontSize},policiesContainer:{display:"flex",gap:t.spacing(4),marginTop:t.spacing(4),marginBottom:t.spacing(4)},button:{marginTop:t.spacing(4)}})),jl=({localPolicy:t,onSelectLocalPolicy:n,onSelectServerPolicy:r,serverPolicy:a})=>{const l=Hl();return e.createElement(me,{open:!0,maxWidth:"md"},e.createElement(te,null,e.createElement(E,{display:"flex",flexDirection:"column",gridGap:8},e.createElement(E,{display:"flex",justifyContent:"center"},e.createElement(Bt,{className:l.icon})),e.createElement(h,{align:"center",variant:"h6"},"There is a conflict with your drafts"),e.createElement(E,null,e.createElement(h,{align:"center"},"A newer version of the draft you are trying to edit has been recently saved."),e.createElement(h,{align:"center"},"Please review the changes and decide on a version to keep."))),e.createElement(E,{className:l.policiesContainer},e.createElement(E,{alignItems:"center",display:"flex",flexDirection:"column",flex:"1 1 0%"},e.createElement(h,{className:l.label,variant:"button"},"Your local draft"),e.createElement(Te,{policy:t,withChangeSummary:!0}),e.createElement(P,{className:l.button,color:"primary",onClick:n,variant:"outlined"},"Keep local draft")),e.createElement(E,{alignItems:"center",display:"flex",flexDirection:"column",flex:"1 1 0%"},e.createElement(h,{className:l.label,variant:"button"},"Recently saved draft"),e.createElement(Te,{policy:a,withChangeSummary:!0}),e.createElement(P,{className:l.button,color:"primary",onClick:r,variant:"outlined"},"Keep recently saved draft")))))},Ul=({serverPolicy:t,localPolicy:n})=>!n||!t?{policy:t,policyConflict:!1}:t.status!=="draft"?{policy:t,policyConflict:!1}:n.id!==t.id?{policy:t,policyConflict:!1}:n.updatedAt===t.updatedAt?{policy:n,policyConflict:!1}:{policy:n,policyConflict:!0},Vl=()=>Mt("@spotify/backstage-plugin-rbac:draftPolicy");function Zt(t){const n=new Blob([Gl(t)],{type:"text/yaml"});Mr(n,`${(t.name||"policy").toLocaleLowerCase().replace(/\W/g,"-")}.yaml`)}function Gl(t){const{name:n,roles:r,options:a,description:l}=t;return`# this is an autogenerated file, do not edit
-${Tr(Fr({name:n,description:l,options:a,roles:r.map(({permissions:o,...i})=>({...Ft(i,["id"]),permissions:o.map(c=>Ft(c,["id"]))}))},o=>o!==null||o!==void 0))}`}const _l=C(t=>({icon:{color:t.palette.warning.main,width:"2rem",height:"2rem"}})),Yl=({onConfirm:t,policy:n})=>{const r=_l(),a=()=>{Zt(n)};return e.createElement(me,{open:!0},e.createElement(te,null,e.createElement(E,{display:"flex",flexDirection:"column",gridGap:16},e.createElement(E,{display:"flex",flexDirection:"column",gridGap:4},e.createElement(E,{display:"flex",justifyContent:"center"},e.createElement(Bt,{className:r.icon})),e.createElement(h,{align:"center",variant:"h6"},"Invalid local draft")),e.createElement(E,{display:"flex",flexDirection:"column",gridGap:8},e.createElement(h,{align:"center"},"You have a local draft that is no longer compatible or has become corrupted."),e.createElement(h,{align:"center"},"Click export to download your draft. You can attempt to restore your draft by importing this file on the RBAC home page."),e.createElement(h,{align:"center"},"Clicking continue will discard your draft."," ",e.createElement(E,{component:"span",fontWeight:"fontWeightBold"},"This action cannot be undone."))),e.createElement(E,{display:"flex",justifyContent:"center",gridGap:8,marginY:3},e.createElement(P,{color:"primary",onClick:a,variant:"outlined"},"Export"),e.createElement(P,{color:"primary",onClick:t,variant:"contained"},"Discard and continue")))))};function ft(){const t=k(W),n=k(oe),r=ue(async(l,o,i)=>{if(l)return await t.publishPolicy(l.id,{description:o,update:i}),t.getPolicy(l.id)},[]),[{error:a}]=r;return G(()=>{a&&n.post({message:a.message,severity:"error"})},[a,n]),r}const Jl=C(t=>({closeButton:{color:t.palette.text.secondary},diffSummaryContainer:{backgroundColor:t.palette.background.default,marginBottom:t.spacing(2)}}));function yt({open:t,onPublish:n,onClose:r,policy:a}){const[l,o]=A(!1),i=Jl(),c=ae(null),m=async()=>{var s,p;o(!0),await n((p=(s=c.current)==null?void 0:s.value)!=null?p:""),o(!1)};return e.createElement(me,{open:t,onClose:r,fullWidth:!0},e.createElement(He,null,e.createElement(E,{display:"flex",justifyContent:"space-between",alignItems:"center"},"Ready to publish?",e.createElement(P,{startIcon:e.createElement(ct,null),onClick:r,className:i.closeButton},"Close")),e.createElement(h,null,"Double check your changes, then click Publish to activate this version of your policy. This will immediately apply the permissions defined in this version across Backstage.")),e.createElement(te,{className:i.diffSummaryContainer,dividers:!0},e.createElement(Kt,{policy:a})),e.createElement(te,null,e.createElement(ve,{variant:"outlined",fullWidth:!0,label:"Summary (optional)",placeholder:"Briefly describe this version (or changes from a previous version)",inputRef:c})),e.createElement(lt,null,e.createElement(P,{color:"primary",onClick:m,disabled:l},l?e.createElement(Tt,{size:20}):"Publish")))}const ql=C(t=>({paper:{padding:t.spacing(2,2,0,2)}})),gt=({isOpen:t,onClose:n,policy:r})=>{const a=ql();return e.createElement(me,{classes:{...a},open:t,onClose:n},e.createElement(He,{disableTypography:!0},e.createElement(E,{display:"flex",flexDirection:"row"},e.createElement(E,null,e.createElement(h,{variant:"h4",component:"h2"},"Success!"),e.createElement(h,null,r.name," has been published and is now your active policy.")),e.createElement(E,null,e.createElement(_,{onClick:n,title:"Close dialog"},e.createElement(ct,null))))),e.createElement(te,null,e.createElement(Te,{policy:r})),e.createElement(lt,null,e.createElement(E,{display:"flex",flexDirection:"row",flexGrow:1,justifyContent:"flex-start"},e.createElement(P,{component:Yn,color:"primary",onClick:n,role:"link",to:"/rbac"},"View all versions"))))},Kl={canPublish:!1,diff:null,hasChanges:!1,isValid:!1,policy:void 0,createNewRole:()=>"",discardLocalDraft:()=>{},exportPolicy:()=>{},publish:()=>{},saveLocalDraftToServer:()=>Promise.reject(),saveAndPublish:()=>Promise.reject(),refetchPolicy:()=>Promise.reject(),updateLocalDraft:()=>{}},en=Ie(Kl),Y=()=>Oe(en);function Xe({children:t,policyId:n}){const r=q(),a=k(oe),l=k(W),{getPolicy:o,setPolicy:i}=Qe(),c=nt(),{NotFoundErrorPage:m}=c.getComponents(),[s,p]=A({active:!1,update:!1}),[u,d]=A(!1),[{loading:x,value:y},f]=ft(),g=o(n),[N,S,O]=Vl(),U=!N||_e.safeParse(N).success,M=U?N:void 0,{policy:b,policyConflict:T}=Ul({serverPolicy:g,localPolicy:M}),v=Jt(b),R=_e.safeParse(b).success,L=R&&!M&&!x,[{loading:re,error:X},Ee]=ue(()=>l.getPolicy(n),[l,n],g?{loading:!1,value:g}:{loading:!0}),le=()=>{p({active:!0,update:!1})},Z=()=>{p({active:!0,update:!0})},K=$(async()=>{const V=await Ee();i(V)},[Ee,i]),Ln=$(async V=>{await f(b,V,s.update?b:void 0),p({active:!1,update:!1}),K==null||K()},[b,s,f,p,K]),Mn=async()=>{d(!1)},Fn=()=>{S(V=>V&&g&&{...V,updatedAt:g.updatedAt})},zn=$(async()=>{if(!b)throw new Error("No policy to save");try{await l.updateDraft(b.id,{name:b.name,roles:b.roles,options:b.options}),a.post({message:"Policy saved",severity:"success"}),O(),K==null||K()}catch(V){a.post({message:(V==null?void 0:V.message)||"An error occurred while updating the policy",severity:"error"})}},[a,l,b,K,O]),Wn=$(()=>{if(!b)throw new Error("No policy to create a new role");const V=new Set(b.roles.map(Vn=>Vn.id));let fe;do fe=pe().split("-")[0];while(V.has(fe));const Un={name:`Role ${fe}`,permissions:[],members:"*",id:fe};return S({...b,roles:[...b.roles,Un]}),fe},[b,S]),Hn=()=>{O(),r("/rbac")},jn=()=>{b&&Zt(b)};return G(()=>{g||K()},[K,g]),G(()=>{y&&d(!0)},[y]),U?b?e.createElement(en.Provider,{value:{canPublish:L,diff:v,hasChanges:!!M,isValid:R,policy:b,createNewRole:Wn,discardLocalDraft:O,exportPolicy:jn,publish:le,saveLocalDraftToServer:zn,refetchPolicy:K,updateLocalDraft:S,saveAndPublish:Z}},T&&M&&g&&e.createElement(jl,{localPolicy:M,onSelectLocalPolicy:Fn,onSelectServerPolicy:O,serverPolicy:g}),e.createElement(yt,{open:s.active,onClose:()=>p({active:!1,update:!1}),onPublish:Ln,policy:b}),y&&e.createElement(gt,{isOpen:u,onClose:Mn,policy:y}),t):re?e.createElement(ze,null):X?Al(X)?e.createElement(m,null):e.createElement(Dt,{error:X!=null?X:new Error("Unknown")}):null:e.createElement(Yl,{onConfirm:Hn,policy:N})}function Ql(t){throw new Error("Invalid state")}function ht(){const t=k(W),n=k(oe),r=q(),{fetchPolicies:a}=Pe();return ue(async l=>{if(!l)return;const{roles:o,name:i,options:c}=l;try{const m=await t.createDraft({roles:o,options:c,name:i});return await a(),r(`/rbac/versions/${m.id}`),m}catch(m){throw m instanceof Error&&n.post({message:m.message,severity:"error"}),m}},[r,t,n,a])}const Xl=[{title:"Name",field:"name",render:t=>e.createElement(ie,{to:`versions/${t.id}`},t.name)},{title:"Status",field:"status",render:t=>{switch(t.status){case"active":return"Active";case"draft":return"Draft";case"inactive":return"Inactive";default:return Ql(t.status)}}},{title:"Publish date",field:"lastPublishedAt",render:t=>t.lastPublishedAt?Je.fromISO(t.lastPublishedAt).toLocaleString(Je.DATETIME_MED_WITH_SECONDS):"",type:"datetime",defaultSort:"desc"},{title:"Published by",field:"lastPublishedBy"}];function Zl(t){const n=t.data.length>3,{fetchPolicies:r}=Pe(),[{loading:a},l]=ht(),[{loading:o,value:i},c]=ft(),[m,s]=A(void 0),[p,u]=A(!1),d=()=>{s(void 0),r()},x=(m==null?void 0:m.id)===(i==null?void 0:i.id)?i:void 0,y=[f=>{const{tableData:g,...N}=f;return{icon:zr,tooltip:"Republish",onClick:()=>{s(N),u(!0)},disabled:o}},f=>{const{tableData:g,...N}=f;return{icon:Wr,tooltip:"Duplicate",disabled:a||!t.canDuplicate,onClick:()=>l(N)}}];return e.createElement(e.Fragment,null,e.createElement(or,{title:"Previous Versions",columns:Xl,data:t.data,options:{paging:n,pageSize:3,pageSizeOptions:[3,5,10,20],actionsColumnIndex:-1,loadingType:"linear"},actions:y}),m&&e.createElement(yt,{open:p,onPublish:f=>{c(m,f),u(!1)},onClose:()=>{s(void 0),u(!1)},policy:m}),x&&e.createElement(gt,{isOpen:!0,policy:x,onClose:d}))}const ea=t=>{const[n,r]=A(!1),{fetchPolicies:a}=Pe(),[{loading:l,value:o},i]=ft(),{policy:c,hasChanges:m}=Y(),s=_e.safeParse(c).success,p=!m&&s,u=async x=>{await i(c,x),r(!1)},d=()=>{a()};return e.createElement(e.Fragment,null,e.createElement(P,{...t,onClick:()=>r(!0),disabled:!p||l},"Publish"),e.createElement(yt,{open:n,onClose:()=>r(!1),onPublish:u,policy:c}),o&&e.createElement(gt,{isOpen:!0,onClose:d,policy:o}))};function ta(t){const n=k(W),r=k(oe),{fetchPolicies:a}=Pe();return ue(async()=>{if(t)return n.deleteDraft(t.id).then(a).catch(l=>(r.post({message:l.message,severity:"error"}),Promise.reject(l)))},[t])}function na({policies:t}){const n=t.find(s=>s.status==="draft"),r=t.find(s=>s.status==="active"),[a,l]=ht(),[o,i]=ta(n),c=q(),m=ra(t);return e.createElement(I,{container:!0,spacing:4},r?e.createElement(I,{item:!0,xs:12,md:6},e.createElement(Te,{policy:r,to:`./versions/${r.id}`,actions:e.createElement(P,{color:"primary",disabled:a.loading||!!n,onClick:()=>l(r)},"Duplicate")})):null,n?e.createElement(I,{item:!0,xs:12,md:6},e.createElement(Te,{policy:n,to:`./versions/${n.id}`,actions:e.createElement(e.Fragment,null,e.createElement(P,{onClick:()=>c(`versions/${n.id}`),color:"primary"},"Edit"),e.createElement(P,{color:"primary",disabled:o.loading,onClick:i},"Delete Draft"),e.createElement(Xe,{policyId:n.id},e.createElement(ea,{color:"primary"})))})):null,e.createElement(I,{item:!0,xs:12},e.createElement(Zl,{data:m,canDuplicate:!n})))}function ra(t){return t.filter(({status:n})=>n==="inactive")}function la(){const{policies:t}=Qe(),{loading:n,error:r,fetchPolicies:a}=Pe();Nt(()=>{t||a()});let l;return n?l=e.createElement(I,{item:!0,xs:12},e.createElement(ze,null)):r?l=e.createElement(Dt,{error:r}):!t||t.length===0?l=e.createElement(Sl,null):l=e.createElement(na,{policies:t}),e.createElement(Ke,{pages:void 0,header:e.createElement(We,{title:"RBAC Policies"},e.createElement(Pl,null))},l)}const aa=C(t=>({titleWrapper:{display:"flex",alignItems:"center",gap:t.spacing(2)}}));function tn({children:t}){const n=aa();return e.createElement(h,{noWrap:!0,variant:"h4",component:"h2",color:"textSecondary",className:n.titleWrapper},t)}const oa=e.forwardRef(function({children:t,role:n,...r},a){const l=B(()=>{const c=[];return wt.forEach(t,m=>{if(Le(m)){const s=m.props.children[0];Le(s)&&c.push(s);const p=m.props.children[1];if(Le(p)){const u=wt.toArray(p.props.children).filter(Le);c.push(...u)}}}),c},[t]),o=l.length,i=54;return e.createElement("div",{ref:a},e.createElement("ul",{...r},e.createElement(_r,{height:250,width:250,rowHeight:i,overscanCount:5,rowCount:o,rowRenderer:c=>e.cloneElement(l[c.index],{style:{...c.style,whiteSpace:"nowrap"}}),role:n})))}),ia=C({autocomplete:{display:"flex",flex:1}});function ca({members:t,options:n,namespaceOptions:r,loading:a=!1,disabled:l=!1,isMultiNamespaces:o=!1,onTextChange:i,onToggleMember:c,onChange:m}){const[s,p]=A(!1),u=ia(),[d,x]=Gn(g=>g+1,0),y=(g,N)=>{N&&(c(N),x())};G(()=>{s&&i("")},[s,i]);const f=o?r.concat((n==null?void 0:n.members)||[]):(n==null?void 0:n.members)||[];return e.createElement(E,{width:250},e.createElement(st,{key:`${d}`,open:s,onOpen:()=>{p(!0)},onClose:()=>{p(!1)},onChange:y,getOptionLabel:Se,groupBy:sa,ListboxComponent:oa,renderOption:g=>e.createElement(e.Fragment,null,e.createElement(be,{id:`checkbox-${g.entityRef}`,checked:t.includes(g.entityRef),color:"primary"}),e.createElement("label",{htmlFor:`checkbox-${g.entityRef}`},o?Se(g,!1):Se(g))),options:f,openOnFocus:!0,disabled:l,loading:a,className:u.autocomplete,renderInput:g=>e.createElement(ve,{...g,label:o?"Select members":"Select specific users/groups",variant:"standard",onChange:m,InputProps:{...g.InputProps,endAdornment:e.createElement(e.Fragment,null,a?e.createElement(Tt,{color:"inherit",size:20}):null,g.InputProps.endAdornment)}})}))}function Se(t,n=!0){var r;const a=ne(t.entityRef);return a.name==="*"?a.namespace:jr({...a,name:(r=t.name)!=null?r:a.name},{defaultKind:a.kind,defaultNamespace:n?Hr:!1})}const nn={user:"USERS",group:"GROUPS",namespace:"NAMESPACES"};function sa(t){const{name:n,kind:r}=ne(t.entityRef),a=n==="*"?"namespace":r;if(!nn[a])throw new Error(`Group '${a}' is not supported for members in a policy`);return nn[a]}function rn(t,n){switch(n){case"small":return t.typography.caption;case"medium":return t.typography.body1;case"large":return t.typography.subtitle1;default:return t.typography.caption}}function ln(t){switch(t){case"small":return .2;case"medium":return .3;case"large":return 1;default:return .8}}const ma=C(t=>({root:{display:"inline-flex",fontWeight:"bold",borderRadius:"1000px",margin:t.spacing(1),padding:t.spacing(0,1)},message:({size:n})=>({fontSize:rn(t,n).fontSize,font:rn(t,n).font,verticalAlign:"middle",padding:t.spacing(ln(n),0,ln(n),0)})}),{name:"MuiAlert"});function an(t){var n;const r=ma({size:t.size||"small"});return e.createElement(zt,{classes:{root:r.root,message:r.message},role:"textbox",severity:t.severity,icon:(n=t.icon)!=null?n:!1,variant:t.outlined?"outlined":"standard",title:t.text},t.text)}const Ae=t=>{const n=Ll(t.operation);return!t.operation||t.operation==="UNCHANGED"?null:e.createElement(an,{size:t.size,text:n,severity:Bl(t.operation),outlined:!0})},da=C(t=>({actionCol:{width:48},typeIconCol:{paddingRight:"0.4rem"},nameCol:{paddingLeft:0},typeIcon:{color:t.palette.grey[500]}}));function ua({diff:t,loading:n,isMultiNamespaces:r,members:a,error:l,onToggleMember:o,readonly:i=!1}){const c=da();if(n)return e.createElement(H,null,e.createElement(w,{scope:"row",colSpan:i?4:5},e.createElement(ze,null)));if(l&&l.message!=null,a==="*")return e.createElement(H,null,e.createElement(w,{colSpan:2,height:80},"All"),e.createElement(w,{colSpan:i?2:3},e.createElement(Ae,{operation:t==null?void 0:t.members["*"].operation})));if(a.length===0)return e.createElement(H,null,e.createElement(w,{scope:"row",colSpan:i?4:5},"Select users or groups using the drop-down menu above."));const m=a.sort((s,p)=>{let u=0;r&&p.name==="*"&&s.name!=="*"?u=1:r&&s.name==="*"&&p.name!=="*"&&(u=-1);const d=s.type.localeCompare(p.type),x=ne(s.entityRef).namespace.localeCompare(ne(p.entityRef).namespace),y=ne(s.entityRef).name.localeCompare(ne(p.entityRef).name);return u||d||x||y});return e.createElement(e.Fragment,null,m.map(s=>{var p;const{name:u,type:d,entityRef:x}=s;return e.createElement(H,{key:x},e.createElement(w,{className:c.typeIconCol},d==="group"&&e.createElement(Yr,{className:c.typeIcon})||r&&u==="*"&&e.createElement(Jr,{className:c.typeIcon})||e.createElement(Lt,{className:c.typeIcon})),e.createElement(w,{scope:"row",className:c.nameCol},(p=r?Se(s,!1):Se(s))!=null?p:"Unknown"),e.createElement(w,{scope:"row"},u==="*"&&r?"namespace":d),e.createElement(w,null,u&&e.createElement(Ae,{operation:t==null?void 0:t.members[x].operation})),!i&&e.createElement(w,{scope:"row",className:c.actionCol},e.createElement(_,{"aria-label":"delete",onClick:()=>o(s),size:"small"},e.createElement(De,null))))}))}const on=Ie({loading:!1}),pa=({children:t})=>{const n=k(W),r=ye(async()=>await n.searchMembers({query:""}),[n]);return e.createElement(on.Provider,{value:r},t)},Ea=()=>Oe(on),fa=C(()=>({header:{display:"flex",flexDirection:"row",justifyContent:"space-between",paddingLeft:"1rem",paddingRight:"1rem",gap:"1rem"},actionCol:{width:48},typeIconCol:{paddingRight:"0.4rem"},nameCol:{paddingLeft:0}}));function ya({diff:t,policyId:n,role:r,onToggleMember:a,readonly:l=!1,debounceTime:o=1e3}){const i=k(W),c=k(Ur),m=fa(),s=r.members==="*",[p,u]=A(""),{current:d}=ae({}),x=v=>{d[v.entityRef]=v,a(v.entityRef)},y=v=>{var R;if(d[v])return d[v];const L=ne(v);return{entityRef:v,type:L.kind.toLowerCase(),name:(R=L.name)!=null?R:v}},{value:f,loading:g}=Ea(),{loading:N,value:S}=ye(async()=>{const v=await c.getEntityFacets({facets:["metadata.namespace"]}).then(R=>R.facets["metadata.namespace"].map(L=>L.value));return ga(v)},[c]),O=S?(S==null?void 0:S.length)>1:!1,U=S?S.filter(v=>v.entityRef.toLowerCase().includes(p)):[],M=B(()=>dr(v=>{u(v.target.value.toLowerCase())},o),[u,o]),{loading:b,error:T}=ye(async()=>{r.members==="*"||r.members.length===0||(await i.getPolicy(n)).roles.find(v=>v.id===r.id)===void 0||r.members.forEach(v=>{const R=y(v);d[R.entityRef]=R})},[n,s]);return e.createElement(e.Fragment,null,e.createElement("div",{className:m.header},e.createElement("h2",null,"Members"),e.createElement(ca,{onToggleMember:x,members:r.members,disabled:l,options:f,namespaceOptions:U,isMultiNamespaces:O,loading:g||N,onTextChange:u,onChange:M})),e.createElement(je,null,e.createElement(Ue,null,e.createElement(H,null,e.createElement(w,{className:m.typeIconCol}),e.createElement(w,{className:m.nameCol},"Name"),e.createElement(w,null,"Type"),e.createElement(w,null),!l&&e.createElement(w,{className:m.actionCol}))),e.createElement(Ve,null,e.createElement(ua,{diff:t,loading:b||N,isMultiNamespaces:O,error:T,members:Array.isArray(r.members)?r.members.map(y):r.members,onToggleMember:x,readonly:l}))))}function ga(t){return t.map(n=>({name:"*",type:"user",entityRef:`user:${n}/*`})).sort((n,r)=>n.entityRef.toLowerCase().localeCompare(r.entityRef.toLowerCase()))}function cn(t){return`${t.palette.primary.main}50`}const ha=C(t=>({indicator:{right:"unset"},tab:{maxWidth:"none","&.Mui-selected":{backgroundColor:cn(t),color:t.palette.primary.main}}}));function va({options:t,selected:n,onChange:r,readonly:a=!1}){const l=ha();return e.createElement(ur,{orientation:"vertical",value:t.map(({id:o})=>o).indexOf(n),onChange:(o,i)=>r(t[i].id),indicatorColor:"primary",TabIndicatorProps:{className:l.indicator}},t.map(o=>e.createElement(pr,{key:o.id,label:o.displayText.toUpperCase(),className:l.tab,disabled:a})))}const ba=["condition","anyOf","allOf","not"],sn={condition:"Condition",anyOf:"Any of",allOf:"All of",not:"Not"};function vt(t){return t===null?!1:t.hasOwnProperty("id")&&t.hasOwnProperty("ruleName")&&t.hasOwnProperty("parameters")}function Re(t){return t.hasOwnProperty("levelType")}function Ca(t){return t==="anyOf"||t==="allOf"||t==="not"}function xa(t){return t?{id:t.id,match:wa(t),decisionType:Da(t),criteria:Ye(t.decision)?$e(t.decision.conditions):null}:{id:pe(),match:{method:"specificPermission"},decisionType:"allow",criteria:null}}function wa(t){var n;return t.match==="*"?{method:"all"}:t.match.name?{method:"specificPermission",name:t.match.name}:t.match.resourceType||(n=t.match.actions)!=null&&n.length?{method:"filter",resourceType:t.match.resourceType,actions:t.match.actions}:{method:"specificPermission"}}function Da(t){return typeof t.decision=="string"?t.decision:"conditional"}function $e(t){const n=pe();return Sr(t)?{id:n,levelType:"allOf",children:t.allOf.map(r=>$e(r))}:Ar(t)?{id:n,levelType:"anyOf",children:t.anyOf.map(r=>$e(r))}:Rr(t)?{id:n,levelType:"not",children:[$e(t.not)]}:{id:n,ruleName:t.rule,parameters:t.params}}function mn(t,n){if(!t)return!1;if(Re(t))return t.children.length>0&&t.children.every(a=>mn(a,n));if(!t.ruleName)return!1;const r=n==null?void 0:n.find(({name:a})=>a===t.ruleName);return r?r.paramsSchema?new Ht({allErrors:!0}).compile(r.paramsSchema)(t.parameters):!0:!1}function Na(t,n,r){return{id:t,match:dn(n,r),decision:r}}function dn({method:t,...n},r){return t==="all"?"*":r&&Ye(r)?{resourceType:r.resourceType,...n}:n}function bt(t){return vt(t)?{rule:t.ruleName,params:t.parameters}:t.levelType==="not"?{not:bt(t.children[0])}:{[t.levelType]:t.children.map(n=>bt(n))}}const Pa=C(t=>({toggleButton:{"&.Mui-selected":{backgroundColor:cn(t),color:t.palette.primary.main},"&.Mui-selected:hover":{backgroundColor:"#97BBE8"},color:t.palette.primary.main,border:`1px solid ${t.palette.primary.main}`}}));function Ct({className:t,...n}){const r=Pa();return e.createElement(Vr,{className:`${r.toggleButton} ${t}`,...n})}const Ta=C({fullWidth:{width:"100%","& > *":{flexGrow:1}}});function Sa({className:t,fullWidth:n,...r}){const a=Ta();return e.createElement(Gr,{className:`${n?a.fullWidth:""} ${t}`,...r})}function Aa(t,n){const r=(t!=null?t:[]).filter(o=>$r(o,dn(n))),a=qr(r,o=>rt(o)?o.resourceType:void 0),l=a.length===1&&rt(a[0])?a[0].resourceType:void 0;return{permissions:r,commonResourceType:l}}const Ra=C(()=>({fullWidth:{width:"100%","& > *":{flexGrow:1}}})),un="Permission name";function $a({name:t="",readonly:n,onNameChange:r}){const a=Ra(),{permissions:l}=Ne();return e.createElement(Ce,{className:a.fullWidth,variant:"outlined",disabled:n},e.createElement(de,{id:"match-by-name-dropdown"},un),e.createElement(xe,{labelId:"match-by-name-dropdown",label:un,value:l?t:"",onChange:o=>r==null?void 0:r(o.target.value)},l==null?void 0:l.map(o=>e.createElement(j,{key:o.name,value:o.name},o.name))))}const ka=C(()=>({fullWidth:{width:"100%","& > *":{flexGrow:1}}})),pn="Resource type";function Ia({resourceType:t="",readonly:n,onResourceTypeChange:r}){const a=ka(),l=Gt();return e.createElement(Ce,{className:a.fullWidth,variant:"outlined",disabled:n},e.createElement(de,{id:"match-by-resource-dropdown"},pn),e.createElement(xe,{labelId:"match-by-resource-dropdown",label:pn,value:l?t:"",onChange:o=>r==null?void 0:r(o.target.value),displayEmpty:!0},l==null?void 0:l.map(o=>e.createElement(j,{key:o,value:o},o))))}const Oa="Action";function Ba({actions:t,readonly:n,onActionsChange:r}){return e.createElement(st,{multiple:!0,id:"match-by-attribute-dropdown",options:["create","read","update","delete"],getOptionLabel:a=>a,value:t!=null?t:[],onChange:(a,l)=>r==null?void 0:r(l),filterSelectedOptions:!0,renderInput:a=>e.createElement(ve,{...a,variant:"outlined",label:Oa,placeholder:"Choose attributes",margin:"normal"}),disabled:n})}const La=C(()=>({root:{fontFamily:"monospace"}})),En=({children:t})=>{const n=La();return e.createElement(h,{variant:"body2",className:n.root},t)},Ma=C(t=>({rule:{color:t.palette.type==="light"?"#EB0014":"#FF8F9C"},parameters:{color:t.palette.type==="light"?"#E22134":"#EE96A0"}}));function fn({condition:t}){const n=Ma();return e.createElement(En,null,e.createElement(E,{component:"span",className:n.rule},t.ruleName,"(",e.createElement(E,{component:"span",className:n.parameters},JSON.stringify(t.parameters,null,1)),")"))}const Fa=({children:t})=>e.createElement(E,{pl:2},t);function yn({level:t}){return e.createElement(e.Fragment,null,e.createElement(En,null,sn[t.levelType]),e.createElement(Fa,null,t.children.map((n,r)=>Re(n)?e.createElement(yn,{key:r,level:n}):e.createElement(fn,{key:r,condition:n}))))}const za=C(t=>({resultsBox:{border:`1px solid ${t.palette.border}`,borderRadius:t.shape.borderRadius,padding:t.spacing(2)}}));function Wa({permissionCriteria:t}){const n=za();return e.createElement(E,{className:n.resultsBox},vt(t)&&e.createElement(fn,{condition:t}),Re(t)&&e.createElement(yn,{level:t}))}const Ha=C(t=>({conditionResultText:{color:t.palette.success.main},conditionDecisionText:{padding:`0 0 ${t.spacing(3)}px`}}));function gn({permissionCriteria:t}){const n=Ha();return e.createElement("div",null,e.createElement(h,{component:"p",variant:"body1",className:n.conditionDecisionText},"If the below conditions are met then the action is"," ",e.createElement("strong",{className:n.conditionResultText},"allowed.")),e.createElement(Wa,{permissionCriteria:t}))}const ja=C(()=>({addButton:{paddingLeft:40,paddingRight:40}}));function hn({onSelect:t}){const n=ja(),r=ae(null),[a,l]=A(!1),o=()=>{l(i=>!i)};return e.createElement("div",null,e.createElement(P,{className:n.addButton,variant:"outlined",color:"primary",onClick:o,ref:r},"Add"),e.createElement(St,{anchorEl:r.current,open:a,onClose:o,BackdropProps:{}},ba.map(i=>e.createElement(j,{key:i,onClick:()=>{t==null||t(i),l(!1)}},sn[i]))))}const Ua=C(t=>({editor:{"--jse-main-border":`1px solid ${t.palette.divider}`,"--jse-panel-border":`1px solid ${t.palette.divider}`,"--jse-message-error-background":t.palette.error.main,"--jse-message-warning-background":t.palette.warning.main,"--jse-background-color":t.palette.background.default,"--jse-panel-background":t.palette.background.default,"--jse-delimiter-color":t.palette.type==="light"?"rgba(0, 0, 0, 0.38)":"rgba(255, 255, 255, 0.38)","--jse-error-color":t.palette.text.primary,"--jse-key-color":t.palette.text.primary,"--jse-value-color":t.palette.text.primary,"--jse-text-color":t.palette.text.primary,"--jse-panel-color-readonly":t.palette.text.hint,"--jse-value-color-string":t.palette.status.ok,"--jse-value-color-null":t.palette.status.warning,"--jse-value-color-number":t.palette.status.error,"--jse-value-color-boolean":t.palette.status.running,"--jse-font-family":"inherit"}})),Va=t=>"parseError"in t,Ga=t=>{var n;return t?Va(t)?!!t.parseError:((n=t==null?void 0:t.validationErrors)==null?void 0:n.length)>0:!1};function _a({onChange:t,schema:n,value:r}){const a=ae(null),l=ae(),o=Ua();return G(()=>(a.current&&!l.current&&(l.current=new Kr({target:a.current,props:{onChange:(i,c,{contentErrors:m})=>{!Ga(m)&&Qr(i)&&t(JSON.parse(i.text))},validator:Xr({schema:n}),content:{json:{}},mainMenuBar:!1,mode:Zr.text}})),()=>{var i;(i=l.current)==null||i.destroy(),l.current=void 0}),[t,n]),Nt(()=>{var i;(i=l.current)==null||i.updateProps({content:{json:r}})}),e.createElement("div",{ref:a,className:o.editor,style:{height:300}})}const Ya=[];function Ja(t){const{onChange:n,schema:r,name:a}=t,{description:l,items:o}=r,[i,c]=e.useState(!1),m=Array.isArray(t.value)?t.value:Ya,s=m.includes(we),p=(g,N)=>{if(!Array.isArray(N)){const S=[...m];S[g]=N||"",n(S)}},u=$(()=>{n([...m,""])},[n,m]),d=g=>{n(m.filter((N,S)=>S!==g))},x=()=>{n(s?[]:[we])},y=()=>{s&&c(!0)},f=()=>{c(!1)};return G(()=>{m.length?s&&m.length>1&&n([we]):u()},[u,n,m,s]),!o||!("type"in o)?null:e.createElement(e.Fragment,null,(m!=null?m:[]).map((g,N,{length:S})=>e.createElement(bn,{allowEmptyStrings:!0,key:N,onChange:O=>p(N,O),name:N===0?a:"",schema:{description:N===S-1?l:"",type:o.type},value:g,controls:e.createElement(_,{size:"small",onClick:()=>d(N)},e.createElement(el,null))})),!!(m!=null&&m.length)&&e.createElement(E,{alignItems:"center",display:"flex",flexDirection:"row",justifyContent:"space-between"},e.createElement(E,null,e.createElement(At,{control:e.createElement(be,{checked:s,onChange:x,name:"checkedB",color:"primary"}),label:"Use the claims from the logged in users token"})),e.createElement(E,null,e.createElement(he,{onClose:f,onOpen:y,open:i,title:"To add additional entries you must uncheck using the claims from the logged in user."},e.createElement("span",null,e.createElement(_,{disabled:s,size:"small",onClick:u},e.createElement(mt,null)))))))}function qa(t){const{onChange:n,schema:r,name:a,value:l}=t,{description:o}=r;return e.createElement(E,{mb:1},e.createElement(At,{control:e.createElement(be,{checked:l===!0,onChange:i=>{n(i.target.checked)},name:a,color:"primary"}),label:a}),o&&e.createElement(h,{display:"block",variant:"caption",color:"textSecondary"},o))}function Ka({allowEmptyStrings:t,controls:n,name:r,onChange:a,schema:l,value:o}){const i=c=>{a(Xa({value:c.currentTarget.value,type:l.type}))};return e.createElement(E,{mb:1},e.createElement(E,{display:"flex",gridGap:6},e.createElement(ve,{fullWidth:!0,id:r,label:r,placeholder:"Enter",variant:"outlined",size:"small",value:Qa(o,t),onChange:xt(o,t)?void 0:i,disabled:xt(o,t)}),n&&e.createElement(E,{alignSelf:"center"},n)),l.description&&e.createElement(h,{variant:"caption",color:"textSecondary"},l.description,xt(o)&&!t&&e.createElement(e.Fragment,null," (switch to JSON editor to edit)")))}function xt(t,n=!1){return!n&&t===""||t===null||t===we}function Qa(t,n=!1){return!n&&t===""?"[empty string]":t===null?"[null]":t===we?"[BackstageUserClaims]":t||""}function Xa({value:t,type:n}){switch(n){case"string":return t===""?void 0:t;case"number":case"integer":return Number.isNaN(Number(t))?void 0:Number(t);case"null":return t==="null"?null:void 0;default:return}}function vn(t){return!!t&&"type"in t&&(t.type==="array"||t.type==="boolean"||t.type==="null"||t.type==="number"||t.type==="integer"||t.type==="string")}function Za(t){return"type"in t&&t.type==="array"}function eo(t){return"type"in t&&t.type==="boolean"}function bn({schema:t,...n}){return vn(t)?Za(t)?e.createElement(Ja,{...n,schema:t}):eo(t)?e.createElement(qa,{...n,schema:t}):e.createElement(Ka,{...n,schema:t}):null}const to=new Ht({allErrors:!0});function no({onChange:t,schema:n,value:r}){var a;const l=B(()=>to.compile(n),[n]),o=B(()=>l(r),[l,r]),i=Object.entries(n.properties),c=m=>s=>{t({...r,[m]:s})};return e.createElement(e.Fragment,null,i.map(([m,s])=>{var p;return e.createElement(bn,{isRequired:((p=n.required)==null?void 0:p.includes(m))||!1,key:m,name:m,onChange:c(m),schema:s,value:r==null?void 0:r[m]})}),e.createElement(Rt,{error:!o},(a=l.errors)==null?void 0:a[0].message))}const ro=t=>!!t&&"properties"in t;function lo({onChange:t,rule:n,value:r}){const[a,l]=A(!1),{paramsSchema:o}=n!=null?n:{},i=()=>l(p=>!p);if(!ro(o))return null;const c=!ao(o),m=c||a,s=e.createElement(P,{size:"small",onClick:i,disabled:c},m?"Close editor":"Edit as JSON");return e.createElement(E,{marginTop:2},e.createElement("form",null,m?e.createElement(_a,{onChange:t,schema:o,value:r}):e.createElement(e.Fragment,null,e.createElement(E,{marginBottom:2},e.createElement(de,null,"Parameters")),e.createElement(no,{onChange:t,schema:o,value:r}))),e.createElement(E,{display:"flex",flexDirection:"column",alignItems:"flex-end",marginTop:1},c?e.createElement(he,{title:"Only JSON editing is supported for this parameter",arrow:!0},e.createElement("span",null,s)):s))}function ao(t){return Object.values(t.properties).every(vn)}const oo=C(t=>({conditionCard:{minWidth:t.spacing(63)},conditionCardBar:{height:t.spacing(1),backgroundImage:"linear-gradient(90deg, #007DFF 0%, #0057B2 100%)"},autocomplete:{flex:1}}));function Cn({ruleName:t,parameters:n,resourceType:r,onChange:a,onDelete:l}){var o;const i=oo(),c=Vt(),m=(o=c==null?void 0:c.filter(d=>d.resourceType===r))!=null?o:[],s=m.find(d=>d.name===t),p=d=>{a(d,{})},u=$(d=>{a(t,d)},[a,t]);return e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(ee,{className:i.conditionCard},e.createElement("div",{className:i.conditionCardBar}),e.createElement(ge,null,e.createElement(E,null,e.createElement(E,null,e.createElement(st,{className:i.autocomplete,"data-testid":"rule-select",getOptionLabel:d=>d.name,getOptionSelected:(d,x)=>d.name===x.name,options:m,onChange:(d,x)=>p(x?x.name:null),renderInput:d=>e.createElement(e.Fragment,null,e.createElement(E,{marginBottom:2},e.createElement(de,null,"Rule")),e.createElement(ve,{...d,placeholder:"Select",variant:"outlined",size:"small",name:"rule"})),renderOption:d=>e.createElement(E,null,e.createElement(h,{variant:"body2"},d.name),e.createElement(h,{noWrap:!0,variant:"caption"},d.description)),value:s||null,PopperComponent:d=>e.createElement(Er,{...d,style:{width:"auto"},placement:"bottom-start"})})),e.createElement(E,{flex:"1"},e.createElement(E,{display:"flex",flexDirection:"column"},e.createElement(lo,{rule:s,onChange:u,value:n})))))),e.createElement(E,{ml:1},e.createElement(_,{"aria-label":"delete",onClick:l,size:"small"},e.createElement(De,null))))}function Ze(){return{id:pe(),ruleName:null,parameters:{}}}const io=C(t=>({conditionTypeFormControl:{minWidth:80,marginLeft:t.spacing(1)}}));function co({level:t,onSelect:n}){const r=io(),a=t.children.length>1;return e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(Ce,{className:r.conditionTypeFormControl},e.createElement(xe,{value:t.levelType,onChange:l=>n==null?void 0:n(l.target.value)},e.createElement(j,{key:"anyOf",value:"anyOf"},"Any of"),e.createElement(j,{key:"allOf",value:"allOf"},"All of"),e.createElement(j,{key:"not",value:"not",disabled:a},"Not"))),e.createElement(E,{ml:1},e.createElement(_,{"aria-label":"delete",onClick:()=>n==null?void 0:n(null),size:"small"},e.createElement(De,null))))}const so=C(t=>({treeVerticalSpacer:{width:t.spacing(2),borderLeft:`1px solid ${t.palette.status.aborted}`},treeHorizontalSpacer:{height:t.spacing(3),borderLeft:`1px solid ${t.palette.status.aborted}`},treeVerticalBranchHalf:{position:"absolute",height:"50%",borderLeft:`1px solid ${t.palette.status.aborted}`,alignSelf:"flex-start"},treeVerticalBranchFull:{borderLeft:`1px solid ${t.palette.status.aborted}`,alignSelf:"stretch"},treeHorizontalBranch:{width:t.spacing(2),borderTop:`1px solid ${t.palette.status.aborted}`}}));function xn({level:t,resourceType:n,onChange:r,parentConditionType:a,isRoot:l=!1}){const o=so(),i=$((y,f)=>{const g=[...t.children];return g.splice(y,1,f),g},[t]),c=$(y=>{r({...t,children:y})},[r,t]),m=$(y=>{y===null?r(null):y==="not"&&t.children.length>1?r({...t,levelType:y,children:t.children.slice(0,1)}):r({...t,levelType:y})},[r,t]),s=$((y,f)=>{c(y===null?wn(t.children,f):i(f,y))},[t,c,i]),p=y=>{const f=pe();y==="condition"?c([...t.children,Ze()]):y==="not"?c([...t.children,{id:f,levelType:y,children:[]}]):Ca(y)&&c([...t.children,{id:f,levelType:y,children:[Ze()]}])},u=y=>{c(wn(t.children,y))},d=B(()=>t.children.map((y,f)=>(g,N)=>{c(i(f,{...y,ruleName:g,parameters:N}))}),[t.children,c,i]),x=B(()=>t.children.map((y,f)=>g=>s(g,f)),[t.children,s]);return e.createElement("div",null,!l&&e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(E,{display:"flex",alignItems:"center",position:"relative"},!l&&e.createElement(e.Fragment,null,e.createElement("div",{className:a==="not"?o.treeVerticalBranchHalf:o.treeVerticalBranchFull}),e.createElement("div",{className:o.treeHorizontalBranch})),e.createElement(co,{level:t,onSelect:m})),e.createElement(E,{display:"flex"},l||a==="not"?e.createElement(E,{pl:2}):e.createElement("div",{className:o.treeVerticalSpacer}),!l&&e.createElement(E,{pl:2}),e.createElement("div",null,t.children.map((y,f)=>Re(y)?e.createElement(E,{key:y.id},e.createElement(xn,{level:y,resourceType:n,parentConditionType:t.levelType,onChange:x[f]})):e.createElement(Be,{key:y.id},e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(E,{display:"flex",alignItems:"center",position:"relative"},e.createElement("div",{className:t.levelType==="not"?o.treeVerticalBranchHalf:o.treeVerticalBranchFull}),e.createElement("div",{className:o.treeHorizontalBranch}),e.createElement(Cn,{ruleName:y.ruleName,parameters:y.parameters,resourceType:n,onChange:d[f],onDelete:()=>u(f)})))),!(t.levelType==="not"&&t.children.length>=1)&&e.createElement(e.Fragment,null,e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(E,{display:"flex",alignItems:"center",position:"relative"},e.createElement("div",{className:o.treeVerticalBranchHalf}),e.createElement("div",{className:o.treeHorizontalBranch}),e.createElement(hn,{onSelect:p}))))))}function wn(t,n){const r=[...t];return r.splice(n,1),r}const mo=C(t=>({paper:{backgroundColor:t.palette.background.default,padding:t.spacing(3),marginBottom:t.spacing(3),minHeight:t.spacing(48)}}));function uo({permissionCriteria:t,resourceType:n,onUpdate:r,readonly:a=!1}){const l=mo(),o=$(p=>{r(u=>({...u,...p}))},[r]),i=$(p=>{const u=pe();o(p==="condition"?Ze():p==="not"?{id:u,levelType:p,children:[]}:{id:u,levelType:p,children:[Ze()]})},[o]),c=$((p,u)=>{r(d=>({...d,ruleName:p,parameters:u}))},[r]),m=$(()=>{r(null)},[r]);let s;return a?s=e.createElement(gn,{permissionCriteria:t}):t===null?s=e.createElement(hn,{onSelect:i}):vt(t)?s=e.createElement(Cn,{ruleName:t.ruleName,parameters:t.parameters,resourceType:n,onChange:c,onDelete:m}):Re(t)&&(s=e.createElement(xn,{level:t,resourceType:n,onChange:r,isRoot:!0})),e.createElement(at,{variant:"outlined",className:l.paper},s)}const po=C(t=>({dialogTitle:{display:"flex",alignItems:"center",justifyContent:"space-between"},fullWidth:{width:"100%","& > *":{flexGrow:1}},infoIcon:{position:"absolute",right:t.spacing(3)},content:{padding:t.spacing(7)},saveButton:{paddingLeft:t.spacing(5),paddingRight:t.spacing(5)},contentContainerConditional:{display:"flex",gap:t.spacing(5),maxWidth:1480}})),Eo={specificPermission:"Choose a specific permission",filter:"Filter by permission properties",all:"Match all permissions"},Dn="Choose the name of a resource permission or filter by resource type to set a conditional decision.";function fo({rolePermission:t,readonly:n=!1,onClose:r,onSave:a}){const l=po(),{permissions:o}=Ne(),i=Vt(),c=bl(),m=xa(t),[s,p]=A(m.match),[u,d]=A(m.decisionType),[x,y]=A(m.criteria),f=B(()=>Aa(o,s),[o,s]),g=u==="conditional",N=g?"xl":"sm";G(()=>{g&&o&&!f.commonResourceType&&d("allow")},[g,o,f.commonResourceType,d]);const S=T=>{T!==null&&d(T)},O=B(()=>s.method==="specificPermission"&&!s.name||s.method==="filter"&&!s.resourceType&&!s.actions,[s]),U=B(()=>f.permissions.length===0?!1:!O,[f,O]),M=B(()=>u!=="conditional"?!0:!(!f.commonResourceType||!(c!=null&&c[f.commonResourceType].pluginId)||!mn(x,i)),[u,f,c,x,i]),b=()=>{a==null||a(Na(m.id,s,u==="conditional"?{resourceType:f.commonResourceType,pluginId:c[f.commonResourceType].pluginId,conditions:bt(x)}:u))};return e.createElement(me,{open:!0,maxWidth:N,onClose:r,fullWidth:!0},e.createElement(He,{disableTypography:!0,className:l.dialogTitle},e.createElement(h,{variant:"h4",component:"h2"},"New Permission Decision"),e.createElement(P,{startIcon:e.createElement(ct,null),onClick:r},"Close")),e.createElement(te,{dividers:!0,className:l.content},e.createElement(E,{className:g?l.contentContainerConditional:void 0},e.createElement(E,{mb:5,flex:1},e.createElement(va,{options:Object.entries(Eo).map(([T,v])=>({id:T,displayText:v})),selected:s.method,onChange:T=>p({method:T}),readonly:n})),e.createElement(E,{mb:5,height:189,flex:1},s.method==="specificPermission"&&e.createElement($a,{name:s.name,readonly:n,onNameChange:T=>p({...s,name:T})}),s.method==="filter"&&e.createElement(e.Fragment,null,e.createElement(Ia,{resourceType:s.resourceType,readonly:n,onResourceTypeChange:T=>p({...s,resourceType:T})}),e.createElement(Ba,{actions:s.actions,readonly:n,onActionsChange:T=>p({...s,actions:T.length?T:void 0})}),O?null:e.createElement(e.Fragment,null,e.createElement(E,{marginY:2},e.createElement(ot,{variant:"middle"})),e.createElement(Rt,null,`Matched ${f.permissions.length} ${f.permissions.length===1?"permission":"permissions"}`)))),e.createElement(E,{mb:5,flex:1},e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(Sa,{value:u,exclusive:!0,fullWidth:!0,"aria-label":"Decision result",onChange:(T,v)=>S(v)},e.createElement(Ct,{value:"allow","aria-label":"Decision allowed",disabled:n},"Allow"),e.createElement(Ct,{value:"deny","aria-label":"Decision denied",disabled:n},"Deny"),e.createElement(Ct,{value:"conditional","aria-label":"Decision conditionally allowed",disabled:!f.commonResourceType||n},"Conditional")),!g&&!n&&e.createElement(he,{title:Dn},e.createElement(Wt,{className:l.infoIcon,color:"primary","aria-label":Dn}))))),u==="conditional"&&!!f.commonResourceType&&e.createElement(uo,{permissionCriteria:x,resourceType:f.commonResourceType,onUpdate:y,readonly:n}),!n&&e.createElement(E,{display:"flex",justifyContent:"flex-end"},e.createElement(P,{variant:"contained",color:"primary",className:l.saveButton,onClick:b,disabled:!U||!M},"Save"))))}const yo=C(t=>({container:{display:"flex",position:"relative",alignItems:"center",gap:t.spacing(1),flexShrink:1,maxWidth:"100%",minWidth:0},input:({invalid:n})=>({boxSizing:"content-box",display:"block",maxWidth:"100%",padding:0,borderWidth:2,borderStyle:"solid",borderColor:n?t.palette.error.main:"transparent",borderRadius:t.shape.borderRadius,backgroundColor:"transparent",color:t.palette.textContrast,fontFamily:"inherit",fontSize:"inherit",lineHeight:"inherit",fontWeight:"inherit",textOverflow:"ellipsis"}),hiddenSpan:{position:"absolute",top:0,left:0,borderWidth:1,whiteSpace:"pre",opacity:0,pointerEvents:"none"}}));function Nn({invalid:t,name:n,value:r,onTextChange:a}){const l=yo({invalid:t}),[o,i]=A(!1),[c,m]=A(null),s=ae(null),[p,u]=A(r);G(()=>{u(r)},[r]),_n(()=>{s.current&&c&&s.current.style.setProperty("width",`max(${c.getBoundingClientRect().width}px, 3ch)`)},[c,p]);const d=()=>{i(!1),u(r)},x=()=>{i(!1),a==null||a(p)},y=()=>{var g;o?x():(i(!0),(g=s.current)==null||g.focus())},f=g=>{var N;g.key==="Enter"&&((N=s.current)==null||N.blur()),g.key==="Escape"&&d()};return e.createElement(e.Fragment,null,e.createElement("div",{className:l.container},e.createElement("input",{"aria-label":n,className:l.input,name:n,ref:s,onChange:g=>u(g.target.value),onFocus:y,onBlur:x,onKeyDown:f,value:p}),e.createElement("span",{"aria-hidden":"true",className:l.hiddenSpan,ref:m},p),e.createElement(_,{onClick:y,size:"small"},o?e.createElement(nl,{"aria-label":"Save title"}):e.createElement(tl,{"aria-label":"Edit title"}))))}const Pn=t=>{if(t.success)return{};const n={};for(const r of t.error.issues)n[r.path.join(".")]=!0;return n},Tn=({children:t,onConfirm:n,message:r,title:a})=>{const[l,o]=A(!1),i=()=>o(!1),c=()=>o(!0),m=()=>{n(),i()};return e.createElement(e.Fragment,null,t({onClick:c}),e.createElement(me,{open:l,onClose:i},e.createElement(He,null,e.createElement(E,{display:"flex",justifyContent:"space-between",alignItems:"center"},a)),e.createElement(te,null,e.createElement(fr,null,r)),e.createElement(lt,null,e.createElement(P,{"aria-label":"Cancel action",color:"primary",onClick:i},"Cancel"),e.createElement(P,{"aria-label":"Confirm action",color:"secondary",onClick:m,variant:"contained"},"Confirm"))))},Sn=({helpText:t})=>e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(E,{component:"span",mr:1},e.createElement(h,{variant:"body2",noWrap:!0},"Reorder")),e.createElement(he,{title:t},e.createElement(Wt,{color:"primary","aria-label":t}))),An=(t,n,r)=>{const a=n+r;if(a<0||a>=t.length)return t;const l=[...t];return[l[a],l[n]]=[l[n],l[a]],l},Rn=({array:t,index:n,onReorder:r})=>{const a=n===0,l=n===t.length-1;return e.createElement(E,{display:"flex"},e.createElement(_,{disabled:a,onClick:()=>r(An(t,n,-1)),"aria-label":"Move up",size:"small"},e.createElement(ll,null)),e.createElement(_,{disabled:l,onClick:()=>r(An(t,n,1)),"aria-label":"Move down",size:"small"},e.createElement(rl,null)))},go=C(()=>({emptyStateImage:{width:"95%",zIndex:2,position:"relative",left:"50%",top:"50%",transform:"translate(-50%, 15%)"}}));function $n({src:t,alt:n}){const r=go();return e.createElement("img",{src:t,className:`${r.emptyStateImage} `,alt:n})}const ho="Use the arrows to change the order in which permission decisions are evaluated.";function vo({diff:t,permissions:n,onReorderPermissions:r,onNewPermissionClick:a,onOpenPermission:l,onRemovePermissionClick:o,anyAllow:i,readonly:c=!1}){return e.createElement(e.Fragment,null,e.createElement(E,{display:"flex",justifyContent:"space-between",padding:2},e.createElement(h,{variant:"h5"},"Permission Decisions"),!c&&n.length!==0&&e.createElement(P,{color:"primary",variant:"outlined",startIcon:e.createElement(mt,null),onClick:a},"New")),e.createElement(je,null,e.createElement(Ue,null,e.createElement(H,null,!c&&!i&&e.createElement(w,{style:{width:0}},e.createElement(Sn,{helpText:ho})),e.createElement(w,null,"Match by"),e.createElement(w,null,"Decision"),e.createElement(w,null),!c&&e.createElement(w,null))),e.createElement(Ve,null,n.length===0&&e.createElement(H,null,e.createElement(w,{colSpan:5},e.createElement(Fe,{title:"No permission decisions set",description:"Click the button below to create your first permission.",missing:{customImage:e.createElement($n,{src:al,alt:"No permission placeholder"})},action:e.createElement(P,{variant:"contained",color:"primary",onClick:a},"New permission decision")}))),n.map((m,s)=>e.createElement(H,{key:s},!c&&!i&&e.createElement(w,null,e.createElement(Rn,{array:n,index:s,onReorder:r})),e.createElement(w,null,e.createElement(yr,{onClick:()=>l(s)},e.createElement(h,{variant:"body2",color:"primary"},Et(m)))),e.createElement(w,null,Ml(m)),e.createElement(w,null,e.createElement(Ae,{operation:t==null?void 0:t.permissions[m.id].operation})),!c&&e.createElement(w,{align:"right"},e.createElement(Tn,{message:"Are you sure you want to remove this permission decision?",onConfirm:()=>o(s),title:"Remove?"},p=>e.createElement(_,{...p,"aria-label":"Remove permission decision",size:"small"},e.createElement(De,null)))))))))}function bo({roleId:t}){const{versionId:n,roleId:r}=tt(),a=t!=null?t:r;return Ge(a),Ge(n),e.createElement(Xe,{policyId:n},e.createElement(xo,{roleId:a}))}const Co=C(t=>({cardContainer:{margin:t.spacing(0)}}));function xo({roleId:t}){const{diff:n,updateLocalDraft:r,policy:a}=Y(),l=a.roles.find(v=>v.id===t),o=n==null?void 0:n.roles[t],[i,c]=A(null),[m,s]=A(!1),p=nt(),{NotFoundErrorPage:u}=p.getComponents(),d=q(),x=Co();if(!l)return e.createElement(u,null);const y=l.name,f=v=>{const R=a.roles.findIndex(re=>re.id===v.id),L=[...a.roles];L.splice(R,1,v),r({...a,roles:L})},g=v=>{f({...l,name:v})},N=v=>{if(i===null)f({...l,permissions:[v,...l.permissions]});else{const R=[...l.permissions];R.splice(i,1,v),f({...l,permissions:R})}s(!1)},S=v=>{if(v==="*")f({...l,members:l.members==="*"?[]:"*"});else if(l.members==="*")f({...l,members:[v]});else{const R=l.members.includes(v)?l.members.filter(L=>L!==v):[...l.members,v];f({...l,members:R.length===0?"*":R})}},O=v=>{f({...l,permissions:l.permissions.filter((R,L)=>v!==L)})},U=v=>{f({...l,permissions:v})},M=Pn(kr.safeParse(l)).name,b=a.status!=="draft",T=a.options.resolutionStrategy==="any-allow";return e.createElement(e.Fragment,null,e.createElement(Ke,{pages:[{title:a.name,path:`../../../${a.id}`},{title:y}],header:e.createElement(We,{titleComponent:e.createElement(tn,null,a.name," \xA0\u01C0",b?e.createElement(e.Fragment,null,"\xA0",y):e.createElement(Nn,{invalid:M,value:y,onTextChange:g}),e.createElement(Ae,{operation:o==null?void 0:o.role.operation,size:"medium"})),description:a.description},e.createElement(P,{variant:"outlined",color:"primary",onClick:()=>d("../..",{relative:"path"})},"Back to policy"))},e.createElement(I,{container:!0,className:x.cardContainer,spacing:4,direction:"row"},e.createElement(I,{item:!0,xs:6},e.createElement(ee,null,e.createElement(ya,{diff:o||null,role:l,policyId:a.id,onToggleMember:S,readonly:b}))),e.createElement(I,{item:!0,xs:6},e.createElement(ee,null,e.createElement(vo,{diff:o||null,permissions:l.permissions,onNewPermissionClick:()=>{c(null),s(!0)},onOpenPermission:v=>{c(v),s(!0)},onReorderPermissions:U,onRemovePermissionClick:O,anyAllow:T,readonly:b}))))),m&&e.createElement(fo,{rolePermission:i!==null?l.permissions[i]:void 0,onClose:()=>s(!1),onSave:N,readonly:b}))}const wo="Use the arrows to change the order in which roles are evaluated.";function Do({}){const{diff:t,policy:n,createNewRole:r,updateLocalDraft:a}=Y(),l=q(),o=No(n),i=n.status!=="draft",c=n.options.resolutionStrategy==="any-allow",m=u=>{a({...n,roles:u})},s=u=>{a({...n,roles:n.roles.filter(({id:d})=>d!==u)})},p=()=>{l(`./roles/${r()}`)};return e.createElement(at,null,e.createElement(E,{display:"flex",justifyContent:"space-between",padding:2},e.createElement(h,{variant:"h3"},"Roles"),!i&&e.createElement(P,{color:"primary",variant:"outlined",startIcon:e.createElement(mt,null),onClick:()=>p()},"New role")),e.createElement(je,null,e.createElement(Ue,null,e.createElement(H,null,!i&&!c&&e.createElement(w,{style:{width:0}},e.createElement(Sn,{helpText:wo})),e.createElement(w,null,"Name"),e.createElement(w,null,"Users"),e.createElement(w,null,"Groups"),!i&&e.createElement(w,{style:{width:0}}))),e.createElement(Ve,null,o.map((u,d)=>e.createElement(H,{key:d},!i&&!c&&e.createElement(w,null,e.createElement(Rn,{array:n.roles,index:d,onReorder:m})),e.createElement(w,null,e.createElement(E,{alignItems:"center",display:"flex",gridGap:8},e.createElement(ie,{to:`roles/${u.id}`},u.name),e.createElement(Ae,{operation:t==null?void 0:t.roles[u.id].role.operation}))),e.createElement(w,null,u.userCount),e.createElement(w,null,u.groupCount),!i&&e.createElement(w,{align:"right"},e.createElement(Tn,{message:"Are you sure you want to remove this role?",title:"Remove role?",onConfirm:()=>s(u.id)},x=>e.createElement(_,{...x,"aria-label":"Remove role",size:"small"},e.createElement(De,null)))))))))}function No(t){return t.roles.map(n=>({id:n.id,name:n.name,userCount:Array.isArray(n.members)?n.members.filter(r=>r.startsWith("user:")).length:n.members,groupCount:Array.isArray(n.members)?n.members.filter(r=>r.startsWith("group:")).length:n.members}))}const Po=C(t=>({cardHeader:{padding:t.spacing(3,3),borderBottom:`1px solid ${t.palette.border}`},cardContent:{padding:t.spacing(6,3),"& > *":{background:"transparent"}},emptyStateImage:{width:"95%",zIndex:2,position:"relative",left:"50%",top:"50%",transform:"translate(-50%, 15%)"}}));function To({readonly:t}){const n=Po(),r=q(),{createNewRole:a}=Y(),l=()=>{const o=a();r(`./roles/${o}`)};return e.createElement(ee,null,e.createElement($t,{title:"Roles",className:n.cardHeader}),e.createElement(ge,{className:n.cardContent},t?e.createElement(Fe,{title:"No roles configured",missing:"content"}):e.createElement(Fe,{title:"No roles yet",description:"Click the button below to create your first role.",missing:{customImage:e.createElement($n,{src:ol,alt:"No roles placeholder"})},action:e.createElement(P,{variant:"contained",color:"primary",onClick:()=>l()},"New role")})))}function So(){const[t,n]=A(null),{hasDraftPolicy:r}=Qe(),{isValid:a,discardLocalDraft:l,exportPolicy:o,hasChanges:i,policy:c,saveLocalDraftToServer:m,saveAndPublish:s,publish:p}=Y(),u=q(),[d,x]=ht(),y=g=>{n(g.currentTarget)},f=()=>{n(null)};return e.createElement(e.Fragment,null,e.createElement(gr,{variant:"contained",color:"primary"},c.status==="draft"&&e.createElement(P,{disabled:!a,onClick:()=>m()},"Save"),c.status==="inactive"&&e.createElement(P,{onClick:()=>p()},"Republish"),c.status==="active"&&e.createElement(P,{disabled:r||d.loading,onClick:()=>x(c)},"Duplicate"),e.createElement(P,{color:"primary",title:"options",size:"small",onClick:y},e.createElement(il,null))),e.createElement(St,{getContentAnchorEl:null,anchorEl:t,anchorOrigin:{vertical:"bottom",horizontal:"right"},open:!!t,onClose:f,PaperProps:{style:{width:240}}},c.status==="draft"&&e.createElement(it,null,e.createElement(j,{disabled:!a,onClick:()=>s()},e.createElement(se,null,e.createElement(sl,{fontSize:"small"})),e.createElement(Q,null,"Save & Publish")),e.createElement(j,{disabled:!i,onClick:()=>l()},e.createElement(se,null,e.createElement(cl,{color:i?"secondary":"inherit",fontSize:"small"})),e.createElement(Q,null,e.createElement(h,{color:i?"secondary":"inherit"},"Discard changes"))),e.createElement(ot,null)),e.createElement(it,null,e.createElement(j,{onClick:()=>o()},e.createElement(se,null,e.createElement(dl,{fontSize:"small"})),e.createElement(Q,null,"Export"))),e.createElement(ot,null),e.createElement(it,null,e.createElement(j,{disabled:!a,onClick:()=>u("./options")},e.createElement(se,null,e.createElement(ml,{fontSize:"small"})),e.createElement(Q,null,"Options")))))}const Ao=C(t=>({chipContainer:{marginTop:t.spacing(1),marginLeft:t.spacing(1),display:"flex",flexWrap:"wrap"}})),Ro=({selectedRoleIds:t,setSelectedRoleIds:n})=>{const r=Ao(),{policy:a}=Y();return e.createElement(e.Fragment,null,e.createElement(Ce,{fullWidth:!0},e.createElement(de,{id:"selectLabel"},"Select roles"),e.createElement(xe,{native:!1,displayEmpty:!0,multiple:!0,value:t,onChange:l=>n(l.target.value),input:e.createElement(kt,null),"aria-labelledby":"selectLabel",renderValue:l=>e.createElement("div",{className:r.chipContainer,"aria-labelledby":"selectLabel"},a.roles.filter(o=>l.includes(o.id)).map(o=>e.createElement(ce,{key:o.name,label:o.name})))},a.roles.map(l=>e.createElement(j,{key:l.id,value:l.id},e.createElement(be,{color:"primary",checked:t.includes(l.id),name:l.name,value:l.id}),e.createElement(Q,{primary:l.name}))))))},$o=C(t=>({chipContainer:{marginTop:t.spacing(1),marginLeft:t.spacing(1),display:"flex",flexWrap:"wrap"}})),ko=({selectedPermissionNames:t,setSelectedPermissionNames:n})=>{const r=$o(),{permissions:a}=Ne();return e.createElement(e.Fragment,null,e.createElement(Ce,{fullWidth:!0},e.createElement(de,{id:"selectLabel"},"Select permissions"),e.createElement(xe,{native:!1,displayEmpty:!0,multiple:!0,value:t,onChange:l=>n(l.target.value),input:e.createElement(kt,null),"aria-labelledby":"selectLabel",renderValue:l=>e.createElement("div",{className:r.chipContainer,"aria-labelledby":"selectLabel"},a==null?void 0:a.filter(o=>l.includes(o.name)).map(o=>e.createElement(ce,{key:o.name,label:o.name})))},a==null?void 0:a.map(l=>e.createElement(j,{key:l.name,value:l.name},e.createElement(be,{color:"primary",checked:t.includes(l.name),name:l.name,value:l.name}),e.createElement(Q,{primary:l.name}))))))},Io=()=>{const{policy:t}=Y(),{permissions:n}=Ne(),r=k(W),[a,l]=A([]),o=$(async(c,m)=>{if(!n)return;const s=(await r.testPolicyDecisions(n.filter(p=>m.includes(p.name)).map(p=>({policyConfig:t,roleIds:c,permission:p})))).map(p=>({...p,roles:t.roles.filter(u=>c.includes(u.id))}));l(s)},[t,n,r,l]),i=$(()=>{l([])},[l]);return[a,o,i]},J=({name:t})=>{const n=B(()=>t.includes(".")?t.split(/(\.)/g).flatMap(r=>[r,e.createElement("wbr",null)]):[t],[t]);return e.createElement(e.Fragment,null,n.map((r,a)=>e.createElement(e.Fragment,{key:a},r)))},Oo=C(t=>({container:{display:"flex",flexDirection:"row",gap:t.spacing(1)},infoIcon:{color:t.palette.textSubtle}})),Bo=({policy:t,roles:n,permission:r})=>{const a=n.flatMap(o=>It(o,r));let l;if(n.length===0)l=e.createElement(e.Fragment,null,"A user with no assigned roles will be denied access to"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),".");else if(!a.length)l=e.createElement(e.Fragment,null,"None of the roles explicitly sets a rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),", which means that a user who has all of these roles will be denied access to"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),".");else if(t.options.resolutionStrategy==="any-allow")l=e.createElement(e.Fragment,null,"None of the roles explicitly sets an allow or conditional rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", a user who has all of these roles will be denied access to"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),".");else throw t.options.resolutionStrategy==="first-match"?new Error("Trying to render ImplicitDecisionInfo for a first-match policy that has matching role permission. This should not happen, since the decision should be explicit by the matching role permission."):new Error(`Unknown resolution strategy ${t.options.resolutionStrategy}. Cannot render ImplicitDecisionInfo.`);return e.createElement(e.Fragment,null,e.createElement("strong",null,"Implicit decision")," \u2013 ",l)},Lo=({policy:t,permission:n,roles:r,decision:a,decisionOrigin:l})=>{const o=r.find(c=>c.id===l[0].roleId);let i;if(t.options.resolutionStrategy==="first-match"){if(!o)throw new Error("Expected decision origin role for first-match explicit decision but found none.");i=e.createElement(e.Fragment,null,"The role ",e.createElement("strong",null,o.name)," explicitly sets a rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"first-match"),", no other roles are applied.")}else if(t.options.resolutionStrategy==="any-allow"){if(a.result===F.ALLOW){if(!o)throw new Error("Expected decision origin role for any-allow explicit allow decision but found none.");i=e.createElement(e.Fragment,null,"The role ",e.createElement("strong",null,o.name)," is the first role that explicitly sets an allow decision for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", this decides the outcome.")}else if(a.result===F.CONDITIONAL)if(l.length===1){if(!o)throw new Error("Expected decision origin role for any-allow explicit allow decision but found none.");i=e.createElement(e.Fragment,null,"The role ",e.createElement("strong",null,o.name)," is the first role that explicitly sets a decision for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", this decides the outcome.")}else i=e.createElement(e.Fragment,null,"Multiple roles explicitly set a rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", these decide the outcome.")}else throw new Error(`Unknown resolution strategy ${t.options.resolutionStrategy}. Cannot render ExplicitDecisionInfo.`);return e.createElement(e.Fragment,null,e.createElement("strong",null,"Explicit decision")," \u2013 ",i)},Mo=({roles:t,permission:n,decision:r,decisionOrigin:a})=>{const{policy:l}=Y(),o=Oo();return e.createElement("div",{className:o.container},e.createElement(pl,{fontSize:"small",titleAccess:"",className:o.infoIcon}),e.createElement(h,{variant:"body1",component:"p"},a.length===0?e.createElement(Bo,{policy:l,roles:t,permission:n}):e.createElement(Lo,{policy:l,permission:n,roles:t,decision:r,decisionOrigin:a})))},Fo=C(t=>({userCell:{borderRight:`1px solid ${t.palette.border}`,color:t.palette.text.secondary,background:t.palette.background.paper}})),zo=({rowCount:t})=>{const n=Fo();return e.createElement(w,{size:"small",padding:"none",align:"center",rowSpan:t,classes:{root:n.userCell}},e.createElement(ir,null))},Wo=C(()=>({decisionRowCell:{fontWeight:"bold"}})),et=({children:t,ledToDecision:n,color:r})=>{const a=Wo();return e.createElement(h,{variant:"body1",component:"span",classes:{root:n?a.decisionRowCell:void 0},color:r},t)},Ho=({role:t,ledToDecision:n})=>e.createElement(ie,{to:`roles/${t.id}`},e.createElement(et,{ledToDecision:n,color:"primary"},t.name)),jo=({permissionName:t,ledToDecision:n})=>e.createElement(et,{ledToDecision:n,color:n===!1?"textSecondary":void 0},e.createElement(J,{name:t})),kn=({authorizeResult:t,size:n})=>{switch(t){case F.ALLOW:return e.createElement(fl,{fontSize:n});case F.DENY:return e.createElement(yl,{fontSize:n});case F.CONDITIONAL:return e.createElement(El,{fontSize:n});default:return null}},Uo=C(t=>({decisionCell:{display:"flex",justifyItems:"center"},decisionIconContainer:{display:"flex",alignItems:"center",marginRight:t.spacing(1)},decisionIconAllow:{color:t.palette.success.main},decisionIconDeny:{color:t.palette.error.main},decisionIconConditional:{color:t.palette.info.main}})),Vo=t=>{switch(t){case F.ALLOW:return"Allow";case F.DENY:return"Deny";case F.CONDITIONAL:return"Conditional";default:return"Permission not found in role"}},Go=(t,n)=>{let r;switch(t){case F.ALLOW:r=n.decisionIconAllow;break;case F.DENY:r=n.decisionIconDeny;break;case F.CONDITIONAL:r=n.decisionIconConditional;break;default:return}return`${n.decisionIconContainer} ${r}`},_o=({ledToDecision:t,authorizeResult:n})=>{const r=Uo();return e.createElement("div",{className:r.decisionCell},n!==null&&e.createElement("span",{className:Go(n,r)},e.createElement(kn,{authorizeResult:n,size:"small"})),e.createElement(et,{ledToDecision:t,color:t===!1?"textSecondary":void 0},Vo(n)))},Yo=({ledToDecision:t})=>e.createElement(et,{ledToDecision:t,color:t===!1?"textSecondary":void 0},t?"Yes":"No"),Jo=C(t=>({tableHeader:{borderBottom:`1px solid ${t.palette.border}`}})),ke=({children:t})=>{const n=Jo();return e.createElement(w,{size:"small",classes:{root:n.tableHeader}},t)},qo=C(t=>({tableContainer:{border:`1px solid ${t.palette.border}`,borderRadius:t.shape.borderRadius},tableRow:{"&, &:nth-child(odd)":{background:t.palette.background.paper}},decisionTableRow:{"&, &:nth-child(odd)":{background:t.palette.type==="light"?t.palette.infoBackground:t.palette.grey[900]}}})),Ko=t=>{if(Ye(t))return F.CONDITIONAL;if(typeof t=="string")switch(t){case"allow":return F.ALLOW;case"deny":return F.DENY;default:throw new Error(`Unknown decision: ${t}`)}throw new Error("Unknown decision type found.")},Qo=(t,n)=>n.some(r=>r.rolePermissionId===t.id),Xo=t=>B(()=>{const{roles:n,permission:r,decisionOrigin:a}=t,l=[];for(const o of n){const i=It(o,r);if(i.length>0)for(const c of i)l.push({role:o,permission:r,authorizeResult:Ko(c.decision),ledToDecision:Qo(c,a)});else l.push({role:o,permission:r,authorizeResult:null,ledToDecision:!1})}return l},[t]),Zo=({resultRow:t})=>{const n=qo(),r=Xo(t);return e.createElement(E,{marginTop:3,marginBottom:3},e.createElement(hr,{classes:{root:n.tableContainer}},e.createElement(je,null,e.createElement(Ue,null,e.createElement(H,{classes:{root:n.tableRow}},e.createElement(ke,null),e.createElement(ke,null,"Role"),e.createElement(ke,null,"Permission"),e.createElement(ke,null,"Decision"),e.createElement(ke,null,"Is deciding role"))),e.createElement(Ve,null,r.map((a,l)=>{const o=l===0;return e.createElement(H,{key:l,classes:{root:a.ledToDecision?n.decisionTableRow:n.tableRow}},o?e.createElement(zo,{rowCount:r.length}):null,e.createElement(w,{size:"small"},e.createElement(Ho,{role:a.role,ledToDecision:a.ledToDecision})),e.createElement(w,{size:"small"},e.createElement(jo,{permissionName:a.permission.name,ledToDecision:a.ledToDecision})),e.createElement(w,{size:"small"},e.createElement(_o,{authorizeResult:a.authorizeResult,ledToDecision:a.ledToDecision})),e.createElement(w,{size:"small"},e.createElement(Yo,{ledToDecision:a.ledToDecision})))})))))},ei=C(t=>({heading:{fontWeight:"bold"},subtitle:{color:t.palette.text.secondary},criteriaSummarySpacing:{marginBottom:t.spacing(3)}})),ti=({resultRow:t})=>{const n=ei();return e.createElement(e.Fragment,null,t.roles.length>0?e.createElement(e.Fragment,null,e.createElement(h,{variant:"body1",component:"h6",className:n.heading},"Decision breakdown"),e.createElement(h,{variant:"subtitle1",component:"p",className:n.subtitle},"See what role results in this decision."),e.createElement(Zo,{resultRow:t})):null,t.decision.result===F.CONDITIONAL?e.createElement("div",{className:n.criteriaSummarySpacing},e.createElement(gn,{permissionCriteria:$e(t.decision.conditions)})):null,e.createElement(Mo,{roles:t.roles,permission:t.permission,decision:t.decision,decisionOrigin:t.decisionOrigin}))};function ni({decision:t}){let n;switch(t.result){case"ALLOW":n={severity:"success",text:"Allow"};break;case"DENY":n={severity:"error",text:"Deny"};break;default:n={severity:"info",text:"Conditional"};break}return e.createElement(an,{text:n.text,severity:n.severity,icon:e.createElement(kn,{authorizeResult:t.result}),title:`${n.text} decision chip`,size:"large"})}const ri=C(t=>({permissionName:{display:"flex",alignItems:"center",height:"100%",fontWeight:"bold"},detailsContainer:{padding:`${t.spacing(2)}px  ${t.spacing(1)}px 0`,borderTop:`1px solid ${t.palette.divider}`}})),li=({resultRow:t})=>{const n=ri();return e.createElement(vr,null,e.createElement(br,{expandIcon:e.createElement(gl,null),"aria-controls":"result{$resultIndex}-content",id:t.permission.name},e.createElement(I,{container:!0},e.createElement(I,{item:!0,xs:12,md:4},e.createElement(h,{variant:"body1",className:n.permissionName,component:"h5"},e.createElement(J,{name:t.permission.name}))),e.createElement(I,{item:!0,xs:12,md:8},e.createElement(h,{variant:"body2"},t.roles.length>0?"For a user who has all the selected roles, the result will be:":"For a user with no assigned roles, the result will be:"),e.createElement(ni,{decision:t.decision})))),e.createElement(Cr,null,e.createElement("div",{className:n.detailsContainer},e.createElement(ti,{resultRow:t}))))},ai=C(t=>({header:{borderTop:`1px solid ${t.palette.divider}`,padding:`${t.spacing(3)}px ${t.spacing(1)}px`,borderBottom:`1px solid ${t.palette.divider}`},resultHeading:{marginBottom:t.spacing(1)},accordionHeader:{padding:`${t.spacing(1)}px ${t.spacing(6)}px ${t.spacing(1)}px ${t.spacing(0)}px`,margin:"0"}})),oi=({results:t,resolutionStrategy:n})=>{const r=ai();return t.length?e.createElement(e.Fragment,null,e.createElement("div",{className:r.header},e.createElement(h,{variant:"h5",component:"h4",color:"textPrimary",className:r.resultHeading},"Test results"),e.createElement(zt,{severity:"info"},"All the tests are evaluated using"," ",e.createElement("strong",null,n),", which is the policy resolution strategy")),e.createElement(I,{container:!0,className:r.accordionHeader},e.createElement(I,{item:!0,xs:12,md:4},e.createElement(h,{variant:"body1",color:"textSecondary"},"Permission")),e.createElement(I,{item:!0,xs:12,md:8},e.createElement(h,{variant:"body1",color:"textSecondary"},"Result"))),t.map(a=>e.createElement(li,{resultRow:a,key:a.permission.name}))):null},ii=jt.array(jt.string()),In=(t,n,r)=>{const[a,l]=Mt(`@spotify/backstage-plugin-rbac:policyTesterForm:${t}`,[],{raw:!1,serializer:i=>JSON.stringify(i),deserializer:i=>{let c;try{c=JSON.parse(i)}catch(s){return console.error("Failed to parse json",s),[]}const m=ii.safeParse(c);return m.success?m.data:(console.error(`Stored value for ${t} has the wrong shape`,m.error),[])}}),o=B(()=>a!=null?a:[],[a]);return G(()=>{const i=new Set(n),c=o.some(m=>!i.has(m));!r&&c&&l(o.filter(m=>i.has(m)))},[n,o,l,r]),[o,l]},ci=C(t=>({fieldset:{border:"none",margin:`${t.spacing(3)}px 0 ${t.spacing(3)}px`,paddingLeft:"0"}})),On=({children:t,title:n})=>{const r=ci();return e.createElement("fieldset",{className:r.fieldset},e.createElement(h,{variant:"h6",component:"legend"},n),t)},si=C(t=>({bodyText:{margin:`${t.spacing(1)}px 0`},clearButton:{marginLeft:t.spacing(1)}}));function mi(){const{policy:t}=Y(),{permissions:n,isLoading:r}=Ne(),a=B(()=>t.roles.map(f=>f.id),[t.roles]),l=B(()=>(n==null?void 0:n.map(f=>f.name))||[],[n]),[o,i]=In("roleIds",a),[c,m]=In("permissionNames",l,r),[s,p,u]=Io();G(()=>{u()},[t.roles,t.options,u]);const d=()=>{p(o,c)},x=()=>{i([]),m([]),u()},y=si();return e.createElement(at,null,e.createElement(E,{justifyContent:"space-between",padding:2},e.createElement(h,{variant:"h3"},"Policy Tester"),e.createElement(h,{variant:"body1",component:"p",className:y.bodyText},"Use the policy tester to check if your changes will provide the access you intended for a user that has the roles you select below."),e.createElement(On,{title:"Which permissions do you want to test?"},e.createElement(ko,{selectedPermissionNames:c,setSelectedPermissionNames:m})),e.createElement(On,{title:"Which roles should the simulated user have?"},e.createElement(Ro,{selectedRoleIds:o,setSelectedRoleIds:i})),e.createElement(E,{marginTop:3,component:"section"},e.createElement(P,{onClick:d,variant:"contained",color:"primary"},"Run tests"),e.createElement(P,{className:y.clearButton,color:"primary",variant:"outlined",startIcon:e.createElement(ul,null),onClick:x},"Clear")),s&&s.length?e.createElement(E,{sx:{flexGrow:1},marginTop:4},e.createElement(oi,{results:s,resolutionStrategy:t.options.resolutionStrategy})):null))}function di(){const{versionId:t}=tt();return Ge(t),e.createElement(Xe,{policyId:t},e.createElement(ui,null))}function ui(){const{policy:t,updateLocalDraft:n}=Y(),r=o=>{n({...t,name:o})},a=Pn(Ir.safeParse(t)).name,l=t.status!=="draft";return e.createElement(Ke,{pages:[{title:t.name}],header:e.createElement(We,{title:t.name,titleComponent:e.createElement(e.Fragment,null,e.createElement(tn,null,l?t.name:e.createElement(Nn,{invalid:a,name:"Policy name",value:t.name,onTextChange:r}),e.createElement(qt,{status:t.status})),pi(t))},e.createElement(So,null))},e.createElement(I,{container:!0,spacing:4},e.createElement(I,{item:!0,xs:12},t.roles.length>0?e.createElement(Do,null):e.createElement(To,{readonly:l})),e.createElement(I,{item:!0,xs:12},e.createElement(mi,null))))}function pi(t){const n={created:"Created by ",published:"Last published by ",updated:"Last updated by "},{activityDateText:r,activityUser:a,timestamp:l}=Xt(t,n);return e.createElement(h,{variant:"body2"},e.createElement(h,{component:"span",display:"inline",variant:"body2"},`${r} ${a} `),e.createElement(Qt,{timestamp:l}))}const Ei=C(t=>({card:n=>({marginTop:t.spacing(3),height:"100%","&:hover":n.readonly?{pointerEvents:"none"}:{}}),cardHeader:{paddingBottom:t.spacing(2),alignItems:"flex-start"},defaultChip:{marginLeft:t.spacing(1),marginBottom:0},title:{display:"flex",alignItems:"center",paddingTop:t.spacing(.5),paddingBottom:t.spacing(1)}}));function Bn(t){const n=Ei(t),{title:r,description:a,active:l,changeResolutionStrategy:o,defaultOption:i,readonly:c}=t,m=()=>{c||o()};return e.createElement(ee,{className:`${n.card}`,onClick:m},e.createElement(xr,{disabled:c},e.createElement(ge,null,e.createElement($t,{className:n.cardHeader,avatar:e.createElement(wr,{checked:l,color:"primary",disabled:c}),title:e.createElement("div",{className:n.title},e.createElement(h,{variant:"h6",component:"h2"},r),i?e.createElement(ce,{label:"Default",size:"small",className:n.defaultChip}):null),subheader:a}))))}const fi=C(t=>({title:{display:"flex",alignItems:"center",paddingBottom:t.spacing(2)},maxWidthWrapper:{maxWidth:"800px"},readOnlyChip:{marginLeft:t.spacing(1)},paragraph:{paddingBottom:t.spacing(1)}}));function yi(){const{versionId:t}=tt();return Ge(t),e.createElement(Xe,{policyId:t},e.createElement(gi,null))}function gi(){const t=fi(),{policy:n,updateLocalDraft:r}=Y(),a=q(),l=n.status!=="draft",o=i=>{r({...n,options:{...n.options,resolutionStrategy:i}})};return e.createElement(Ke,{pages:[{title:n.name,path:".."},{title:"Options"}],header:e.createElement(We,{title:"Options"},e.createElement(P,{variant:"outlined",color:"primary",onClick:()=>a("..",{relative:"path"})},"Back to policy"))},e.createElement(I,{item:!0,xs:12,className:t.maxWidthWrapper},e.createElement("div",null,e.createElement("div",{className:t.title},e.createElement(h,{variant:"h5",component:"h1"},"Decision resolution strategy"),l?e.createElement(ce,{label:"Read only",className:t.readOnlyChip}):null),e.createElement(h,{variant:"body2",component:"p",className:t.paragraph},"Multiple decisions from multiple roles could be applicable to a single user when authorizing a permission request. Please select the decision resolution strategy that makes sense for your policy."),e.createElement(h,{variant:"body2",component:"p",className:t.paragraph},"Please note this strategy will be applied to the whole policy and greatly affects the outcome of permission decisions."),e.createElement(Bn,{title:"Any-allow",changeResolutionStrategy:()=>o("any-allow"),readonly:l,defaultOption:!0,description:e.createElement(e.Fragment,null,e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"The first allow decision from all of the roles and decisions is the final result. A single explicit allow or an allow as a result of a conditional decision would result in a final allow decision, otherwise the decision is deny."),e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"With this option, the order of roles and decisions does not matter.")),active:n.options.resolutionStrategy==="any-allow"}),e.createElement(Bn,{title:"First match",changeResolutionStrategy:()=>o("first-match"),readonly:l,description:e.createElement(e.Fragment,null,e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"The first matching decision from the first matching role that is applicable to the user is the final result, regardless if that decision is an allow, deny or conditional."),e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"With this option, the order in which you define roles and decisions matters.")),active:n.options.resolutionStrategy==="first-match"}))))}function hi(){const t=nt(),{NotFoundErrorPage:n}=t.getComponents();return e.createElement(hl,{loading:e.createElement(ze,null),unauthorized:e.createElement(n,null)},e.createElement(Nl,null,e.createElement(vl,null,e.createElement(pa,null,e.createElement(Jn,null,e.createElement(Me,{element:e.createElement(la,null),path:"/"}),e.createElement(Me,{element:e.createElement(di,null),path:"/versions/:versionId"}),e.createElement(Me,{element:e.createElement(yi,null),path:"/versions/:versionId/options"}),e.createElement(Me,{element:e.createElement(bo,null),path:"/versions/:versionId/roles/:roleId"}))))))}export{hi as RBACRoot};
-//# sourceMappingURL=Root-dbaad539.esm.js.map

package/dist/esm/index-1291dce7.esm.js

@@ -1,2 +0,0 @@
-import{createApiRef as R,createRouteRef as B,createPlugin as C,createApiFactory as P,fetchApiRef as $,discoveryApiRef as U,createRoutableExtension as S,createComponentExtension as T}from"@backstage/core-plugin-api";import{ResponseError as O}from"@backstage/errors";var k=Object.defineProperty,E=(e,i,t)=>i in e?k(e,i,{enumerable:!0,configurable:!0,writable:!0,value:t}):e[i]=t,m=(e,i,t)=>(E(e,typeof i!="symbol"?i+"":i,t),t),j=(e,i,t)=>{if(!i.has(e))throw TypeError("Cannot "+t)},p=(e,i,t)=>{if(i.has(e))throw TypeError("Cannot add the same private member more than once");i instanceof WeakSet?i.add(e):i.set(e,t)},a=(e,i,t)=>(j(e,i,"access private method"),t),y,A,d,w,r,o;const b=R({id:"plugin.rbac"});class I{constructor(i){p(this,y),p(this,d),p(this,r),m(this,"fetchApi"),m(this,"discoveryApi"),this.fetchApi=i.fetchApi,this.discoveryApi=i.discoveryApi}async getPolicies(){const{fetch:i}=this.fetchApi,t=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/policies`);return a(this,r,o).call(this,t)}async getPolicy(i){const{fetch:t}=this.fetchApi,s=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${i}`);return a(this,r,o).call(this,s)}async getActivePolicy(){const{fetch:i}=this.fetchApi,t=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/active`);return a(this,r,o).call(this,t)}async searchMembers(i){const{fetch:t}=this.fetchApi,s=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/members?query=${encodeURIComponent(i.query)}`);return a(this,r,o).call(this,s)}async authorize(){const{fetch:i}=this.fetchApi,t=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/authorize`);return a(this,r,o).call(this,t)}async createDraft(i){const{fetch:t}=this.fetchApi,s=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies`,{method:"POST",body:JSON.stringify(i),headers:{"Content-Type":"application/json"}});return a(this,r,o).call(this,s)}async updateDraft(i,t){const{fetch:s}=this.fetchApi,c=await s(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${i}`,{method:"PATCH",body:JSON.stringify(t),headers:{"Content-Type":"application/json"}});return a(this,r,o).call(this,c)}async deleteDraft(i){const{fetch:t}=this.fetchApi,s=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${i}`,{method:"DELETE"});return a(this,r,o).call(this,s)}async publishPolicy(i,t){const{fetch:s}=this.fetchApi,c=await s(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${i}/publish`,{method:"PUT",headers:{"Content-Type":"application/json"},body:JSON.stringify(t)});return a(this,r,o).call(this,c)}async testPolicyDecisions(i){return await Promise.all(i.map(async t=>{const{policyConfig:s,roleIds:c,permission:h}=t,{decision:n,decisionOrigin:l}=await a(this,y,A).call(this,s,c,h);return{decision:n,permission:h,decisionOrigin:l}}))}async fetchAllPermissionMetadata(i){const t=await Promise.all(i.map(s=>a(this,d,w).call(this,s)));return{permissions:t.flatMap(({permissions:s})=>s),rules:t.flatMap(({rules:s})=>s)}}}y=new WeakSet,A=async function(e,i,t){const{fetch:s}=this.fetchApi,c=await s(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/test-policy-decision`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({policyConfig:e,roleIds:i,permission:t})});return a(this,r,o).call(this,c)},d=new WeakSet,w=async function(e){var i,t,s,c;const h=await this.discoveryApi.getBaseUrl(e);let n;try{n=await(await this.fetchApi.fetch(`${h}/.well-known/backstage/permissions/metadata`)).json()}catch{return{permissions:[],rules:[]}}const l=(t=(i=n.permissions)==null?void 0:i.filter(Boolean))!=null?t:[],v=(c=(s=n.rules)==null?void 0:s.filter(Boolean))!=null?c:[];return{permissions:l,rules:v.map(g=>({...g,pluginId:e}))}},r=new WeakSet,o=async function(e){var i,t;if(e.ok)return e.status===204?void 0:e.json();const s=await O.fromResponse(e);throw s.message=(t=(i=s.body.error.message)!=null?i:s.message)!=null?t:"Unknown error",s};const f=B({id:"rbac"}),u=C({id:"rbac",routes:{root:f},apis:[P({api:b,deps:{fetchApi:$,discoveryApi:U},factory(e){return new I(e)}})]}),D=u.provide(S({name:"RBACRoot",component:()=>import("./Root-dbaad539.esm.js").then(e=>e.RBACRoot),mountPoint:f})),J=u.provide(T({name:"RBACSidebarItem",component:{lazy:()=>import("./RBACSidebarItem-2a1cccb8.esm.js").then(e=>e.RBACSidebarItem)}}));export{D as R,f as a,u as b,J as c,b as r};
-//# sourceMappingURL=index-1291dce7.esm.js.map