npm - @spotify/backstage-plugin-rbac - Versions diffs - 0.5.8 → 0.5.10 - Mend

@spotify/backstage-plugin-rbac 0.5.8 → 0.5.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/CHANGELOG.md +21 -2
package/README.md +6 -0
package/dist/esm/{Authorized-051797a2.esm.js → Authorized-8bca4a90.esm.js} +2 -2
package/dist/esm/{RBACSidebarItem-1be44d99.esm.js → RBACSidebarItem-2a1cccb8.esm.js} +2 -2
package/dist/esm/Root-dbaad539.esm.js +3 -0
package/dist/esm/index-1291dce7.esm.js +2 -0
package/dist/index.esm.js +1 -1
package/package.json +18 -17
package/dist/esm/Root-ce389844.esm.js +0 -3
package/dist/esm/index-72180512.esm.js +0 -2

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,26 @@
 # @spotify/backstage-plugin-rbac
+## 0.5.10
+### Patch Changes
+- Added a policy tester for checking the behavior of RBAC policies. The policy tester is designed to display simulated policy decisions for a given set of permissions, helping you ensure that the configured policy returns the expected decisions. For each [Permission](https://backstage.io/docs/permissions/concepts#permission) selected in the UI, the policy tester will output the decision that would be returned by the policy in question for a user assigned to all of the selected policy roles. If the given permission request requires certain conditions to be met, the policy tester will list exactly which conditions would be required. You can find the policy tester in the Policy page of any active, draft, or previous policy.
+- Fixed a bug where stale data could be shown in the UI after publishing a policy
+- Updated dependency `vanilla-jsoneditor` to `^0.20.0`.
+- Updated dependency `vanilla-jsoneditor` to `^0.19.0`.
+- Updated dependencies
+  - @spotify/backstage-plugin-rbac-common@0.5.9
+## 0.5.9
+### Patch Changes
+- Upgraded Backstage to `v1.20.3`.
+- Updated dependency `cross-fetch` to `^4.0.0`.
+- Updated dependencies
+  - @spotify/backstage-plugin-rbac-common@0.5.8
+  - @spotify/backstage-plugin-core@0.5.8
 ## 0.5.8
 ### Patch Changes
@@ -16,8 +37,6 @@
 - Mark package as being free of side effects, allowing more optimized Webpack builds.
 - Updated dependency `@testing-library/jest-dom` to `^6.0.0`.
 - Upgraded Backstage to v1.18.1
-- Updated dependencies
-- Updated dependencies
 - Updated dependencies
   - @spotify/backstage-plugin-rbac-common@0.5.6
   - @spotify/backstage-plugin-core@0.5.6

package/README.md CHANGED Viewed

@@ -208,3 +208,9 @@ You can change the decision resolution strategy for a policy and read more about
 2. Select `Options`.
 3. Select which resolution strategy makes sense for your policy.
 4. Click `Back to Policy` when you are done. Your policy will be automatically updated with your selection, and it will be saved and/or published when save and publish your policy.
+### Policy tester
+The policy tester is designed to display simulated policy decisions for a given set of permissions, helping you ensure that the configured policy returns the expected decisions. For each [Permission](https://backstage.io/docs/permissions/concepts#permission) selected in the UI, the policy tester will output the decision that would be returned by the policy in question for a user assigned to all of the selected policy roles. If the given permission request requires certain conditions to be met, the policy tester will list exactly which conditions would be required.
+You can find the policy tester in the Policy page of any active, draft, or previous policies.

package/dist/esm/{Authorized-051797a2.esm.js → Authorized-8bca4a90.esm.js} RENAMED Viewed

@@ -1,2 +1,2 @@
-import{useApi as i}from"@backstage/core-plugin-api";import e from"react";import u from"react-use/lib/useAsync";import{r as m}from"./index-72180512.esm.js";function p({children:n,loading:l=null,unauthorized:o=null}){var r;const a=i(m),t=u(()=>a.authorize(),[]);return t.loading?e.createElement(e.Fragment,null,l):(r=t.value)!=null&&r.authorized?e.createElement(e.Fragment,null,n):e.createElement(e.Fragment,null,o)}export{p as A};
-//# sourceMappingURL=Authorized-051797a2.esm.js.map
+import{useApi as i}from"@backstage/core-plugin-api";import e from"react";import u from"react-use/lib/useAsync";import{r as m}from"./index-1291dce7.esm.js";function p({children:n,loading:l=null,unauthorized:o=null}){var r;const a=i(m),t=u(()=>a.authorize(),[]);return t.loading?e.createElement(e.Fragment,null,l):(r=t.value)!=null&&r.authorized?e.createElement(e.Fragment,null,n):e.createElement(e.Fragment,null,o)}export{p as A};
+//# sourceMappingURL=Authorized-8bca4a90.esm.js.map

package/dist/esm/{RBACSidebarItem-1be44d99.esm.js → RBACSidebarItem-2a1cccb8.esm.js} RENAMED Viewed

@@ -1,2 +1,2 @@
-import t from"react";import e from"@material-ui/icons/Lock";import{SidebarItem as m}from"@backstage/core-components";import{A as i}from"./Authorized-051797a2.esm.js";import"@backstage/core-plugin-api";import"react-use/lib/useAsync";import"./index-72180512.esm.js";import"@backstage/errors";function p({text:r="RBAC",...o}){return t.createElement(i,null,t.createElement(m,{icon:e,to:"rbac",text:r,...o}))}export{p as RBACSidebarItem};
-//# sourceMappingURL=RBACSidebarItem-1be44d99.esm.js.map
+import t from"react";import e from"@material-ui/icons/Lock";import{SidebarItem as m}from"@backstage/core-components";import{A as i}from"./Authorized-8bca4a90.esm.js";import"@backstage/core-plugin-api";import"react-use/lib/useAsync";import"./index-1291dce7.esm.js";import"@backstage/errors";function p({text:r="RBAC",...o}){return t.createElement(i,null,t.createElement(m,{icon:e,to:"rbac",text:r,...o}))}export{p as RBACSidebarItem};
+//# sourceMappingURL=RBACSidebarItem-2a1cccb8.esm.js.map

package/dist/esm/Root-dbaad539.esm.js ADDED Viewed

@@ -0,0 +1,3 @@
+import e,{createContext as Ie,useState as A,useCallback as $,useMemo as B,useContext as Oe,useEffect as G,Fragment as Be,useRef as ae,Children as wt,isValidElement as Le,useReducer as Gn,useLayoutEffect as _n}from"react";import{useNavigate as q,Link as Yn,useParams as tt,Routes as Jn,Route as Me}from"react-router-dom";import{useApi as k,configApiRef as qn,alertApiRef as oe,useRouteRef as Kn,useApp as nt}from"@backstage/core-plugin-api";import ye from"react-use/lib/useAsync";import{isResourcePermission as rt,AuthorizeResult as F}from"@backstage/plugin-permission-common";import{r as W,a as Qn}from"./index-1291dce7.esm.js";import{forEach as Xn,mapValues as Zn,groupBy as er,uniq as tr}from"lodash";import{Breadcrumbs as nr,Link as ie,Page as rr,Header as lr,Content as ar,EmptyState as Fe,Progress as ze,ErrorPanel as Dt,Table as or,ContentHeader as We,UserIcon as ir}from"@backstage/core-components";import Nt from"react-use/lib/useMount";import{makeStyles as C,Typography as h,Container as cr,Grid as I,Button as P,Card as ee,CardContent as ge,Box as E,Chip as ce,Tooltip as he,List as sr,ListItem as Pt,ListItemIcon as se,ListItemText as Q,CardActions as mr,Dialog as me,DialogContent as te,DialogTitle as He,TextField as ve,DialogActions as lt,CircularProgress as Tt,IconButton as _,Checkbox as be,TableRow as H,TableCell as w,debounce as dr,Table as je,TableHead as Ue,TableBody as Ve,Tabs as ur,Tab as pr,FormControl as Ce,InputLabel as de,Select as xe,MenuItem as j,Menu as St,FormControlLabel as At,FormHelperText as Rt,Popper as Er,Paper as at,Divider as ot,DialogContentText as fr,ButtonBase as yr,CardHeader as $t,ButtonGroup as gr,MenuList as it,Input as kt,TableContainer as hr,Accordion as vr,AccordionSummary as br,AccordionDetails as Cr,CardActionArea as xr,Radio as wr}from"@material-ui/core";import{SpotifyLicenseBanner as Dr,useAutoUpdatingRelativeTime as Nr,invariant as Ge}from"@spotify/backstage-plugin-core";import ue from"react-use/lib/useAsyncFn";import Pr,{dump as Tr}from"js-yaml";import{PolicyConfigParser as _e,isConditionalDecision as Ye,isAllOfPermissionCriteria as Sr,isAnyOfPermissionCriteria as Ar,isNotPermissionCriteria as Rr,isMatchingPermission as $r,BackstageUserPlaceholder as we,RoleParser as kr,getMatchingRolePermissions as It,UpdateDraftRequestParser as Ir}from"@spotify/backstage-plugin-rbac-common";import{v4 as pe}from"uuid";import Ot from"lodash/keyBy";import Or from"lodash/isEqual";import Bt from"@material-ui/icons/ReportProblemOutlined";import Br from"@material-ui/icons/CalendarToday";import Lt from"@material-ui/icons/Person";import Lr from"@material-ui/icons/FiberManualRecord";import{DateTime as Je}from"luxon";import Mt from"react-use/lib/useLocalStorage";import{saveAs as Mr}from"file-saver";import Ft from"lodash/omit";import Fr from"lodash/pickBy";import ct from"@material-ui/icons/Close";import zr from"@material-ui/icons/Publish";import Wr from"@material-ui/icons/FilterNone";import{parseEntityRef as ne,DEFAULT_NAMESPACE as Hr}from"@backstage/catalog-model";import{humanizeEntityRef as jr,catalogApiRef as Ur}from"@backstage/plugin-catalog-react";import{Autocomplete as st,Alert as zt,ToggleButton as Vr,ToggleButtonGroup as Gr}from"@material-ui/lab";import{List as _r}from"react-virtualized";import De from"@material-ui/icons/Delete";import Yr from"@material-ui/icons/Group";import Jr from"@material-ui/icons/GroupWork";import Wt from"@material-ui/icons/Info";import Ht from"ajv";import qr from"lodash/uniqBy";import{JSONEditor as Kr,isTextContent as Qr,createAjvValidator as Xr,Mode as Zr}from"vanilla-jsoneditor";import mt from"@material-ui/icons/Add";import el from"@material-ui/icons/Remove";import tl from"@material-ui/icons/Edit";import nl from"@material-ui/icons/Check";import rl from"@material-ui/icons/KeyboardArrowDown";import ll from"@material-ui/icons/KeyboardArrowUp";import al from"../images/no-permissions.svg";import ol from"../images/no-roles.svg";import il from"@material-ui/icons/MoreHoriz";import cl from"@material-ui/icons/Undo";import sl from"@material-ui/icons/Save";import ml from"@material-ui/icons/Settings";import dl from"@material-ui/icons/VerticalAlignTop";import ul from"@material-ui/icons/Clear";import pl from"@material-ui/icons/InfoOutlined";import El from"@material-ui/icons/AccountTreeOutlined";import fl from"@material-ui/icons/CheckSharp";import yl from"@material-ui/icons/NotInterested";import gl from"@material-ui/icons/ExpandMore";import{z as jt}from"zod";import{A as hl}from"./Authorized-8bca4a90.esm.js";import"@backstage/errors";const Ut=Ie(null),vl=({children:t})=>{const n=k(qn),r=k(W),a=k(oe),[l,o]=A(null),i=$(async()=>{var c;if(!l){const m=await r.fetchAllPermissionMetadata((c=n.getOptionalStringArray("permission.permissionedPlugins"))!=null?c:[]),s=Cl(m.rules);Xn(s,u=>{u.length!==1&&a.post({message:`The plugin(s) ${u.slice(1).join(", ")} expose rules which are conflicting with rules exposed by the ${u[0]} plugin. These rules will not be available for use. Please contact RBAC support if you need assistance resolving this issue.`,severity:"error"})});const p=xl(m,s);return o(p),p}return l},[a,l,r,n]);return e.createElement(Ut.Provider,{value:B(()=>({getMetadata:i}),[i])},t)};function qe(){const t=Oe(Ut),{value:n,loading:r}=ye(async()=>t==null?void 0:t.getMetadata(),[t]);return{metadata:n,isLoading:r}}function Vt(){var t;const{metadata:n}=qe();return(t=n==null?void 0:n.rules)!=null?t:null}function Ne(){var t;const{metadata:n,isLoading:r}=qe();return{permissions:(t=n==null?void 0:n.permissions)!=null?t:null,isLoading:r}}function Gt(){const{metadata:t}=qe();return t?[...new Set(t.permissions.filter(n=>rt(n)).map(({resourceType:n})=>n))]:null}function bl(){const{metadata:t}=qe(),n=Gt();return!t||!n?null:n.reduce((r,a)=>{const l=t.rules.find(o=>o.resourceType===a);return l&&(r[a]={pluginId:l.pluginId}),r},{})}function Cl(t){return Zn(er(t,"resourceType"),n=>tr(n.map(({pluginId:r})=>r)))}function xl(t,n){return{...t,rules:t.rules.filter(({resourceType:r,pluginId:a})=>{const l=n[r];return a===l[0]})}}const wl=C(t=>({breadcrumbs:{marginBottom:t.spacing(4)}}));function Dl({pages:t}){const n=Kn(Qn),r=wl();return e.createElement(nr,{className:r.breadcrumbs},e.createElement(ie,{to:n()},"Home"),t.map(({title:a,path:l},o)=>l?e.createElement(ie,{to:l,key:l,relative:"path"},a):e.createElement(h,{key:`${o}`},a)))}function Ke({children:t,header:n,pages:r}){return e.createElement(rr,{themeId:"tool"},e.createElement(Dr,{backend:"rbac",invalidLicenseMessage:"Your existing policy will continue to apply, but you will be unable to make any changes until you enter a valid license."}),e.createElement(lr,{title:"Role Based Access Control"}),e.createElement(ar,null,e.createElement(cr,{maxWidth:"lg"},e.createElement(I,{container:!0,spacing:4},e.createElement(I,{item:!0,xs:12},r&&e.createElement(Dl,{pages:r}),n),t))))}const _t=Ie({hasDraftPolicy:!1,policies:void 0,setPolicies:()=>{},setPolicy:()=>{},getPolicy:()=>{},removePolicy:()=>{}}),Qe=()=>Oe(_t);function Nl({children:t,initialState:n={policies:void 0,cache:{}}}){const[r,a]=A(n),l=$(m=>{a(s=>({...s,policies:m,cache:Yt(s.cache,m)}))},[]),o=$(m=>r.cache[m],[r.cache]),i=$(m=>a(s=>({...s,cache:{...s.cache,[m]:void 0},policies:void 0})),[]),c=$(m=>a(s=>({...s,policies:void 0,cache:Yt(s.cache,[m])})),[]);return e.createElement(_t.Provider,{value:B(()=>{var m;return{hasDraftPolicy:((m=r.policies)==null?void 0:m.some(({status:s})=>s==="draft"))||!1,policies:r.policies,setPolicies:l,setPolicy:c,getPolicy:o,removePolicy:i}},[r.policies,l,c,o,i])},t)}function Yt(t,n){if(!n)return t;const r={...t};return n.forEach(a=>{r[a.id]=a}),r}const Pe=()=>{const t=k(W),{setPolicies:n,policies:r}=Qe(),[{loading:a,error:l},o]=ue(()=>t.getPolicies(),[t],r?{loading:!1,value:{items:r,totalItems:r.length}}:{loading:!0}),i=$(async()=>{const c=await o();n(c.items)},[o,n]);return{loading:a,error:l,fetchPolicies:i}};function Pl(){const t=k(W),n=q(),r=k(oe);function a(l){var o,i;const c=(i=(o=l.target)==null?void 0:o.files)==null?void 0:i[0],m=new FileReader;c&&(m.readAsText(c,"utf-8"),m.onload=async s=>{var p,u;const d=(u=(p=s.target)==null?void 0:p.result)==null?void 0:u.toString();if(d){let x=null;try{x=Pr.load(d)}catch{r.post({message:"YAML file is invalid",severity:"error"});return}const y=_e.safeParse(x);if(!y.success){r.post({message:"Imported policy is invalid",severity:"error"});return}const f=y.data;if((await t.getPolicies()).items.some(N=>N.status==="draft")){r.post({message:"Unable to import new policy due to existing draft policy",severity:"error"});return}const g=await t.createDraft(f);n(`./versions/${g.id}`),r.post({message:"Policy imported successfully",severity:"success"})}})}return e.createElement(P,{variant:"outlined",color:"primary",component:"label"},"Import",e.createElement("input",{role:"input",type:"file",hidden:!0,onChange:a,accept:".yaml"}))}const Tl=C(t=>({cardContent:{padding:t.spacing(6,3),"& > *":{background:"transparent"}}}));function Sl(){const t=Tl(),n=k(W),r=q(),[a,l]=ue(async()=>n.createDraft({roles:[],options:{resolutionStrategy:"any-allow"}}),[n]);return G(()=>{a.value&&r(`./versions/${a.value.id}`)},[r,a.value]),e.createElement(ee,null,e.createElement(ge,{className:t.cardContent},e.createElement(Fe,{missing:"content",title:"No policy configured",description:e.createElement(e.Fragment,null,e.createElement(E,{component:"span",display:"block",pb:2},"Until you've configured your policy, authorization will be denied for all permissions."),e.createElement(E,{component:"span",display:"block"},"Click the button below to create the first version of your policy.")),action:e.createElement(P,{variant:"contained",color:"primary",disabled:a.loading,onClick:l},"New version")})))}function Al(t){var n,r;return((r=(n=t==null?void 0:t.body)==null?void 0:n.response)==null?void 0:r.statusCode)===404}const Rl=(t,n)=>{const r={resolutionStrategy:{operation:"UNCHANGED",before:t==null?void 0:t.resolutionStrategy,after:n==null?void 0:n.resolutionStrategy}};for(const a of Object.keys(r)){const l=a;r[l].before!==r[l].after&&(r[l].operation="CHANGED")}return r},dt=(t,n)=>{const r=Object.entries(t);for(const[,a]of r){const l=n(a);for(const[,o]of r){const i=n(o);i.operation!=="ADDED"&&i.operation!=="REMOVED"&&(l.operation==="ADDED"&&l.indexAfter<i.indexAfter?i.indexBefore+=1:l.operation==="REMOVED"&&l.indexBefore<i.indexBefore&&(i.indexBefore-=1))}}for(const[,a]of r){const l=n(a);l.operation==="UNCHANGED"&&l.indexAfter!==l.indexBefore&&(l.operation=l.indexAfter>l.indexBefore?"MOVED_DOWN":"MOVED_UP")}return t},ut=(t,n)=>{if(t==="*")return n==="*"?{"*":{operation:"UNCHANGED",after:"*",before:"*",indexAfter:0,indexBefore:0}}:{"*":{operation:"REMOVED",after:null,before:"*",indexAfter:-1,indexBefore:0},...Object.fromEntries(n.map((a,l)=>[a,{operation:"ADDED",after:a,before:null,indexAfter:l,indexBefore:-1}]))};if(n==="*")return{"*":{operation:"ADDED",after:"*",before:null,indexAfter:0,indexBefore:-1},...Object.fromEntries(t.map((a,l)=>[a,{operation:"REMOVED",after:null,before:a,indexAfter:-1,indexBefore:l}]))};const r=Object.fromEntries(n.map((a,l)=>[a,{operation:"ADDED",after:a,before:null,indexAfter:l,indexBefore:-1}]));for(let a=0;a<t.length;a++){const l=t[a];r[l]?(r[l].before=l,r[l].indexBefore=a,r[l].operation="UNCHANGED"):r[l]={operation:"REMOVED",after:null,before:l,indexAfter:-1,indexBefore:a}}return dt(r,a=>a)},pt=(t,n)=>{const r=Ot(n,"id"),a=Object.fromEntries(n.map((l,o)=>[l.id,{operation:"ADDED",indexAfter:o,indexBefore:-1,after:l,before:null}]));for(let l=0;l<t.length;l++){const o=t[l];if(a[o.id]){const i=!Or(o,r[o.id]);a[o.id].before=o,a[o.id].indexBefore=l,a[o.id].operation=i?"CHANGED":"UNCHANGED"}else a[o.id]={operation:"REMOVED",after:null,before:o,indexAfter:-1,indexBefore:l}}return dt(a,l=>l)},$l=(t=[],n=[])=>{const r=Ot(n,"id"),a=Object.fromEntries(n.map((l,o)=>[l.id,{role:{operation:"ADDED",indexAfter:o,indexBefore:-1,after:l,before:null},members:ut([],l.members),permissions:pt([],l.permissions)}]));for(let l=0;l<t.length;l++){const o=t[l];if(r[o.id]){const i=r[o.id],c=ut(o.members,i.members),m=pt(o.permissions,i.permissions),s=Object.values(m).some(({operation:d})=>d!=="UNCHANGED"),p=Object.values(c).some(({operation:d})=>d!=="UNCHANGED"),u=o.name!==i.name||s||p;a[o.id].role.before=o,a[o.id].role.indexBefore=l,a[o.id].role.operation=u?"CHANGED":"UNCHANGED",a[o.id].members=c,a[o.id].permissions=m}else a[o.id]={role:{operation:"REMOVED",after:null,before:o,indexAfter:-1,indexBefore:l},members:ut(o.members,[]),permissions:pt(o.permissions,[])}}return dt(a,({role:l})=>l)},kl=(t,n)=>{const r=$l((t==null?void 0:t.roles)||[],n.roles||[]),a=Rl(t==null?void 0:t.options,n.options),l=(t==null?void 0:t.name)!==n.name,o=Object.values(a).some(({operation:i})=>i!=="UNCHANGED");return{policy:{operation:l||o?"CHANGED":"UNCHANGED",before:t,after:n},roles:r,options:a}},Jt=t=>{const n=k(W),{value:r,loading:a,error:l}=ye(()=>n.getActivePolicy(),[n]);return B(()=>t&&!a&&!l?kl(r,t):null,[r,t,a,l])},Il=C(t=>({chip:{margin:0},icon:{color:t.palette.success.main}}));function qt(t){const n=Il();return t.status==="inactive"?null:t.status==="draft"?e.createElement(ce,{className:n.chip,label:"Draft",size:t.size}):e.createElement(ce,{className:n.chip,classes:{icon:n.icon},label:"Active",icon:e.createElement(Lr,null),size:t.size})}const Ol=(t,n)=>{switch(n){case"ADDED":return t.palette.success.main;case"REMOVED":return t.palette.errorText;case"CHANGED":return t.palette.infoText;case"MOVED_UP":case"MOVED_DOWN":return t.palette.infoText;case"UNCHANGED":default:return t.palette.text.primary}},Bl=t=>{switch(t){case"ADDED":return"success";case"REMOVED":return"error";case"CHANGED":return"info";case"MOVED_UP":case"MOVED_DOWN":return"info";case"UNCHANGED":default:return"info"}},Ll=t=>{switch(t){case"ADDED":return"New";case"REMOVED":return"Removed";case"CHANGED":return"Changed";case"MOVED_UP":return"Moved up";case"MOVED_DOWN":return"Moved down";case"UNCHANGED":default:return"No changes"}};function Ml(t){var n;return Ye(t.decision)?"Conditional":(n={allow:"Allow",deny:"Deny"}[t.decision])!=null?n:"Unknown"}function Et(t){var n;if(t.match==="*")return"All";if(t.match.name)return t.match.name;const r=[];return t.match.resourceType&&r.push(t.match.resourceType),(n=t.match.actions)!=null&&n.length&&r.push(t.match.actions.join(", ")),r.join(" | ")}const Fl=C(t=>({root:({operation:n})=>({color:Ol(t,n)})})),z=t=>e.createElement(h,{...t,variant:"body2"}),D=t=>{const n=Fl(t);return e.createElement(E,{...t,className:n.root,component:"span",fontWeight:"fontWeightBold"})},Kt=({policy:t})=>{var n,r,a,l;const o=Jt(t),i=(o==null?void 0:o.policy.operation)==="CHANGED"||Object.values((n=o==null?void 0:o.roles)!=null?n:{}).some(u=>u.role.operation!=="UNCHANGED")||((r=o==null?void 0:o.options)==null?void 0:r.resolutionStrategy.operation)==="CHANGED";if(!o||!i)return e.createElement(E,null,"No changes");const c=!!o.policy.before&&!!o.policy.after&&o.policy.before.name!==o.policy.after.name,m=o.options.resolutionStrategy.operation==="CHANGED",s=({before:u,after:d})=>u&&d&&u.name!==d.name,p=({operation:u})=>u!=="ADDED"&&u!=="REMOVED";return e.createElement(E,null,c&&e.createElement(z,null,"Policy name ",e.createElement(D,{operation:"CHANGED"},"changed")," from"," ",e.createElement(D,null,'"',(a=o.policy.before)==null?void 0:a.name,'"')," to"," ",e.createElement(D,null,'"',(l=o.policy.after)==null?void 0:l.name,'"')),m&&e.createElement(z,null,"Resolution Strategy ",e.createElement(D,{operation:"CHANGED"},"changed")," ","from ",e.createElement(D,null,'"',o.options.resolutionStrategy.before,'"')," to"," ",e.createElement(D,null,'"',o.options.resolutionStrategy.after,'"')),Object.entries(o.roles).map(([u,{role:d,permissions:x,members:y}])=>{var f,g,N,S,O,U;return e.createElement(Be,{key:u},d.operation==="ADDED"&&e.createElement(z,null,"Role ",e.createElement(D,null,'"',(f=d.after)==null?void 0:f.name,'"')," has been"," ",e.createElement(D,{operation:"ADDED"},"added")),d.operation==="REMOVED"&&e.createElement(z,null,"Role ",e.createElement(D,null,'"',(g=d.before)==null?void 0:g.name,'"')," has been"," ",e.createElement(D,{operation:"REMOVED"},"removed")),s(d)&&e.createElement(z,null,"Role name changed from ",e.createElement(D,null,'"',(N=d.before)==null?void 0:N.name,'"')," ","to ",e.createElement(D,null,'"',(S=d.after)==null?void 0:S.name,'"')),d.indexAfter>d.indexBefore&&d.indexBefore!==-1&&e.createElement(z,null,"Role ",e.createElement(D,null,'"',(O=d.after)==null?void 0:O.name,'"')," has been"," ",e.createElement(D,{operation:"MOVED_DOWN"},"moved down")," in priority"),d.indexAfter<d.indexBefore&&d.indexAfter!==-1&&e.createElement(z,null,"Role ",e.createElement(D,null,'"',(U=d.after)==null?void 0:U.name,'"')," has been"," ",e.createElement(D,{operation:"MOVED_UP"},"moved up")," in priority"),p(d)&&e.createElement(e.Fragment,null,Object.entries(x).map(([M,b])=>{var T,v,R,L,re;const{before:X,after:Ee}=b,le=X&&Et(X),Z=Ee&&Et(Ee);return e.createElement(Be,{key:M},b.operation==="ADDED"&&b.after&&e.createElement(z,null,"Permission decision"," ",e.createElement(D,null,'"',Z,'"')," has been"," ",e.createElement(D,{operation:"ADDED"},"added")," to"," ",e.createElement(D,null,'"',(T=d.after)==null?void 0:T.name,'"')),b.operation==="REMOVED"&&b.before&&e.createElement(z,null,"Permission decision"," ",e.createElement(D,null,'"',le,'"')," has been"," ",e.createElement(D,{operation:"REMOVED"},"removed")," ","from ",e.createElement(D,null,'"',(v=d.after)==null?void 0:v.name,'"')),b.operation==="CHANGED"&&e.createElement(z,null,le!==Z?e.createElement(e.Fragment,null,"Permission decision"," ",e.createElement(D,null,'"',le,'"')," has been"," ",e.createElement(D,{operation:"CHANGED"},"updated")," ","to ",e.createElement(D,null,'"',Z,'"')):e.createElement(e.Fragment,null,"Permission decision"," ",e.createElement(D,null,'"',le,'"')," has been"," ",e.createElement(D,{operation:"CHANGED"},"updated"))," ","in ",e.createElement(D,null,'"',(R=d.after)==null?void 0:R.name,'"')),b.indexAfter>b.indexBefore&&b.indexBefore!==-1&&e.createElement(z,null,"Permission decision"," ",e.createElement(D,null,'"',Z,'"')," has been"," ",e.createElement(D,{operation:"MOVED_DOWN"},"moved down")," ","in priority in"," ",e.createElement(D,null,'"',(L=d.after)==null?void 0:L.name,'"')),b.indexAfter<b.indexBefore&&b.indexAfter!==-1&&e.createElement(z,null,"Permission decision"," ",e.createElement(D,null,'"',Z,'"')," has been"," ",e.createElement(D,{operation:"MOVED_UP"},"moved up")," ","in priority in"," ",e.createElement(D,null,'"',(re=d.after)==null?void 0:re.name,'"')))}),Object.entries(y).map(([M,b])=>{var T,v;return e.createElement(Be,{key:M},b.operation==="ADDED"&&b.after&&e.createElement(z,null,"Member ",e.createElement(D,null,'"',b.after,'"')," has been"," ",e.createElement(D,{operation:"ADDED"},"added")," to"," ",e.createElement(D,null,'"',(T=d.after)==null?void 0:T.name,'"')),b.operation==="REMOVED"&&b.before&&e.createElement(z,null,"Member ",e.createElement(D,null,'"',b.before,'"')," has been"," ",e.createElement(D,{operation:"REMOVED"},"removed")," from"," ",e.createElement(D,null,'"',(v=d.after)==null?void 0:v.name,'"')))})))}))},zl=C(()=>({root:{display:"inline-flex"}})),Qt=({timestamp:t,description:n})=>{const r=zl(),a=Je.fromISO(t).toLocaleString(Je.DATETIME_FULL),l=Nr(t),o=n?`${n}${l}`:l;return e.createElement("span",{className:r.root},e.createElement(he,{title:a},e.createElement(h,{component:"span",display:"inline",variant:"inherit"},o)))};function Xt(t,n,r){var a,l;let o=n.created,i=t.createdBy;r!=null&&r.created&&(i=r.created+i);let c=t.createdAt;return t.status==="active"?(o=n.published,i=(a=t.lastPublishedBy)!=null?a:"",r!=null&&r.published&&(i=r.published+i),c=(l=t.lastPublishedAt)!=null?l:""):t.createdAt!==t.updatedAt&&(o=n.updated,i=t.updatedBy,r!=null&&r.updated&&(i=r.updated+i),c=t.updatedAt),{activityDateText:o,activityUser:i,timestamp:c}}const Wl=C(t=>({card:n=>({backgroundImage:n.policy.status==="active"?"linear-gradient(256.15deg, #00782A 19.77%, #1DB954 100%)":"linear-gradient(256.15deg, #BDBDBD 19.77%, #EEEEEE 100%)",backgroundPosition:"top",backgroundSize:"100% 8px",backgroundRepeat:"no-repeat",paddingTop:"8px",height:"100%"}),diffSummaryContainer:{backgroundColor:t.palette.background.default,padding:t.spacing(2),borderWidth:"1px",borderStyle:"solid",borderColor:t.palette.divider,borderRadius:t.shape.borderRadius},header:{display:"flex",justifyContent:"space-between",alignItems:"center"},detailsHeader:{...t.typography.body1,paddingTop:t.spacing(2),color:t.palette.text.secondary},activityList:{color:t.palette.text.secondary},activityListItem:{padding:0},actions:{justifyContent:"flex-start"}}));function Te(t){const n=Wl(t),{policy:r,to:a,withChangeSummary:l}=t,o=`${r.name} ${r.status==="draft"?"- Draft":""}`,i={created:"Created: ",published:"Published: ",updated:"Updated: "},c={created:"Created by ",published:"Published by ",updated:"Updated by "},{activityDateText:m,activityUser:s,timestamp:p}=Xt(r,i,c);return e.createElement(ee,{className:n.card},e.createElement(ge,null,e.createElement("div",{className:n.header},a?e.createElement(ie,{to:`versions/${r.id}`},e.createElement(h,{variant:"h5",component:"h1"},o)):e.createElement(h,{variant:"h5",component:"h1"},o),r.status==="active"?e.createElement(qt,{status:"active",size:"small"}):null),r.description?e.createElement(h,{variant:"body1",color:"textSecondary"},'"',r.description,'"'):null,e.createElement(h,{component:"h2",className:n.detailsHeader},"Details"),e.createElement(sr,{className:n.activityList},e.createElement(Pt,{className:n.activityListItem},e.createElement(se,null,e.createElement(Br,null)),e.createElement(Q,{primary:e.createElement(Qt,{timestamp:p,description:m})})),e.createElement(Pt,{className:n.activityListItem},e.createElement(se,null,e.createElement(Lt,null)),e.createElement(Q,{primary:s}))),l&&e.createElement(E,{paddingTop:2},e.createElement(h,{gutterBottom:!0,variant:"subtitle2"},"What's changed"),e.createElement(E,{className:n.diffSummaryContainer},e.createElement(Kt,{policy:r})))),t.actions?e.createElement(mr,{className:n.actions},t.actions):null)}const Hl=C(t=>({icon:{color:t.palette.warning.main,width:"2rem",height:"2rem"},label:{align:"center",display:"block",marginBottom:t.spacing(1),color:t.palette.text.secondary,fontSize:t.typography.caption.fontSize},policiesContainer:{display:"flex",gap:t.spacing(4),marginTop:t.spacing(4),marginBottom:t.spacing(4)},button:{marginTop:t.spacing(4)}})),jl=({localPolicy:t,onSelectLocalPolicy:n,onSelectServerPolicy:r,serverPolicy:a})=>{const l=Hl();return e.createElement(me,{open:!0,maxWidth:"md"},e.createElement(te,null,e.createElement(E,{display:"flex",flexDirection:"column",gridGap:8},e.createElement(E,{display:"flex",justifyContent:"center"},e.createElement(Bt,{className:l.icon})),e.createElement(h,{align:"center",variant:"h6"},"There is a conflict with your drafts"),e.createElement(E,null,e.createElement(h,{align:"center"},"A newer version of the draft you are trying to edit has been recently saved."),e.createElement(h,{align:"center"},"Please review the changes and decide on a version to keep."))),e.createElement(E,{className:l.policiesContainer},e.createElement(E,{alignItems:"center",display:"flex",flexDirection:"column",flex:"1 1 0%"},e.createElement(h,{className:l.label,variant:"button"},"Your local draft"),e.createElement(Te,{policy:t,withChangeSummary:!0}),e.createElement(P,{className:l.button,color:"primary",onClick:n,variant:"outlined"},"Keep local draft")),e.createElement(E,{alignItems:"center",display:"flex",flexDirection:"column",flex:"1 1 0%"},e.createElement(h,{className:l.label,variant:"button"},"Recently saved draft"),e.createElement(Te,{policy:a,withChangeSummary:!0}),e.createElement(P,{className:l.button,color:"primary",onClick:r,variant:"outlined"},"Keep recently saved draft")))))},Ul=({serverPolicy:t,localPolicy:n})=>!n||!t?{policy:t,policyConflict:!1}:t.status!=="draft"?{policy:t,policyConflict:!1}:n.id!==t.id?{policy:t,policyConflict:!1}:n.updatedAt===t.updatedAt?{policy:n,policyConflict:!1}:{policy:n,policyConflict:!0},Vl=()=>Mt("@spotify/backstage-plugin-rbac:draftPolicy");function Zt(t){const n=new Blob([Gl(t)],{type:"text/yaml"});Mr(n,`${(t.name||"policy").toLocaleLowerCase().replace(/\W/g,"-")}.yaml`)}function Gl(t){const{name:n,roles:r,options:a,description:l}=t;return`# this is an autogenerated file, do not edit
+${Tr(Fr({name:n,description:l,options:a,roles:r.map(({permissions:o,...i})=>({...Ft(i,["id"]),permissions:o.map(c=>Ft(c,["id"]))}))},o=>o!==null||o!==void 0))}`}const _l=C(t=>({icon:{color:t.palette.warning.main,width:"2rem",height:"2rem"}})),Yl=({onConfirm:t,policy:n})=>{const r=_l(),a=()=>{Zt(n)};return e.createElement(me,{open:!0},e.createElement(te,null,e.createElement(E,{display:"flex",flexDirection:"column",gridGap:16},e.createElement(E,{display:"flex",flexDirection:"column",gridGap:4},e.createElement(E,{display:"flex",justifyContent:"center"},e.createElement(Bt,{className:r.icon})),e.createElement(h,{align:"center",variant:"h6"},"Invalid local draft")),e.createElement(E,{display:"flex",flexDirection:"column",gridGap:8},e.createElement(h,{align:"center"},"You have a local draft that is no longer compatible or has become corrupted."),e.createElement(h,{align:"center"},"Click export to download your draft. You can attempt to restore your draft by importing this file on the RBAC home page."),e.createElement(h,{align:"center"},"Clicking continue will discard your draft."," ",e.createElement(E,{component:"span",fontWeight:"fontWeightBold"},"This action cannot be undone."))),e.createElement(E,{display:"flex",justifyContent:"center",gridGap:8,marginY:3},e.createElement(P,{color:"primary",onClick:a,variant:"outlined"},"Export"),e.createElement(P,{color:"primary",onClick:t,variant:"contained"},"Discard and continue")))))};function ft(){const t=k(W),n=k(oe),r=ue(async(l,o,i)=>{if(l)return await t.publishPolicy(l.id,{description:o,update:i}),t.getPolicy(l.id)},[]),[{error:a}]=r;return G(()=>{a&&n.post({message:a.message,severity:"error"})},[a,n]),r}const Jl=C(t=>({closeButton:{color:t.palette.text.secondary},diffSummaryContainer:{backgroundColor:t.palette.background.default,marginBottom:t.spacing(2)}}));function yt({open:t,onPublish:n,onClose:r,policy:a}){const[l,o]=A(!1),i=Jl(),c=ae(null),m=async()=>{var s,p;o(!0),await n((p=(s=c.current)==null?void 0:s.value)!=null?p:""),o(!1)};return e.createElement(me,{open:t,onClose:r,fullWidth:!0},e.createElement(He,null,e.createElement(E,{display:"flex",justifyContent:"space-between",alignItems:"center"},"Ready to publish?",e.createElement(P,{startIcon:e.createElement(ct,null),onClick:r,className:i.closeButton},"Close")),e.createElement(h,null,"Double check your changes, then click Publish to activate this version of your policy. This will immediately apply the permissions defined in this version across Backstage.")),e.createElement(te,{className:i.diffSummaryContainer,dividers:!0},e.createElement(Kt,{policy:a})),e.createElement(te,null,e.createElement(ve,{variant:"outlined",fullWidth:!0,label:"Summary (optional)",placeholder:"Briefly describe this version (or changes from a previous version)",inputRef:c})),e.createElement(lt,null,e.createElement(P,{color:"primary",onClick:m,disabled:l},l?e.createElement(Tt,{size:20}):"Publish")))}const ql=C(t=>({paper:{padding:t.spacing(2,2,0,2)}})),gt=({isOpen:t,onClose:n,policy:r})=>{const a=ql();return e.createElement(me,{classes:{...a},open:t,onClose:n},e.createElement(He,{disableTypography:!0},e.createElement(E,{display:"flex",flexDirection:"row"},e.createElement(E,null,e.createElement(h,{variant:"h4",component:"h2"},"Success!"),e.createElement(h,null,r.name," has been published and is now your active policy.")),e.createElement(E,null,e.createElement(_,{onClick:n,title:"Close dialog"},e.createElement(ct,null))))),e.createElement(te,null,e.createElement(Te,{policy:r})),e.createElement(lt,null,e.createElement(E,{display:"flex",flexDirection:"row",flexGrow:1,justifyContent:"flex-start"},e.createElement(P,{component:Yn,color:"primary",onClick:n,role:"link",to:"/rbac"},"View all versions"))))},Kl={canPublish:!1,diff:null,hasChanges:!1,isValid:!1,policy:void 0,createNewRole:()=>"",discardLocalDraft:()=>{},exportPolicy:()=>{},publish:()=>{},saveLocalDraftToServer:()=>Promise.reject(),saveAndPublish:()=>Promise.reject(),refetchPolicy:()=>Promise.reject(),updateLocalDraft:()=>{}},en=Ie(Kl),Y=()=>Oe(en);function Xe({children:t,policyId:n}){const r=q(),a=k(oe),l=k(W),{getPolicy:o,setPolicy:i}=Qe(),c=nt(),{NotFoundErrorPage:m}=c.getComponents(),[s,p]=A({active:!1,update:!1}),[u,d]=A(!1),[{loading:x,value:y},f]=ft(),g=o(n),[N,S,O]=Vl(),U=!N||_e.safeParse(N).success,M=U?N:void 0,{policy:b,policyConflict:T}=Ul({serverPolicy:g,localPolicy:M}),v=Jt(b),R=_e.safeParse(b).success,L=R&&!M&&!x,[{loading:re,error:X},Ee]=ue(()=>l.getPolicy(n),[l,n],g?{loading:!1,value:g}:{loading:!0}),le=()=>{p({active:!0,update:!1})},Z=()=>{p({active:!0,update:!0})},K=$(async()=>{const V=await Ee();i(V)},[Ee,i]),Ln=$(async V=>{await f(b,V,s.update?b:void 0),p({active:!1,update:!1}),K==null||K()},[b,s,f,p,K]),Mn=async()=>{d(!1)},Fn=()=>{S(V=>V&&g&&{...V,updatedAt:g.updatedAt})},zn=$(async()=>{if(!b)throw new Error("No policy to save");try{await l.updateDraft(b.id,{name:b.name,roles:b.roles,options:b.options}),a.post({message:"Policy saved",severity:"success"}),O(),K==null||K()}catch(V){a.post({message:(V==null?void 0:V.message)||"An error occurred while updating the policy",severity:"error"})}},[a,l,b,K,O]),Wn=$(()=>{if(!b)throw new Error("No policy to create a new role");const V=new Set(b.roles.map(Vn=>Vn.id));let fe;do fe=pe().split("-")[0];while(V.has(fe));const Un={name:`Role ${fe}`,permissions:[],members:"*",id:fe};return S({...b,roles:[...b.roles,Un]}),fe},[b,S]),Hn=()=>{O(),r("/rbac")},jn=()=>{b&&Zt(b)};return G(()=>{g||K()},[K,g]),G(()=>{y&&d(!0)},[y]),U?b?e.createElement(en.Provider,{value:{canPublish:L,diff:v,hasChanges:!!M,isValid:R,policy:b,createNewRole:Wn,discardLocalDraft:O,exportPolicy:jn,publish:le,saveLocalDraftToServer:zn,refetchPolicy:K,updateLocalDraft:S,saveAndPublish:Z}},T&&M&&g&&e.createElement(jl,{localPolicy:M,onSelectLocalPolicy:Fn,onSelectServerPolicy:O,serverPolicy:g}),e.createElement(yt,{open:s.active,onClose:()=>p({active:!1,update:!1}),onPublish:Ln,policy:b}),y&&e.createElement(gt,{isOpen:u,onClose:Mn,policy:y}),t):re?e.createElement(ze,null):X?Al(X)?e.createElement(m,null):e.createElement(Dt,{error:X!=null?X:new Error("Unknown")}):null:e.createElement(Yl,{onConfirm:Hn,policy:N})}function Ql(t){throw new Error("Invalid state")}function ht(){const t=k(W),n=k(oe),r=q(),{fetchPolicies:a}=Pe();return ue(async l=>{if(!l)return;const{roles:o,name:i,options:c}=l;try{const m=await t.createDraft({roles:o,options:c,name:i});return await a(),r(`/rbac/versions/${m.id}`),m}catch(m){throw m instanceof Error&&n.post({message:m.message,severity:"error"}),m}},[r,t,n,a])}const Xl=[{title:"Name",field:"name",render:t=>e.createElement(ie,{to:`versions/${t.id}`},t.name)},{title:"Status",field:"status",render:t=>{switch(t.status){case"active":return"Active";case"draft":return"Draft";case"inactive":return"Inactive";default:return Ql(t.status)}}},{title:"Publish date",field:"lastPublishedAt",render:t=>t.lastPublishedAt?Je.fromISO(t.lastPublishedAt).toLocaleString(Je.DATETIME_MED_WITH_SECONDS):"",type:"datetime",defaultSort:"desc"},{title:"Published by",field:"lastPublishedBy"}];function Zl(t){const n=t.data.length>3,{fetchPolicies:r}=Pe(),[{loading:a},l]=ht(),[{loading:o,value:i},c]=ft(),[m,s]=A(void 0),[p,u]=A(!1),d=()=>{s(void 0),r()},x=(m==null?void 0:m.id)===(i==null?void 0:i.id)?i:void 0,y=[f=>{const{tableData:g,...N}=f;return{icon:zr,tooltip:"Republish",onClick:()=>{s(N),u(!0)},disabled:o}},f=>{const{tableData:g,...N}=f;return{icon:Wr,tooltip:"Duplicate",disabled:a||!t.canDuplicate,onClick:()=>l(N)}}];return e.createElement(e.Fragment,null,e.createElement(or,{title:"Previous Versions",columns:Xl,data:t.data,options:{paging:n,pageSize:3,pageSizeOptions:[3,5,10,20],actionsColumnIndex:-1,loadingType:"linear"},actions:y}),m&&e.createElement(yt,{open:p,onPublish:f=>{c(m,f),u(!1)},onClose:()=>{s(void 0),u(!1)},policy:m}),x&&e.createElement(gt,{isOpen:!0,policy:x,onClose:d}))}const ea=t=>{const[n,r]=A(!1),{fetchPolicies:a}=Pe(),[{loading:l,value:o},i]=ft(),{policy:c,hasChanges:m}=Y(),s=_e.safeParse(c).success,p=!m&&s,u=async x=>{await i(c,x),r(!1)},d=()=>{a()};return e.createElement(e.Fragment,null,e.createElement(P,{...t,onClick:()=>r(!0),disabled:!p||l},"Publish"),e.createElement(yt,{open:n,onClose:()=>r(!1),onPublish:u,policy:c}),o&&e.createElement(gt,{isOpen:!0,onClose:d,policy:o}))};function ta(t){const n=k(W),r=k(oe),{fetchPolicies:a}=Pe();return ue(async()=>{if(t)return n.deleteDraft(t.id).then(a).catch(l=>(r.post({message:l.message,severity:"error"}),Promise.reject(l)))},[t])}function na({policies:t}){const n=t.find(s=>s.status==="draft"),r=t.find(s=>s.status==="active"),[a,l]=ht(),[o,i]=ta(n),c=q(),m=ra(t);return e.createElement(I,{container:!0,spacing:4},r?e.createElement(I,{item:!0,xs:12,md:6},e.createElement(Te,{policy:r,to:`./versions/${r.id}`,actions:e.createElement(P,{color:"primary",disabled:a.loading||!!n,onClick:()=>l(r)},"Duplicate")})):null,n?e.createElement(I,{item:!0,xs:12,md:6},e.createElement(Te,{policy:n,to:`./versions/${n.id}`,actions:e.createElement(e.Fragment,null,e.createElement(P,{onClick:()=>c(`versions/${n.id}`),color:"primary"},"Edit"),e.createElement(P,{color:"primary",disabled:o.loading,onClick:i},"Delete Draft"),e.createElement(Xe,{policyId:n.id},e.createElement(ea,{color:"primary"})))})):null,e.createElement(I,{item:!0,xs:12},e.createElement(Zl,{data:m,canDuplicate:!n})))}function ra(t){return t.filter(({status:n})=>n==="inactive")}function la(){const{policies:t}=Qe(),{loading:n,error:r,fetchPolicies:a}=Pe();Nt(()=>{t||a()});let l;return n?l=e.createElement(I,{item:!0,xs:12},e.createElement(ze,null)):r?l=e.createElement(Dt,{error:r}):!t||t.length===0?l=e.createElement(Sl,null):l=e.createElement(na,{policies:t}),e.createElement(Ke,{pages:void 0,header:e.createElement(We,{title:"RBAC Policies"},e.createElement(Pl,null))},l)}const aa=C(t=>({titleWrapper:{display:"flex",alignItems:"center",gap:t.spacing(2)}}));function tn({children:t}){const n=aa();return e.createElement(h,{noWrap:!0,variant:"h4",component:"h2",color:"textSecondary",className:n.titleWrapper},t)}const oa=e.forwardRef(function({children:t,role:n,...r},a){const l=B(()=>{const c=[];return wt.forEach(t,m=>{if(Le(m)){const s=m.props.children[0];Le(s)&&c.push(s);const p=m.props.children[1];if(Le(p)){const u=wt.toArray(p.props.children).filter(Le);c.push(...u)}}}),c},[t]),o=l.length,i=54;return e.createElement("div",{ref:a},e.createElement("ul",{...r},e.createElement(_r,{height:250,width:250,rowHeight:i,overscanCount:5,rowCount:o,rowRenderer:c=>e.cloneElement(l[c.index],{style:{...c.style,whiteSpace:"nowrap"}}),role:n})))}),ia=C({autocomplete:{display:"flex",flex:1}});function ca({members:t,options:n,namespaceOptions:r,loading:a=!1,disabled:l=!1,isMultiNamespaces:o=!1,onTextChange:i,onToggleMember:c,onChange:m}){const[s,p]=A(!1),u=ia(),[d,x]=Gn(g=>g+1,0),y=(g,N)=>{N&&(c(N),x())};G(()=>{s&&i("")},[s,i]);const f=o?r.concat((n==null?void 0:n.members)||[]):(n==null?void 0:n.members)||[];return e.createElement(E,{width:250},e.createElement(st,{key:`${d}`,open:s,onOpen:()=>{p(!0)},onClose:()=>{p(!1)},onChange:y,getOptionLabel:Se,groupBy:sa,ListboxComponent:oa,renderOption:g=>e.createElement(e.Fragment,null,e.createElement(be,{id:`checkbox-${g.entityRef}`,checked:t.includes(g.entityRef),color:"primary"}),e.createElement("label",{htmlFor:`checkbox-${g.entityRef}`},o?Se(g,!1):Se(g))),options:f,openOnFocus:!0,disabled:l,loading:a,className:u.autocomplete,renderInput:g=>e.createElement(ve,{...g,label:o?"Select members":"Select specific users/groups",variant:"standard",onChange:m,InputProps:{...g.InputProps,endAdornment:e.createElement(e.Fragment,null,a?e.createElement(Tt,{color:"inherit",size:20}):null,g.InputProps.endAdornment)}})}))}function Se(t,n=!0){var r;const a=ne(t.entityRef);return a.name==="*"?a.namespace:jr({...a,name:(r=t.name)!=null?r:a.name},{defaultKind:a.kind,defaultNamespace:n?Hr:!1})}const nn={user:"USERS",group:"GROUPS",namespace:"NAMESPACES"};function sa(t){const{name:n,kind:r}=ne(t.entityRef),a=n==="*"?"namespace":r;if(!nn[a])throw new Error(`Group '${a}' is not supported for members in a policy`);return nn[a]}function rn(t,n){switch(n){case"small":return t.typography.caption;case"medium":return t.typography.body1;case"large":return t.typography.subtitle1;default:return t.typography.caption}}function ln(t){switch(t){case"small":return .2;case"medium":return .3;case"large":return 1;default:return .8}}const ma=C(t=>({root:{display:"inline-flex",fontWeight:"bold",borderRadius:"1000px",margin:t.spacing(1),padding:t.spacing(0,1)},message:({size:n})=>({fontSize:rn(t,n).fontSize,font:rn(t,n).font,verticalAlign:"middle",padding:t.spacing(ln(n),0,ln(n),0)})}),{name:"MuiAlert"});function an(t){var n;const r=ma({size:t.size||"small"});return e.createElement(zt,{classes:{root:r.root,message:r.message},role:"textbox",severity:t.severity,icon:(n=t.icon)!=null?n:!1,variant:t.outlined?"outlined":"standard",title:t.text},t.text)}const Ae=t=>{const n=Ll(t.operation);return!t.operation||t.operation==="UNCHANGED"?null:e.createElement(an,{size:t.size,text:n,severity:Bl(t.operation),outlined:!0})},da=C(t=>({actionCol:{width:48},typeIconCol:{paddingRight:"0.4rem"},nameCol:{paddingLeft:0},typeIcon:{color:t.palette.grey[500]}}));function ua({diff:t,loading:n,isMultiNamespaces:r,members:a,error:l,onToggleMember:o,readonly:i=!1}){const c=da();if(n)return e.createElement(H,null,e.createElement(w,{scope:"row",colSpan:i?4:5},e.createElement(ze,null)));if(l&&l.message!=null,a==="*")return e.createElement(H,null,e.createElement(w,{colSpan:2,height:80},"All"),e.createElement(w,{colSpan:i?2:3},e.createElement(Ae,{operation:t==null?void 0:t.members["*"].operation})));if(a.length===0)return e.createElement(H,null,e.createElement(w,{scope:"row",colSpan:i?4:5},"Select users or groups using the drop-down menu above."));const m=a.sort((s,p)=>{let u=0;r&&p.name==="*"&&s.name!=="*"?u=1:r&&s.name==="*"&&p.name!=="*"&&(u=-1);const d=s.type.localeCompare(p.type),x=ne(s.entityRef).namespace.localeCompare(ne(p.entityRef).namespace),y=ne(s.entityRef).name.localeCompare(ne(p.entityRef).name);return u||d||x||y});return e.createElement(e.Fragment,null,m.map(s=>{var p;const{name:u,type:d,entityRef:x}=s;return e.createElement(H,{key:x},e.createElement(w,{className:c.typeIconCol},d==="group"&&e.createElement(Yr,{className:c.typeIcon})||r&&u==="*"&&e.createElement(Jr,{className:c.typeIcon})||e.createElement(Lt,{className:c.typeIcon})),e.createElement(w,{scope:"row",className:c.nameCol},(p=r?Se(s,!1):Se(s))!=null?p:"Unknown"),e.createElement(w,{scope:"row"},u==="*"&&r?"namespace":d),e.createElement(w,null,u&&e.createElement(Ae,{operation:t==null?void 0:t.members[x].operation})),!i&&e.createElement(w,{scope:"row",className:c.actionCol},e.createElement(_,{"aria-label":"delete",onClick:()=>o(s),size:"small"},e.createElement(De,null))))}))}const on=Ie({loading:!1}),pa=({children:t})=>{const n=k(W),r=ye(async()=>await n.searchMembers({query:""}),[n]);return e.createElement(on.Provider,{value:r},t)},Ea=()=>Oe(on),fa=C(()=>({header:{display:"flex",flexDirection:"row",justifyContent:"space-between",paddingLeft:"1rem",paddingRight:"1rem",gap:"1rem"},actionCol:{width:48},typeIconCol:{paddingRight:"0.4rem"},nameCol:{paddingLeft:0}}));function ya({diff:t,policyId:n,role:r,onToggleMember:a,readonly:l=!1,debounceTime:o=1e3}){const i=k(W),c=k(Ur),m=fa(),s=r.members==="*",[p,u]=A(""),{current:d}=ae({}),x=v=>{d[v.entityRef]=v,a(v.entityRef)},y=v=>{var R;if(d[v])return d[v];const L=ne(v);return{entityRef:v,type:L.kind.toLowerCase(),name:(R=L.name)!=null?R:v}},{value:f,loading:g}=Ea(),{loading:N,value:S}=ye(async()=>{const v=await c.getEntityFacets({facets:["metadata.namespace"]}).then(R=>R.facets["metadata.namespace"].map(L=>L.value));return ga(v)},[c]),O=S?(S==null?void 0:S.length)>1:!1,U=S?S.filter(v=>v.entityRef.toLowerCase().includes(p)):[],M=B(()=>dr(v=>{u(v.target.value.toLowerCase())},o),[u,o]),{loading:b,error:T}=ye(async()=>{r.members==="*"||r.members.length===0||(await i.getPolicy(n)).roles.find(v=>v.id===r.id)===void 0||r.members.forEach(v=>{const R=y(v);d[R.entityRef]=R})},[n,s]);return e.createElement(e.Fragment,null,e.createElement("div",{className:m.header},e.createElement("h2",null,"Members"),e.createElement(ca,{onToggleMember:x,members:r.members,disabled:l,options:f,namespaceOptions:U,isMultiNamespaces:O,loading:g||N,onTextChange:u,onChange:M})),e.createElement(je,null,e.createElement(Ue,null,e.createElement(H,null,e.createElement(w,{className:m.typeIconCol}),e.createElement(w,{className:m.nameCol},"Name"),e.createElement(w,null,"Type"),e.createElement(w,null),!l&&e.createElement(w,{className:m.actionCol}))),e.createElement(Ve,null,e.createElement(ua,{diff:t,loading:b||N,isMultiNamespaces:O,error:T,members:Array.isArray(r.members)?r.members.map(y):r.members,onToggleMember:x,readonly:l}))))}function ga(t){return t.map(n=>({name:"*",type:"user",entityRef:`user:${n}/*`})).sort((n,r)=>n.entityRef.toLowerCase().localeCompare(r.entityRef.toLowerCase()))}function cn(t){return`${t.palette.primary.main}50`}const ha=C(t=>({indicator:{right:"unset"},tab:{maxWidth:"none","&.Mui-selected":{backgroundColor:cn(t),color:t.palette.primary.main}}}));function va({options:t,selected:n,onChange:r,readonly:a=!1}){const l=ha();return e.createElement(ur,{orientation:"vertical",value:t.map(({id:o})=>o).indexOf(n),onChange:(o,i)=>r(t[i].id),indicatorColor:"primary",TabIndicatorProps:{className:l.indicator}},t.map(o=>e.createElement(pr,{key:o.id,label:o.displayText.toUpperCase(),className:l.tab,disabled:a})))}const ba=["condition","anyOf","allOf","not"],sn={condition:"Condition",anyOf:"Any of",allOf:"All of",not:"Not"};function vt(t){return t===null?!1:t.hasOwnProperty("id")&&t.hasOwnProperty("ruleName")&&t.hasOwnProperty("parameters")}function Re(t){return t.hasOwnProperty("levelType")}function Ca(t){return t==="anyOf"||t==="allOf"||t==="not"}function xa(t){return t?{id:t.id,match:wa(t),decisionType:Da(t),criteria:Ye(t.decision)?$e(t.decision.conditions):null}:{id:pe(),match:{method:"specificPermission"},decisionType:"allow",criteria:null}}function wa(t){var n;return t.match==="*"?{method:"all"}:t.match.name?{method:"specificPermission",name:t.match.name}:t.match.resourceType||(n=t.match.actions)!=null&&n.length?{method:"filter",resourceType:t.match.resourceType,actions:t.match.actions}:{method:"specificPermission"}}function Da(t){return typeof t.decision=="string"?t.decision:"conditional"}function $e(t){const n=pe();return Sr(t)?{id:n,levelType:"allOf",children:t.allOf.map(r=>$e(r))}:Ar(t)?{id:n,levelType:"anyOf",children:t.anyOf.map(r=>$e(r))}:Rr(t)?{id:n,levelType:"not",children:[$e(t.not)]}:{id:n,ruleName:t.rule,parameters:t.params}}function mn(t,n){if(!t)return!1;if(Re(t))return t.children.length>0&&t.children.every(a=>mn(a,n));if(!t.ruleName)return!1;const r=n==null?void 0:n.find(({name:a})=>a===t.ruleName);return r?r.paramsSchema?new Ht({allErrors:!0}).compile(r.paramsSchema)(t.parameters):!0:!1}function Na(t,n,r){return{id:t,match:dn(n,r),decision:r}}function dn({method:t,...n},r){return t==="all"?"*":r&&Ye(r)?{resourceType:r.resourceType,...n}:n}function bt(t){return vt(t)?{rule:t.ruleName,params:t.parameters}:t.levelType==="not"?{not:bt(t.children[0])}:{[t.levelType]:t.children.map(n=>bt(n))}}const Pa=C(t=>({toggleButton:{"&.Mui-selected":{backgroundColor:cn(t),color:t.palette.primary.main},"&.Mui-selected:hover":{backgroundColor:"#97BBE8"},color:t.palette.primary.main,border:`1px solid ${t.palette.primary.main}`}}));function Ct({className:t,...n}){const r=Pa();return e.createElement(Vr,{className:`${r.toggleButton} ${t}`,...n})}const Ta=C({fullWidth:{width:"100%","& > *":{flexGrow:1}}});function Sa({className:t,fullWidth:n,...r}){const a=Ta();return e.createElement(Gr,{className:`${n?a.fullWidth:""} ${t}`,...r})}function Aa(t,n){const r=(t!=null?t:[]).filter(o=>$r(o,dn(n))),a=qr(r,o=>rt(o)?o.resourceType:void 0),l=a.length===1&&rt(a[0])?a[0].resourceType:void 0;return{permissions:r,commonResourceType:l}}const Ra=C(()=>({fullWidth:{width:"100%","& > *":{flexGrow:1}}})),un="Permission name";function $a({name:t="",readonly:n,onNameChange:r}){const a=Ra(),{permissions:l}=Ne();return e.createElement(Ce,{className:a.fullWidth,variant:"outlined",disabled:n},e.createElement(de,{id:"match-by-name-dropdown"},un),e.createElement(xe,{labelId:"match-by-name-dropdown",label:un,value:l?t:"",onChange:o=>r==null?void 0:r(o.target.value)},l==null?void 0:l.map(o=>e.createElement(j,{key:o.name,value:o.name},o.name))))}const ka=C(()=>({fullWidth:{width:"100%","& > *":{flexGrow:1}}})),pn="Resource type";function Ia({resourceType:t="",readonly:n,onResourceTypeChange:r}){const a=ka(),l=Gt();return e.createElement(Ce,{className:a.fullWidth,variant:"outlined",disabled:n},e.createElement(de,{id:"match-by-resource-dropdown"},pn),e.createElement(xe,{labelId:"match-by-resource-dropdown",label:pn,value:l?t:"",onChange:o=>r==null?void 0:r(o.target.value),displayEmpty:!0},l==null?void 0:l.map(o=>e.createElement(j,{key:o,value:o},o))))}const Oa="Action";function Ba({actions:t,readonly:n,onActionsChange:r}){return e.createElement(st,{multiple:!0,id:"match-by-attribute-dropdown",options:["create","read","update","delete"],getOptionLabel:a=>a,value:t!=null?t:[],onChange:(a,l)=>r==null?void 0:r(l),filterSelectedOptions:!0,renderInput:a=>e.createElement(ve,{...a,variant:"outlined",label:Oa,placeholder:"Choose attributes",margin:"normal"}),disabled:n})}const La=C(()=>({root:{fontFamily:"monospace"}})),En=({children:t})=>{const n=La();return e.createElement(h,{variant:"body2",className:n.root},t)},Ma=C(t=>({rule:{color:t.palette.type==="light"?"#EB0014":"#FF8F9C"},parameters:{color:t.palette.type==="light"?"#E22134":"#EE96A0"}}));function fn({condition:t}){const n=Ma();return e.createElement(En,null,e.createElement(E,{component:"span",className:n.rule},t.ruleName,"(",e.createElement(E,{component:"span",className:n.parameters},JSON.stringify(t.parameters,null,1)),")"))}const Fa=({children:t})=>e.createElement(E,{pl:2},t);function yn({level:t}){return e.createElement(e.Fragment,null,e.createElement(En,null,sn[t.levelType]),e.createElement(Fa,null,t.children.map((n,r)=>Re(n)?e.createElement(yn,{key:r,level:n}):e.createElement(fn,{key:r,condition:n}))))}const za=C(t=>({resultsBox:{border:`1px solid ${t.palette.border}`,borderRadius:t.shape.borderRadius,padding:t.spacing(2)}}));function Wa({permissionCriteria:t}){const n=za();return e.createElement(E,{className:n.resultsBox},vt(t)&&e.createElement(fn,{condition:t}),Re(t)&&e.createElement(yn,{level:t}))}const Ha=C(t=>({conditionResultText:{color:t.palette.success.main},conditionDecisionText:{padding:`0 0 ${t.spacing(3)}px`}}));function gn({permissionCriteria:t}){const n=Ha();return e.createElement("div",null,e.createElement(h,{component:"p",variant:"body1",className:n.conditionDecisionText},"If the below conditions are met then the action is"," ",e.createElement("strong",{className:n.conditionResultText},"allowed.")),e.createElement(Wa,{permissionCriteria:t}))}const ja=C(()=>({addButton:{paddingLeft:40,paddingRight:40}}));function hn({onSelect:t}){const n=ja(),r=ae(null),[a,l]=A(!1),o=()=>{l(i=>!i)};return e.createElement("div",null,e.createElement(P,{className:n.addButton,variant:"outlined",color:"primary",onClick:o,ref:r},"Add"),e.createElement(St,{anchorEl:r.current,open:a,onClose:o,BackdropProps:{}},ba.map(i=>e.createElement(j,{key:i,onClick:()=>{t==null||t(i),l(!1)}},sn[i]))))}const Ua=C(t=>({editor:{"--jse-main-border":`1px solid ${t.palette.divider}`,"--jse-panel-border":`1px solid ${t.palette.divider}`,"--jse-message-error-background":t.palette.error.main,"--jse-message-warning-background":t.palette.warning.main,"--jse-background-color":t.palette.background.default,"--jse-panel-background":t.palette.background.default,"--jse-delimiter-color":t.palette.type==="light"?"rgba(0, 0, 0, 0.38)":"rgba(255, 255, 255, 0.38)","--jse-error-color":t.palette.text.primary,"--jse-key-color":t.palette.text.primary,"--jse-value-color":t.palette.text.primary,"--jse-text-color":t.palette.text.primary,"--jse-panel-color-readonly":t.palette.text.hint,"--jse-value-color-string":t.palette.status.ok,"--jse-value-color-null":t.palette.status.warning,"--jse-value-color-number":t.palette.status.error,"--jse-value-color-boolean":t.palette.status.running,"--jse-font-family":"inherit"}})),Va=t=>"parseError"in t,Ga=t=>{var n;return t?Va(t)?!!t.parseError:((n=t==null?void 0:t.validationErrors)==null?void 0:n.length)>0:!1};function _a({onChange:t,schema:n,value:r}){const a=ae(null),l=ae(),o=Ua();return G(()=>(a.current&&!l.current&&(l.current=new Kr({target:a.current,props:{onChange:(i,c,{contentErrors:m})=>{!Ga(m)&&Qr(i)&&t(JSON.parse(i.text))},validator:Xr({schema:n}),content:{json:{}},mainMenuBar:!1,mode:Zr.text}})),()=>{var i;(i=l.current)==null||i.destroy(),l.current=void 0}),[t,n]),Nt(()=>{var i;(i=l.current)==null||i.updateProps({content:{json:r}})}),e.createElement("div",{ref:a,className:o.editor,style:{height:300}})}const Ya=[];function Ja(t){const{onChange:n,schema:r,name:a}=t,{description:l,items:o}=r,[i,c]=e.useState(!1),m=Array.isArray(t.value)?t.value:Ya,s=m.includes(we),p=(g,N)=>{if(!Array.isArray(N)){const S=[...m];S[g]=N||"",n(S)}},u=$(()=>{n([...m,""])},[n,m]),d=g=>{n(m.filter((N,S)=>S!==g))},x=()=>{n(s?[]:[we])},y=()=>{s&&c(!0)},f=()=>{c(!1)};return G(()=>{m.length?s&&m.length>1&&n([we]):u()},[u,n,m,s]),!o||!("type"in o)?null:e.createElement(e.Fragment,null,(m!=null?m:[]).map((g,N,{length:S})=>e.createElement(bn,{allowEmptyStrings:!0,key:N,onChange:O=>p(N,O),name:N===0?a:"",schema:{description:N===S-1?l:"",type:o.type},value:g,controls:e.createElement(_,{size:"small",onClick:()=>d(N)},e.createElement(el,null))})),!!(m!=null&&m.length)&&e.createElement(E,{alignItems:"center",display:"flex",flexDirection:"row",justifyContent:"space-between"},e.createElement(E,null,e.createElement(At,{control:e.createElement(be,{checked:s,onChange:x,name:"checkedB",color:"primary"}),label:"Use the claims from the logged in users token"})),e.createElement(E,null,e.createElement(he,{onClose:f,onOpen:y,open:i,title:"To add additional entries you must uncheck using the claims from the logged in user."},e.createElement("span",null,e.createElement(_,{disabled:s,size:"small",onClick:u},e.createElement(mt,null)))))))}function qa(t){const{onChange:n,schema:r,name:a,value:l}=t,{description:o}=r;return e.createElement(E,{mb:1},e.createElement(At,{control:e.createElement(be,{checked:l===!0,onChange:i=>{n(i.target.checked)},name:a,color:"primary"}),label:a}),o&&e.createElement(h,{display:"block",variant:"caption",color:"textSecondary"},o))}function Ka({allowEmptyStrings:t,controls:n,name:r,onChange:a,schema:l,value:o}){const i=c=>{a(Xa({value:c.currentTarget.value,type:l.type}))};return e.createElement(E,{mb:1},e.createElement(E,{display:"flex",gridGap:6},e.createElement(ve,{fullWidth:!0,id:r,label:r,placeholder:"Enter",variant:"outlined",size:"small",value:Qa(o,t),onChange:xt(o,t)?void 0:i,disabled:xt(o,t)}),n&&e.createElement(E,{alignSelf:"center"},n)),l.description&&e.createElement(h,{variant:"caption",color:"textSecondary"},l.description,xt(o)&&!t&&e.createElement(e.Fragment,null," (switch to JSON editor to edit)")))}function xt(t,n=!1){return!n&&t===""||t===null||t===we}function Qa(t,n=!1){return!n&&t===""?"[empty string]":t===null?"[null]":t===we?"[BackstageUserClaims]":t||""}function Xa({value:t,type:n}){switch(n){case"string":return t===""?void 0:t;case"number":case"integer":return Number.isNaN(Number(t))?void 0:Number(t);case"null":return t==="null"?null:void 0;default:return}}function vn(t){return!!t&&"type"in t&&(t.type==="array"||t.type==="boolean"||t.type==="null"||t.type==="number"||t.type==="integer"||t.type==="string")}function Za(t){return"type"in t&&t.type==="array"}function eo(t){return"type"in t&&t.type==="boolean"}function bn({schema:t,...n}){return vn(t)?Za(t)?e.createElement(Ja,{...n,schema:t}):eo(t)?e.createElement(qa,{...n,schema:t}):e.createElement(Ka,{...n,schema:t}):null}const to=new Ht({allErrors:!0});function no({onChange:t,schema:n,value:r}){var a;const l=B(()=>to.compile(n),[n]),o=B(()=>l(r),[l,r]),i=Object.entries(n.properties),c=m=>s=>{t({...r,[m]:s})};return e.createElement(e.Fragment,null,i.map(([m,s])=>{var p;return e.createElement(bn,{isRequired:((p=n.required)==null?void 0:p.includes(m))||!1,key:m,name:m,onChange:c(m),schema:s,value:r==null?void 0:r[m]})}),e.createElement(Rt,{error:!o},(a=l.errors)==null?void 0:a[0].message))}const ro=t=>!!t&&"properties"in t;function lo({onChange:t,rule:n,value:r}){const[a,l]=A(!1),{paramsSchema:o}=n!=null?n:{},i=()=>l(p=>!p);if(!ro(o))return null;const c=!ao(o),m=c||a,s=e.createElement(P,{size:"small",onClick:i,disabled:c},m?"Close editor":"Edit as JSON");return e.createElement(E,{marginTop:2},e.createElement("form",null,m?e.createElement(_a,{onChange:t,schema:o,value:r}):e.createElement(e.Fragment,null,e.createElement(E,{marginBottom:2},e.createElement(de,null,"Parameters")),e.createElement(no,{onChange:t,schema:o,value:r}))),e.createElement(E,{display:"flex",flexDirection:"column",alignItems:"flex-end",marginTop:1},c?e.createElement(he,{title:"Only JSON editing is supported for this parameter",arrow:!0},e.createElement("span",null,s)):s))}function ao(t){return Object.values(t.properties).every(vn)}const oo=C(t=>({conditionCard:{minWidth:t.spacing(63)},conditionCardBar:{height:t.spacing(1),backgroundImage:"linear-gradient(90deg, #007DFF 0%, #0057B2 100%)"},autocomplete:{flex:1}}));function Cn({ruleName:t,parameters:n,resourceType:r,onChange:a,onDelete:l}){var o;const i=oo(),c=Vt(),m=(o=c==null?void 0:c.filter(d=>d.resourceType===r))!=null?o:[],s=m.find(d=>d.name===t),p=d=>{a(d,{})},u=$(d=>{a(t,d)},[a,t]);return e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(ee,{className:i.conditionCard},e.createElement("div",{className:i.conditionCardBar}),e.createElement(ge,null,e.createElement(E,null,e.createElement(E,null,e.createElement(st,{className:i.autocomplete,"data-testid":"rule-select",getOptionLabel:d=>d.name,getOptionSelected:(d,x)=>d.name===x.name,options:m,onChange:(d,x)=>p(x?x.name:null),renderInput:d=>e.createElement(e.Fragment,null,e.createElement(E,{marginBottom:2},e.createElement(de,null,"Rule")),e.createElement(ve,{...d,placeholder:"Select",variant:"outlined",size:"small",name:"rule"})),renderOption:d=>e.createElement(E,null,e.createElement(h,{variant:"body2"},d.name),e.createElement(h,{noWrap:!0,variant:"caption"},d.description)),value:s||null,PopperComponent:d=>e.createElement(Er,{...d,style:{width:"auto"},placement:"bottom-start"})})),e.createElement(E,{flex:"1"},e.createElement(E,{display:"flex",flexDirection:"column"},e.createElement(lo,{rule:s,onChange:u,value:n})))))),e.createElement(E,{ml:1},e.createElement(_,{"aria-label":"delete",onClick:l,size:"small"},e.createElement(De,null))))}function Ze(){return{id:pe(),ruleName:null,parameters:{}}}const io=C(t=>({conditionTypeFormControl:{minWidth:80,marginLeft:t.spacing(1)}}));function co({level:t,onSelect:n}){const r=io(),a=t.children.length>1;return e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(Ce,{className:r.conditionTypeFormControl},e.createElement(xe,{value:t.levelType,onChange:l=>n==null?void 0:n(l.target.value)},e.createElement(j,{key:"anyOf",value:"anyOf"},"Any of"),e.createElement(j,{key:"allOf",value:"allOf"},"All of"),e.createElement(j,{key:"not",value:"not",disabled:a},"Not"))),e.createElement(E,{ml:1},e.createElement(_,{"aria-label":"delete",onClick:()=>n==null?void 0:n(null),size:"small"},e.createElement(De,null))))}const so=C(t=>({treeVerticalSpacer:{width:t.spacing(2),borderLeft:`1px solid ${t.palette.status.aborted}`},treeHorizontalSpacer:{height:t.spacing(3),borderLeft:`1px solid ${t.palette.status.aborted}`},treeVerticalBranchHalf:{position:"absolute",height:"50%",borderLeft:`1px solid ${t.palette.status.aborted}`,alignSelf:"flex-start"},treeVerticalBranchFull:{borderLeft:`1px solid ${t.palette.status.aborted}`,alignSelf:"stretch"},treeHorizontalBranch:{width:t.spacing(2),borderTop:`1px solid ${t.palette.status.aborted}`}}));function xn({level:t,resourceType:n,onChange:r,parentConditionType:a,isRoot:l=!1}){const o=so(),i=$((y,f)=>{const g=[...t.children];return g.splice(y,1,f),g},[t]),c=$(y=>{r({...t,children:y})},[r,t]),m=$(y=>{y===null?r(null):y==="not"&&t.children.length>1?r({...t,levelType:y,children:t.children.slice(0,1)}):r({...t,levelType:y})},[r,t]),s=$((y,f)=>{c(y===null?wn(t.children,f):i(f,y))},[t,c,i]),p=y=>{const f=pe();y==="condition"?c([...t.children,Ze()]):y==="not"?c([...t.children,{id:f,levelType:y,children:[]}]):Ca(y)&&c([...t.children,{id:f,levelType:y,children:[Ze()]}])},u=y=>{c(wn(t.children,y))},d=B(()=>t.children.map((y,f)=>(g,N)=>{c(i(f,{...y,ruleName:g,parameters:N}))}),[t.children,c,i]),x=B(()=>t.children.map((y,f)=>g=>s(g,f)),[t.children,s]);return e.createElement("div",null,!l&&e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(E,{display:"flex",alignItems:"center",position:"relative"},!l&&e.createElement(e.Fragment,null,e.createElement("div",{className:a==="not"?o.treeVerticalBranchHalf:o.treeVerticalBranchFull}),e.createElement("div",{className:o.treeHorizontalBranch})),e.createElement(co,{level:t,onSelect:m})),e.createElement(E,{display:"flex"},l||a==="not"?e.createElement(E,{pl:2}):e.createElement("div",{className:o.treeVerticalSpacer}),!l&&e.createElement(E,{pl:2}),e.createElement("div",null,t.children.map((y,f)=>Re(y)?e.createElement(E,{key:y.id},e.createElement(xn,{level:y,resourceType:n,parentConditionType:t.levelType,onChange:x[f]})):e.createElement(Be,{key:y.id},e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(E,{display:"flex",alignItems:"center",position:"relative"},e.createElement("div",{className:t.levelType==="not"?o.treeVerticalBranchHalf:o.treeVerticalBranchFull}),e.createElement("div",{className:o.treeHorizontalBranch}),e.createElement(Cn,{ruleName:y.ruleName,parameters:y.parameters,resourceType:n,onChange:d[f],onDelete:()=>u(f)})))),!(t.levelType==="not"&&t.children.length>=1)&&e.createElement(e.Fragment,null,e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(E,{display:"flex",alignItems:"center",position:"relative"},e.createElement("div",{className:o.treeVerticalBranchHalf}),e.createElement("div",{className:o.treeHorizontalBranch}),e.createElement(hn,{onSelect:p}))))))}function wn(t,n){const r=[...t];return r.splice(n,1),r}const mo=C(t=>({paper:{backgroundColor:t.palette.background.default,padding:t.spacing(3),marginBottom:t.spacing(3),minHeight:t.spacing(48)}}));function uo({permissionCriteria:t,resourceType:n,onUpdate:r,readonly:a=!1}){const l=mo(),o=$(p=>{r(u=>({...u,...p}))},[r]),i=$(p=>{const u=pe();o(p==="condition"?Ze():p==="not"?{id:u,levelType:p,children:[]}:{id:u,levelType:p,children:[Ze()]})},[o]),c=$((p,u)=>{r(d=>({...d,ruleName:p,parameters:u}))},[r]),m=$(()=>{r(null)},[r]);let s;return a?s=e.createElement(gn,{permissionCriteria:t}):t===null?s=e.createElement(hn,{onSelect:i}):vt(t)?s=e.createElement(Cn,{ruleName:t.ruleName,parameters:t.parameters,resourceType:n,onChange:c,onDelete:m}):Re(t)&&(s=e.createElement(xn,{level:t,resourceType:n,onChange:r,isRoot:!0})),e.createElement(at,{variant:"outlined",className:l.paper},s)}const po=C(t=>({dialogTitle:{display:"flex",alignItems:"center",justifyContent:"space-between"},fullWidth:{width:"100%","& > *":{flexGrow:1}},infoIcon:{position:"absolute",right:t.spacing(3)},content:{padding:t.spacing(7)},saveButton:{paddingLeft:t.spacing(5),paddingRight:t.spacing(5)},contentContainerConditional:{display:"flex",gap:t.spacing(5),maxWidth:1480}})),Eo={specificPermission:"Choose a specific permission",filter:"Filter by permission properties",all:"Match all permissions"},Dn="Choose the name of a resource permission or filter by resource type to set a conditional decision.";function fo({rolePermission:t,readonly:n=!1,onClose:r,onSave:a}){const l=po(),{permissions:o}=Ne(),i=Vt(),c=bl(),m=xa(t),[s,p]=A(m.match),[u,d]=A(m.decisionType),[x,y]=A(m.criteria),f=B(()=>Aa(o,s),[o,s]),g=u==="conditional",N=g?"xl":"sm";G(()=>{g&&o&&!f.commonResourceType&&d("allow")},[g,o,f.commonResourceType,d]);const S=T=>{T!==null&&d(T)},O=B(()=>s.method==="specificPermission"&&!s.name||s.method==="filter"&&!s.resourceType&&!s.actions,[s]),U=B(()=>f.permissions.length===0?!1:!O,[f,O]),M=B(()=>u!=="conditional"?!0:!(!f.commonResourceType||!(c!=null&&c[f.commonResourceType].pluginId)||!mn(x,i)),[u,f,c,x,i]),b=()=>{a==null||a(Na(m.id,s,u==="conditional"?{resourceType:f.commonResourceType,pluginId:c[f.commonResourceType].pluginId,conditions:bt(x)}:u))};return e.createElement(me,{open:!0,maxWidth:N,onClose:r,fullWidth:!0},e.createElement(He,{disableTypography:!0,className:l.dialogTitle},e.createElement(h,{variant:"h4",component:"h2"},"New Permission Decision"),e.createElement(P,{startIcon:e.createElement(ct,null),onClick:r},"Close")),e.createElement(te,{dividers:!0,className:l.content},e.createElement(E,{className:g?l.contentContainerConditional:void 0},e.createElement(E,{mb:5,flex:1},e.createElement(va,{options:Object.entries(Eo).map(([T,v])=>({id:T,displayText:v})),selected:s.method,onChange:T=>p({method:T}),readonly:n})),e.createElement(E,{mb:5,height:189,flex:1},s.method==="specificPermission"&&e.createElement($a,{name:s.name,readonly:n,onNameChange:T=>p({...s,name:T})}),s.method==="filter"&&e.createElement(e.Fragment,null,e.createElement(Ia,{resourceType:s.resourceType,readonly:n,onResourceTypeChange:T=>p({...s,resourceType:T})}),e.createElement(Ba,{actions:s.actions,readonly:n,onActionsChange:T=>p({...s,actions:T.length?T:void 0})}),O?null:e.createElement(e.Fragment,null,e.createElement(E,{marginY:2},e.createElement(ot,{variant:"middle"})),e.createElement(Rt,null,`Matched ${f.permissions.length} ${f.permissions.length===1?"permission":"permissions"}`)))),e.createElement(E,{mb:5,flex:1},e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(Sa,{value:u,exclusive:!0,fullWidth:!0,"aria-label":"Decision result",onChange:(T,v)=>S(v)},e.createElement(Ct,{value:"allow","aria-label":"Decision allowed",disabled:n},"Allow"),e.createElement(Ct,{value:"deny","aria-label":"Decision denied",disabled:n},"Deny"),e.createElement(Ct,{value:"conditional","aria-label":"Decision conditionally allowed",disabled:!f.commonResourceType||n},"Conditional")),!g&&!n&&e.createElement(he,{title:Dn},e.createElement(Wt,{className:l.infoIcon,color:"primary","aria-label":Dn}))))),u==="conditional"&&!!f.commonResourceType&&e.createElement(uo,{permissionCriteria:x,resourceType:f.commonResourceType,onUpdate:y,readonly:n}),!n&&e.createElement(E,{display:"flex",justifyContent:"flex-end"},e.createElement(P,{variant:"contained",color:"primary",className:l.saveButton,onClick:b,disabled:!U||!M},"Save"))))}const yo=C(t=>({container:{display:"flex",position:"relative",alignItems:"center",gap:t.spacing(1),flexShrink:1,maxWidth:"100%",minWidth:0},input:({invalid:n})=>({boxSizing:"content-box",display:"block",maxWidth:"100%",padding:0,borderWidth:2,borderStyle:"solid",borderColor:n?t.palette.error.main:"transparent",borderRadius:t.shape.borderRadius,backgroundColor:"transparent",color:t.palette.textContrast,fontFamily:"inherit",fontSize:"inherit",lineHeight:"inherit",fontWeight:"inherit",textOverflow:"ellipsis"}),hiddenSpan:{position:"absolute",top:0,left:0,borderWidth:1,whiteSpace:"pre",opacity:0,pointerEvents:"none"}}));function Nn({invalid:t,name:n,value:r,onTextChange:a}){const l=yo({invalid:t}),[o,i]=A(!1),[c,m]=A(null),s=ae(null),[p,u]=A(r);G(()=>{u(r)},[r]),_n(()=>{s.current&&c&&s.current.style.setProperty("width",`max(${c.getBoundingClientRect().width}px, 3ch)`)},[c,p]);const d=()=>{i(!1),u(r)},x=()=>{i(!1),a==null||a(p)},y=()=>{var g;o?x():(i(!0),(g=s.current)==null||g.focus())},f=g=>{var N;g.key==="Enter"&&((N=s.current)==null||N.blur()),g.key==="Escape"&&d()};return e.createElement(e.Fragment,null,e.createElement("div",{className:l.container},e.createElement("input",{"aria-label":n,className:l.input,name:n,ref:s,onChange:g=>u(g.target.value),onFocus:y,onBlur:x,onKeyDown:f,value:p}),e.createElement("span",{"aria-hidden":"true",className:l.hiddenSpan,ref:m},p),e.createElement(_,{onClick:y,size:"small"},o?e.createElement(nl,{"aria-label":"Save title"}):e.createElement(tl,{"aria-label":"Edit title"}))))}const Pn=t=>{if(t.success)return{};const n={};for(const r of t.error.issues)n[r.path.join(".")]=!0;return n},Tn=({children:t,onConfirm:n,message:r,title:a})=>{const[l,o]=A(!1),i=()=>o(!1),c=()=>o(!0),m=()=>{n(),i()};return e.createElement(e.Fragment,null,t({onClick:c}),e.createElement(me,{open:l,onClose:i},e.createElement(He,null,e.createElement(E,{display:"flex",justifyContent:"space-between",alignItems:"center"},a)),e.createElement(te,null,e.createElement(fr,null,r)),e.createElement(lt,null,e.createElement(P,{"aria-label":"Cancel action",color:"primary",onClick:i},"Cancel"),e.createElement(P,{"aria-label":"Confirm action",color:"secondary",onClick:m,variant:"contained"},"Confirm"))))},Sn=({helpText:t})=>e.createElement(E,{display:"flex",alignItems:"center"},e.createElement(E,{component:"span",mr:1},e.createElement(h,{variant:"body2",noWrap:!0},"Reorder")),e.createElement(he,{title:t},e.createElement(Wt,{color:"primary","aria-label":t}))),An=(t,n,r)=>{const a=n+r;if(a<0||a>=t.length)return t;const l=[...t];return[l[a],l[n]]=[l[n],l[a]],l},Rn=({array:t,index:n,onReorder:r})=>{const a=n===0,l=n===t.length-1;return e.createElement(E,{display:"flex"},e.createElement(_,{disabled:a,onClick:()=>r(An(t,n,-1)),"aria-label":"Move up",size:"small"},e.createElement(ll,null)),e.createElement(_,{disabled:l,onClick:()=>r(An(t,n,1)),"aria-label":"Move down",size:"small"},e.createElement(rl,null)))},go=C(()=>({emptyStateImage:{width:"95%",zIndex:2,position:"relative",left:"50%",top:"50%",transform:"translate(-50%, 15%)"}}));function $n({src:t,alt:n}){const r=go();return e.createElement("img",{src:t,className:`${r.emptyStateImage} `,alt:n})}const ho="Use the arrows to change the order in which permission decisions are evaluated.";function vo({diff:t,permissions:n,onReorderPermissions:r,onNewPermissionClick:a,onOpenPermission:l,onRemovePermissionClick:o,anyAllow:i,readonly:c=!1}){return e.createElement(e.Fragment,null,e.createElement(E,{display:"flex",justifyContent:"space-between",padding:2},e.createElement(h,{variant:"h5"},"Permission Decisions"),!c&&n.length!==0&&e.createElement(P,{color:"primary",variant:"outlined",startIcon:e.createElement(mt,null),onClick:a},"New")),e.createElement(je,null,e.createElement(Ue,null,e.createElement(H,null,!c&&!i&&e.createElement(w,{style:{width:0}},e.createElement(Sn,{helpText:ho})),e.createElement(w,null,"Match by"),e.createElement(w,null,"Decision"),e.createElement(w,null),!c&&e.createElement(w,null))),e.createElement(Ve,null,n.length===0&&e.createElement(H,null,e.createElement(w,{colSpan:5},e.createElement(Fe,{title:"No permission decisions set",description:"Click the button below to create your first permission.",missing:{customImage:e.createElement($n,{src:al,alt:"No permission placeholder"})},action:e.createElement(P,{variant:"contained",color:"primary",onClick:a},"New permission decision")}))),n.map((m,s)=>e.createElement(H,{key:s},!c&&!i&&e.createElement(w,null,e.createElement(Rn,{array:n,index:s,onReorder:r})),e.createElement(w,null,e.createElement(yr,{onClick:()=>l(s)},e.createElement(h,{variant:"body2",color:"primary"},Et(m)))),e.createElement(w,null,Ml(m)),e.createElement(w,null,e.createElement(Ae,{operation:t==null?void 0:t.permissions[m.id].operation})),!c&&e.createElement(w,{align:"right"},e.createElement(Tn,{message:"Are you sure you want to remove this permission decision?",onConfirm:()=>o(s),title:"Remove?"},p=>e.createElement(_,{...p,"aria-label":"Remove permission decision",size:"small"},e.createElement(De,null)))))))))}function bo({roleId:t}){const{versionId:n,roleId:r}=tt(),a=t!=null?t:r;return Ge(a),Ge(n),e.createElement(Xe,{policyId:n},e.createElement(xo,{roleId:a}))}const Co=C(t=>({cardContainer:{margin:t.spacing(0)}}));function xo({roleId:t}){const{diff:n,updateLocalDraft:r,policy:a}=Y(),l=a.roles.find(v=>v.id===t),o=n==null?void 0:n.roles[t],[i,c]=A(null),[m,s]=A(!1),p=nt(),{NotFoundErrorPage:u}=p.getComponents(),d=q(),x=Co();if(!l)return e.createElement(u,null);const y=l.name,f=v=>{const R=a.roles.findIndex(re=>re.id===v.id),L=[...a.roles];L.splice(R,1,v),r({...a,roles:L})},g=v=>{f({...l,name:v})},N=v=>{if(i===null)f({...l,permissions:[v,...l.permissions]});else{const R=[...l.permissions];R.splice(i,1,v),f({...l,permissions:R})}s(!1)},S=v=>{if(v==="*")f({...l,members:l.members==="*"?[]:"*"});else if(l.members==="*")f({...l,members:[v]});else{const R=l.members.includes(v)?l.members.filter(L=>L!==v):[...l.members,v];f({...l,members:R.length===0?"*":R})}},O=v=>{f({...l,permissions:l.permissions.filter((R,L)=>v!==L)})},U=v=>{f({...l,permissions:v})},M=Pn(kr.safeParse(l)).name,b=a.status!=="draft",T=a.options.resolutionStrategy==="any-allow";return e.createElement(e.Fragment,null,e.createElement(Ke,{pages:[{title:a.name,path:`../../../${a.id}`},{title:y}],header:e.createElement(We,{titleComponent:e.createElement(tn,null,a.name," \xA0\u01C0",b?e.createElement(e.Fragment,null,"\xA0",y):e.createElement(Nn,{invalid:M,value:y,onTextChange:g}),e.createElement(Ae,{operation:o==null?void 0:o.role.operation,size:"medium"})),description:a.description},e.createElement(P,{variant:"outlined",color:"primary",onClick:()=>d("../..",{relative:"path"})},"Back to policy"))},e.createElement(I,{container:!0,className:x.cardContainer,spacing:4,direction:"row"},e.createElement(I,{item:!0,xs:6},e.createElement(ee,null,e.createElement(ya,{diff:o||null,role:l,policyId:a.id,onToggleMember:S,readonly:b}))),e.createElement(I,{item:!0,xs:6},e.createElement(ee,null,e.createElement(vo,{diff:o||null,permissions:l.permissions,onNewPermissionClick:()=>{c(null),s(!0)},onOpenPermission:v=>{c(v),s(!0)},onReorderPermissions:U,onRemovePermissionClick:O,anyAllow:T,readonly:b}))))),m&&e.createElement(fo,{rolePermission:i!==null?l.permissions[i]:void 0,onClose:()=>s(!1),onSave:N,readonly:b}))}const wo="Use the arrows to change the order in which roles are evaluated.";function Do({}){const{diff:t,policy:n,createNewRole:r,updateLocalDraft:a}=Y(),l=q(),o=No(n),i=n.status!=="draft",c=n.options.resolutionStrategy==="any-allow",m=u=>{a({...n,roles:u})},s=u=>{a({...n,roles:n.roles.filter(({id:d})=>d!==u)})},p=()=>{l(`./roles/${r()}`)};return e.createElement(at,null,e.createElement(E,{display:"flex",justifyContent:"space-between",padding:2},e.createElement(h,{variant:"h3"},"Roles"),!i&&e.createElement(P,{color:"primary",variant:"outlined",startIcon:e.createElement(mt,null),onClick:()=>p()},"New role")),e.createElement(je,null,e.createElement(Ue,null,e.createElement(H,null,!i&&!c&&e.createElement(w,{style:{width:0}},e.createElement(Sn,{helpText:wo})),e.createElement(w,null,"Name"),e.createElement(w,null,"Users"),e.createElement(w,null,"Groups"),!i&&e.createElement(w,{style:{width:0}}))),e.createElement(Ve,null,o.map((u,d)=>e.createElement(H,{key:d},!i&&!c&&e.createElement(w,null,e.createElement(Rn,{array:n.roles,index:d,onReorder:m})),e.createElement(w,null,e.createElement(E,{alignItems:"center",display:"flex",gridGap:8},e.createElement(ie,{to:`roles/${u.id}`},u.name),e.createElement(Ae,{operation:t==null?void 0:t.roles[u.id].role.operation}))),e.createElement(w,null,u.userCount),e.createElement(w,null,u.groupCount),!i&&e.createElement(w,{align:"right"},e.createElement(Tn,{message:"Are you sure you want to remove this role?",title:"Remove role?",onConfirm:()=>s(u.id)},x=>e.createElement(_,{...x,"aria-label":"Remove role",size:"small"},e.createElement(De,null)))))))))}function No(t){return t.roles.map(n=>({id:n.id,name:n.name,userCount:Array.isArray(n.members)?n.members.filter(r=>r.startsWith("user:")).length:n.members,groupCount:Array.isArray(n.members)?n.members.filter(r=>r.startsWith("group:")).length:n.members}))}const Po=C(t=>({cardHeader:{padding:t.spacing(3,3),borderBottom:`1px solid ${t.palette.border}`},cardContent:{padding:t.spacing(6,3),"& > *":{background:"transparent"}},emptyStateImage:{width:"95%",zIndex:2,position:"relative",left:"50%",top:"50%",transform:"translate(-50%, 15%)"}}));function To({readonly:t}){const n=Po(),r=q(),{createNewRole:a}=Y(),l=()=>{const o=a();r(`./roles/${o}`)};return e.createElement(ee,null,e.createElement($t,{title:"Roles",className:n.cardHeader}),e.createElement(ge,{className:n.cardContent},t?e.createElement(Fe,{title:"No roles configured",missing:"content"}):e.createElement(Fe,{title:"No roles yet",description:"Click the button below to create your first role.",missing:{customImage:e.createElement($n,{src:ol,alt:"No roles placeholder"})},action:e.createElement(P,{variant:"contained",color:"primary",onClick:()=>l()},"New role")})))}function So(){const[t,n]=A(null),{hasDraftPolicy:r}=Qe(),{isValid:a,discardLocalDraft:l,exportPolicy:o,hasChanges:i,policy:c,saveLocalDraftToServer:m,saveAndPublish:s,publish:p}=Y(),u=q(),[d,x]=ht(),y=g=>{n(g.currentTarget)},f=()=>{n(null)};return e.createElement(e.Fragment,null,e.createElement(gr,{variant:"contained",color:"primary"},c.status==="draft"&&e.createElement(P,{disabled:!a,onClick:()=>m()},"Save"),c.status==="inactive"&&e.createElement(P,{onClick:()=>p()},"Republish"),c.status==="active"&&e.createElement(P,{disabled:r||d.loading,onClick:()=>x(c)},"Duplicate"),e.createElement(P,{color:"primary",title:"options",size:"small",onClick:y},e.createElement(il,null))),e.createElement(St,{getContentAnchorEl:null,anchorEl:t,anchorOrigin:{vertical:"bottom",horizontal:"right"},open:!!t,onClose:f,PaperProps:{style:{width:240}}},c.status==="draft"&&e.createElement(it,null,e.createElement(j,{disabled:!a,onClick:()=>s()},e.createElement(se,null,e.createElement(sl,{fontSize:"small"})),e.createElement(Q,null,"Save & Publish")),e.createElement(j,{disabled:!i,onClick:()=>l()},e.createElement(se,null,e.createElement(cl,{color:i?"secondary":"inherit",fontSize:"small"})),e.createElement(Q,null,e.createElement(h,{color:i?"secondary":"inherit"},"Discard changes"))),e.createElement(ot,null)),e.createElement(it,null,e.createElement(j,{onClick:()=>o()},e.createElement(se,null,e.createElement(dl,{fontSize:"small"})),e.createElement(Q,null,"Export"))),e.createElement(ot,null),e.createElement(it,null,e.createElement(j,{disabled:!a,onClick:()=>u("./options")},e.createElement(se,null,e.createElement(ml,{fontSize:"small"})),e.createElement(Q,null,"Options")))))}const Ao=C(t=>({chipContainer:{marginTop:t.spacing(1),marginLeft:t.spacing(1),display:"flex",flexWrap:"wrap"}})),Ro=({selectedRoleIds:t,setSelectedRoleIds:n})=>{const r=Ao(),{policy:a}=Y();return e.createElement(e.Fragment,null,e.createElement(Ce,{fullWidth:!0},e.createElement(de,{id:"selectLabel"},"Select roles"),e.createElement(xe,{native:!1,displayEmpty:!0,multiple:!0,value:t,onChange:l=>n(l.target.value),input:e.createElement(kt,null),"aria-labelledby":"selectLabel",renderValue:l=>e.createElement("div",{className:r.chipContainer,"aria-labelledby":"selectLabel"},a.roles.filter(o=>l.includes(o.id)).map(o=>e.createElement(ce,{key:o.name,label:o.name})))},a.roles.map(l=>e.createElement(j,{key:l.id,value:l.id},e.createElement(be,{color:"primary",checked:t.includes(l.id),name:l.name,value:l.id}),e.createElement(Q,{primary:l.name}))))))},$o=C(t=>({chipContainer:{marginTop:t.spacing(1),marginLeft:t.spacing(1),display:"flex",flexWrap:"wrap"}})),ko=({selectedPermissionNames:t,setSelectedPermissionNames:n})=>{const r=$o(),{permissions:a}=Ne();return e.createElement(e.Fragment,null,e.createElement(Ce,{fullWidth:!0},e.createElement(de,{id:"selectLabel"},"Select permissions"),e.createElement(xe,{native:!1,displayEmpty:!0,multiple:!0,value:t,onChange:l=>n(l.target.value),input:e.createElement(kt,null),"aria-labelledby":"selectLabel",renderValue:l=>e.createElement("div",{className:r.chipContainer,"aria-labelledby":"selectLabel"},a==null?void 0:a.filter(o=>l.includes(o.name)).map(o=>e.createElement(ce,{key:o.name,label:o.name})))},a==null?void 0:a.map(l=>e.createElement(j,{key:l.name,value:l.name},e.createElement(be,{color:"primary",checked:t.includes(l.name),name:l.name,value:l.name}),e.createElement(Q,{primary:l.name}))))))},Io=()=>{const{policy:t}=Y(),{permissions:n}=Ne(),r=k(W),[a,l]=A([]),o=$(async(c,m)=>{if(!n)return;const s=(await r.testPolicyDecisions(n.filter(p=>m.includes(p.name)).map(p=>({policyConfig:t,roleIds:c,permission:p})))).map(p=>({...p,roles:t.roles.filter(u=>c.includes(u.id))}));l(s)},[t,n,r,l]),i=$(()=>{l([])},[l]);return[a,o,i]},J=({name:t})=>{const n=B(()=>t.includes(".")?t.split(/(\.)/g).flatMap(r=>[r,e.createElement("wbr",null)]):[t],[t]);return e.createElement(e.Fragment,null,n.map((r,a)=>e.createElement(e.Fragment,{key:a},r)))},Oo=C(t=>({container:{display:"flex",flexDirection:"row",gap:t.spacing(1)},infoIcon:{color:t.palette.textSubtle}})),Bo=({policy:t,roles:n,permission:r})=>{const a=n.flatMap(o=>It(o,r));let l;if(n.length===0)l=e.createElement(e.Fragment,null,"A user with no assigned roles will be denied access to"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),".");else if(!a.length)l=e.createElement(e.Fragment,null,"None of the roles explicitly sets a rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),", which means that a user who has all of these roles will be denied access to"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),".");else if(t.options.resolutionStrategy==="any-allow")l=e.createElement(e.Fragment,null,"None of the roles explicitly sets an allow or conditional rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", a user who has all of these roles will be denied access to"," ",e.createElement("strong",null,e.createElement(J,{name:r.name})),".");else throw t.options.resolutionStrategy==="first-match"?new Error("Trying to render ImplicitDecisionInfo for a first-match policy that has matching role permission. This should not happen, since the decision should be explicit by the matching role permission."):new Error(`Unknown resolution strategy ${t.options.resolutionStrategy}. Cannot render ImplicitDecisionInfo.`);return e.createElement(e.Fragment,null,e.createElement("strong",null,"Implicit decision")," \u2013 ",l)},Lo=({policy:t,permission:n,roles:r,decision:a,decisionOrigin:l})=>{const o=r.find(c=>c.id===l[0].roleId);let i;if(t.options.resolutionStrategy==="first-match"){if(!o)throw new Error("Expected decision origin role for first-match explicit decision but found none.");i=e.createElement(e.Fragment,null,"The role ",e.createElement("strong",null,o.name)," explicitly sets a rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"first-match"),", no other roles are applied.")}else if(t.options.resolutionStrategy==="any-allow"){if(a.result===F.ALLOW){if(!o)throw new Error("Expected decision origin role for any-allow explicit allow decision but found none.");i=e.createElement(e.Fragment,null,"The role ",e.createElement("strong",null,o.name)," is the first role that explicitly sets an allow decision for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", this decides the outcome.")}else if(a.result===F.CONDITIONAL)if(l.length===1){if(!o)throw new Error("Expected decision origin role for any-allow explicit allow decision but found none.");i=e.createElement(e.Fragment,null,"The role ",e.createElement("strong",null,o.name)," is the first role that explicitly sets a decision for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", this decides the outcome.")}else i=e.createElement(e.Fragment,null,"Multiple roles explicitly set a rule for the permission"," ",e.createElement("strong",null,e.createElement(J,{name:n.name})),". Since the resolution strategy for this policy is"," ",e.createElement("strong",null,"any-allow"),", these decide the outcome.")}else throw new Error(`Unknown resolution strategy ${t.options.resolutionStrategy}. Cannot render ExplicitDecisionInfo.`);return e.createElement(e.Fragment,null,e.createElement("strong",null,"Explicit decision")," \u2013 ",i)},Mo=({roles:t,permission:n,decision:r,decisionOrigin:a})=>{const{policy:l}=Y(),o=Oo();return e.createElement("div",{className:o.container},e.createElement(pl,{fontSize:"small",titleAccess:"",className:o.infoIcon}),e.createElement(h,{variant:"body1",component:"p"},a.length===0?e.createElement(Bo,{policy:l,roles:t,permission:n}):e.createElement(Lo,{policy:l,permission:n,roles:t,decision:r,decisionOrigin:a})))},Fo=C(t=>({userCell:{borderRight:`1px solid ${t.palette.border}`,color:t.palette.text.secondary,background:t.palette.background.paper}})),zo=({rowCount:t})=>{const n=Fo();return e.createElement(w,{size:"small",padding:"none",align:"center",rowSpan:t,classes:{root:n.userCell}},e.createElement(ir,null))},Wo=C(()=>({decisionRowCell:{fontWeight:"bold"}})),et=({children:t,ledToDecision:n,color:r})=>{const a=Wo();return e.createElement(h,{variant:"body1",component:"span",classes:{root:n?a.decisionRowCell:void 0},color:r},t)},Ho=({role:t,ledToDecision:n})=>e.createElement(ie,{to:`roles/${t.id}`},e.createElement(et,{ledToDecision:n,color:"primary"},t.name)),jo=({permissionName:t,ledToDecision:n})=>e.createElement(et,{ledToDecision:n,color:n===!1?"textSecondary":void 0},e.createElement(J,{name:t})),kn=({authorizeResult:t,size:n})=>{switch(t){case F.ALLOW:return e.createElement(fl,{fontSize:n});case F.DENY:return e.createElement(yl,{fontSize:n});case F.CONDITIONAL:return e.createElement(El,{fontSize:n});default:return null}},Uo=C(t=>({decisionCell:{display:"flex",justifyItems:"center"},decisionIconContainer:{display:"flex",alignItems:"center",marginRight:t.spacing(1)},decisionIconAllow:{color:t.palette.success.main},decisionIconDeny:{color:t.palette.error.main},decisionIconConditional:{color:t.palette.info.main}})),Vo=t=>{switch(t){case F.ALLOW:return"Allow";case F.DENY:return"Deny";case F.CONDITIONAL:return"Conditional";default:return"Permission not found in role"}},Go=(t,n)=>{let r;switch(t){case F.ALLOW:r=n.decisionIconAllow;break;case F.DENY:r=n.decisionIconDeny;break;case F.CONDITIONAL:r=n.decisionIconConditional;break;default:return}return`${n.decisionIconContainer} ${r}`},_o=({ledToDecision:t,authorizeResult:n})=>{const r=Uo();return e.createElement("div",{className:r.decisionCell},n!==null&&e.createElement("span",{className:Go(n,r)},e.createElement(kn,{authorizeResult:n,size:"small"})),e.createElement(et,{ledToDecision:t,color:t===!1?"textSecondary":void 0},Vo(n)))},Yo=({ledToDecision:t})=>e.createElement(et,{ledToDecision:t,color:t===!1?"textSecondary":void 0},t?"Yes":"No"),Jo=C(t=>({tableHeader:{borderBottom:`1px solid ${t.palette.border}`}})),ke=({children:t})=>{const n=Jo();return e.createElement(w,{size:"small",classes:{root:n.tableHeader}},t)},qo=C(t=>({tableContainer:{border:`1px solid ${t.palette.border}`,borderRadius:t.shape.borderRadius},tableRow:{"&, &:nth-child(odd)":{background:t.palette.background.paper}},decisionTableRow:{"&, &:nth-child(odd)":{background:t.palette.type==="light"?t.palette.infoBackground:t.palette.grey[900]}}})),Ko=t=>{if(Ye(t))return F.CONDITIONAL;if(typeof t=="string")switch(t){case"allow":return F.ALLOW;case"deny":return F.DENY;default:throw new Error(`Unknown decision: ${t}`)}throw new Error("Unknown decision type found.")},Qo=(t,n)=>n.some(r=>r.rolePermissionId===t.id),Xo=t=>B(()=>{const{roles:n,permission:r,decisionOrigin:a}=t,l=[];for(const o of n){const i=It(o,r);if(i.length>0)for(const c of i)l.push({role:o,permission:r,authorizeResult:Ko(c.decision),ledToDecision:Qo(c,a)});else l.push({role:o,permission:r,authorizeResult:null,ledToDecision:!1})}return l},[t]),Zo=({resultRow:t})=>{const n=qo(),r=Xo(t);return e.createElement(E,{marginTop:3,marginBottom:3},e.createElement(hr,{classes:{root:n.tableContainer}},e.createElement(je,null,e.createElement(Ue,null,e.createElement(H,{classes:{root:n.tableRow}},e.createElement(ke,null),e.createElement(ke,null,"Role"),e.createElement(ke,null,"Permission"),e.createElement(ke,null,"Decision"),e.createElement(ke,null,"Is deciding role"))),e.createElement(Ve,null,r.map((a,l)=>{const o=l===0;return e.createElement(H,{key:l,classes:{root:a.ledToDecision?n.decisionTableRow:n.tableRow}},o?e.createElement(zo,{rowCount:r.length}):null,e.createElement(w,{size:"small"},e.createElement(Ho,{role:a.role,ledToDecision:a.ledToDecision})),e.createElement(w,{size:"small"},e.createElement(jo,{permissionName:a.permission.name,ledToDecision:a.ledToDecision})),e.createElement(w,{size:"small"},e.createElement(_o,{authorizeResult:a.authorizeResult,ledToDecision:a.ledToDecision})),e.createElement(w,{size:"small"},e.createElement(Yo,{ledToDecision:a.ledToDecision})))})))))},ei=C(t=>({heading:{fontWeight:"bold"},subtitle:{color:t.palette.text.secondary},criteriaSummarySpacing:{marginBottom:t.spacing(3)}})),ti=({resultRow:t})=>{const n=ei();return e.createElement(e.Fragment,null,t.roles.length>0?e.createElement(e.Fragment,null,e.createElement(h,{variant:"body1",component:"h6",className:n.heading},"Decision breakdown"),e.createElement(h,{variant:"subtitle1",component:"p",className:n.subtitle},"See what role results in this decision."),e.createElement(Zo,{resultRow:t})):null,t.decision.result===F.CONDITIONAL?e.createElement("div",{className:n.criteriaSummarySpacing},e.createElement(gn,{permissionCriteria:$e(t.decision.conditions)})):null,e.createElement(Mo,{roles:t.roles,permission:t.permission,decision:t.decision,decisionOrigin:t.decisionOrigin}))};function ni({decision:t}){let n;switch(t.result){case"ALLOW":n={severity:"success",text:"Allow"};break;case"DENY":n={severity:"error",text:"Deny"};break;default:n={severity:"info",text:"Conditional"};break}return e.createElement(an,{text:n.text,severity:n.severity,icon:e.createElement(kn,{authorizeResult:t.result}),title:`${n.text} decision chip`,size:"large"})}const ri=C(t=>({permissionName:{display:"flex",alignItems:"center",height:"100%",fontWeight:"bold"},detailsContainer:{padding:`${t.spacing(2)}px  ${t.spacing(1)}px 0`,borderTop:`1px solid ${t.palette.divider}`}})),li=({resultRow:t})=>{const n=ri();return e.createElement(vr,null,e.createElement(br,{expandIcon:e.createElement(gl,null),"aria-controls":"result{$resultIndex}-content",id:t.permission.name},e.createElement(I,{container:!0},e.createElement(I,{item:!0,xs:12,md:4},e.createElement(h,{variant:"body1",className:n.permissionName,component:"h5"},e.createElement(J,{name:t.permission.name}))),e.createElement(I,{item:!0,xs:12,md:8},e.createElement(h,{variant:"body2"},t.roles.length>0?"For a user who has all the selected roles, the result will be:":"For a user with no assigned roles, the result will be:"),e.createElement(ni,{decision:t.decision})))),e.createElement(Cr,null,e.createElement("div",{className:n.detailsContainer},e.createElement(ti,{resultRow:t}))))},ai=C(t=>({header:{borderTop:`1px solid ${t.palette.divider}`,padding:`${t.spacing(3)}px ${t.spacing(1)}px`,borderBottom:`1px solid ${t.palette.divider}`},resultHeading:{marginBottom:t.spacing(1)},accordionHeader:{padding:`${t.spacing(1)}px ${t.spacing(6)}px ${t.spacing(1)}px ${t.spacing(0)}px`,margin:"0"}})),oi=({results:t,resolutionStrategy:n})=>{const r=ai();return t.length?e.createElement(e.Fragment,null,e.createElement("div",{className:r.header},e.createElement(h,{variant:"h5",component:"h4",color:"textPrimary",className:r.resultHeading},"Test results"),e.createElement(zt,{severity:"info"},"All the tests are evaluated using"," ",e.createElement("strong",null,n),", which is the policy resolution strategy")),e.createElement(I,{container:!0,className:r.accordionHeader},e.createElement(I,{item:!0,xs:12,md:4},e.createElement(h,{variant:"body1",color:"textSecondary"},"Permission")),e.createElement(I,{item:!0,xs:12,md:8},e.createElement(h,{variant:"body1",color:"textSecondary"},"Result"))),t.map(a=>e.createElement(li,{resultRow:a,key:a.permission.name}))):null},ii=jt.array(jt.string()),In=(t,n,r)=>{const[a,l]=Mt(`@spotify/backstage-plugin-rbac:policyTesterForm:${t}`,[],{raw:!1,serializer:i=>JSON.stringify(i),deserializer:i=>{let c;try{c=JSON.parse(i)}catch(s){return console.error("Failed to parse json",s),[]}const m=ii.safeParse(c);return m.success?m.data:(console.error(`Stored value for ${t} has the wrong shape`,m.error),[])}}),o=B(()=>a!=null?a:[],[a]);return G(()=>{const i=new Set(n),c=o.some(m=>!i.has(m));!r&&c&&l(o.filter(m=>i.has(m)))},[n,o,l,r]),[o,l]},ci=C(t=>({fieldset:{border:"none",margin:`${t.spacing(3)}px 0 ${t.spacing(3)}px`,paddingLeft:"0"}})),On=({children:t,title:n})=>{const r=ci();return e.createElement("fieldset",{className:r.fieldset},e.createElement(h,{variant:"h6",component:"legend"},n),t)},si=C(t=>({bodyText:{margin:`${t.spacing(1)}px 0`},clearButton:{marginLeft:t.spacing(1)}}));function mi(){const{policy:t}=Y(),{permissions:n,isLoading:r}=Ne(),a=B(()=>t.roles.map(f=>f.id),[t.roles]),l=B(()=>(n==null?void 0:n.map(f=>f.name))||[],[n]),[o,i]=In("roleIds",a),[c,m]=In("permissionNames",l,r),[s,p,u]=Io();G(()=>{u()},[t.roles,t.options,u]);const d=()=>{p(o,c)},x=()=>{i([]),m([]),u()},y=si();return e.createElement(at,null,e.createElement(E,{justifyContent:"space-between",padding:2},e.createElement(h,{variant:"h3"},"Policy Tester"),e.createElement(h,{variant:"body1",component:"p",className:y.bodyText},"Use the policy tester to check if your changes will provide the access you intended for a user that has the roles you select below."),e.createElement(On,{title:"Which permissions do you want to test?"},e.createElement(ko,{selectedPermissionNames:c,setSelectedPermissionNames:m})),e.createElement(On,{title:"Which roles should the simulated user have?"},e.createElement(Ro,{selectedRoleIds:o,setSelectedRoleIds:i})),e.createElement(E,{marginTop:3,component:"section"},e.createElement(P,{onClick:d,variant:"contained",color:"primary"},"Run tests"),e.createElement(P,{className:y.clearButton,color:"primary",variant:"outlined",startIcon:e.createElement(ul,null),onClick:x},"Clear")),s&&s.length?e.createElement(E,{sx:{flexGrow:1},marginTop:4},e.createElement(oi,{results:s,resolutionStrategy:t.options.resolutionStrategy})):null))}function di(){const{versionId:t}=tt();return Ge(t),e.createElement(Xe,{policyId:t},e.createElement(ui,null))}function ui(){const{policy:t,updateLocalDraft:n}=Y(),r=o=>{n({...t,name:o})},a=Pn(Ir.safeParse(t)).name,l=t.status!=="draft";return e.createElement(Ke,{pages:[{title:t.name}],header:e.createElement(We,{title:t.name,titleComponent:e.createElement(e.Fragment,null,e.createElement(tn,null,l?t.name:e.createElement(Nn,{invalid:a,name:"Policy name",value:t.name,onTextChange:r}),e.createElement(qt,{status:t.status})),pi(t))},e.createElement(So,null))},e.createElement(I,{container:!0,spacing:4},e.createElement(I,{item:!0,xs:12},t.roles.length>0?e.createElement(Do,null):e.createElement(To,{readonly:l})),e.createElement(I,{item:!0,xs:12},e.createElement(mi,null))))}function pi(t){const n={created:"Created by ",published:"Last published by ",updated:"Last updated by "},{activityDateText:r,activityUser:a,timestamp:l}=Xt(t,n);return e.createElement(h,{variant:"body2"},e.createElement(h,{component:"span",display:"inline",variant:"body2"},`${r} ${a} `),e.createElement(Qt,{timestamp:l}))}const Ei=C(t=>({card:n=>({marginTop:t.spacing(3),height:"100%","&:hover":n.readonly?{pointerEvents:"none"}:{}}),cardHeader:{paddingBottom:t.spacing(2),alignItems:"flex-start"},defaultChip:{marginLeft:t.spacing(1),marginBottom:0},title:{display:"flex",alignItems:"center",paddingTop:t.spacing(.5),paddingBottom:t.spacing(1)}}));function Bn(t){const n=Ei(t),{title:r,description:a,active:l,changeResolutionStrategy:o,defaultOption:i,readonly:c}=t,m=()=>{c||o()};return e.createElement(ee,{className:`${n.card}`,onClick:m},e.createElement(xr,{disabled:c},e.createElement(ge,null,e.createElement($t,{className:n.cardHeader,avatar:e.createElement(wr,{checked:l,color:"primary",disabled:c}),title:e.createElement("div",{className:n.title},e.createElement(h,{variant:"h6",component:"h2"},r),i?e.createElement(ce,{label:"Default",size:"small",className:n.defaultChip}):null),subheader:a}))))}const fi=C(t=>({title:{display:"flex",alignItems:"center",paddingBottom:t.spacing(2)},maxWidthWrapper:{maxWidth:"800px"},readOnlyChip:{marginLeft:t.spacing(1)},paragraph:{paddingBottom:t.spacing(1)}}));function yi(){const{versionId:t}=tt();return Ge(t),e.createElement(Xe,{policyId:t},e.createElement(gi,null))}function gi(){const t=fi(),{policy:n,updateLocalDraft:r}=Y(),a=q(),l=n.status!=="draft",o=i=>{r({...n,options:{...n.options,resolutionStrategy:i}})};return e.createElement(Ke,{pages:[{title:n.name,path:".."},{title:"Options"}],header:e.createElement(We,{title:"Options"},e.createElement(P,{variant:"outlined",color:"primary",onClick:()=>a("..",{relative:"path"})},"Back to policy"))},e.createElement(I,{item:!0,xs:12,className:t.maxWidthWrapper},e.createElement("div",null,e.createElement("div",{className:t.title},e.createElement(h,{variant:"h5",component:"h1"},"Decision resolution strategy"),l?e.createElement(ce,{label:"Read only",className:t.readOnlyChip}):null),e.createElement(h,{variant:"body2",component:"p",className:t.paragraph},"Multiple decisions from multiple roles could be applicable to a single user when authorizing a permission request. Please select the decision resolution strategy that makes sense for your policy."),e.createElement(h,{variant:"body2",component:"p",className:t.paragraph},"Please note this strategy will be applied to the whole policy and greatly affects the outcome of permission decisions."),e.createElement(Bn,{title:"Any-allow",changeResolutionStrategy:()=>o("any-allow"),readonly:l,defaultOption:!0,description:e.createElement(e.Fragment,null,e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"The first allow decision from all of the roles and decisions is the final result. A single explicit allow or an allow as a result of a conditional decision would result in a final allow decision, otherwise the decision is deny."),e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"With this option, the order of roles and decisions does not matter.")),active:n.options.resolutionStrategy==="any-allow"}),e.createElement(Bn,{title:"First match",changeResolutionStrategy:()=>o("first-match"),readonly:l,description:e.createElement(e.Fragment,null,e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"The first matching decision from the first matching role that is applicable to the user is the final result, regardless if that decision is an allow, deny or conditional."),e.createElement(h,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"With this option, the order in which you define roles and decisions matters.")),active:n.options.resolutionStrategy==="first-match"}))))}function hi(){const t=nt(),{NotFoundErrorPage:n}=t.getComponents();return e.createElement(hl,{loading:e.createElement(ze,null),unauthorized:e.createElement(n,null)},e.createElement(Nl,null,e.createElement(vl,null,e.createElement(pa,null,e.createElement(Jn,null,e.createElement(Me,{element:e.createElement(la,null),path:"/"}),e.createElement(Me,{element:e.createElement(di,null),path:"/versions/:versionId"}),e.createElement(Me,{element:e.createElement(yi,null),path:"/versions/:versionId/options"}),e.createElement(Me,{element:e.createElement(bo,null),path:"/versions/:versionId/roles/:roleId"}))))))}export{hi as RBACRoot};
+//# sourceMappingURL=Root-dbaad539.esm.js.map

package/dist/esm/index-1291dce7.esm.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import{createApiRef as R,createRouteRef as B,createPlugin as C,createApiFactory as P,fetchApiRef as $,discoveryApiRef as U,createRoutableExtension as S,createComponentExtension as T}from"@backstage/core-plugin-api";import{ResponseError as O}from"@backstage/errors";var k=Object.defineProperty,E=(e,i,t)=>i in e?k(e,i,{enumerable:!0,configurable:!0,writable:!0,value:t}):e[i]=t,m=(e,i,t)=>(E(e,typeof i!="symbol"?i+"":i,t),t),j=(e,i,t)=>{if(!i.has(e))throw TypeError("Cannot "+t)},p=(e,i,t)=>{if(i.has(e))throw TypeError("Cannot add the same private member more than once");i instanceof WeakSet?i.add(e):i.set(e,t)},a=(e,i,t)=>(j(e,i,"access private method"),t),y,A,d,w,r,o;const b=R({id:"plugin.rbac"});class I{constructor(i){p(this,y),p(this,d),p(this,r),m(this,"fetchApi"),m(this,"discoveryApi"),this.fetchApi=i.fetchApi,this.discoveryApi=i.discoveryApi}async getPolicies(){const{fetch:i}=this.fetchApi,t=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/policies`);return a(this,r,o).call(this,t)}async getPolicy(i){const{fetch:t}=this.fetchApi,s=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${i}`);return a(this,r,o).call(this,s)}async getActivePolicy(){const{fetch:i}=this.fetchApi,t=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/active`);return a(this,r,o).call(this,t)}async searchMembers(i){const{fetch:t}=this.fetchApi,s=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/members?query=${encodeURIComponent(i.query)}`);return a(this,r,o).call(this,s)}async authorize(){const{fetch:i}=this.fetchApi,t=await i(`${await this.discoveryApi.getBaseUrl("rbac")}/authorize`);return a(this,r,o).call(this,t)}async createDraft(i){const{fetch:t}=this.fetchApi,s=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies`,{method:"POST",body:JSON.stringify(i),headers:{"Content-Type":"application/json"}});return a(this,r,o).call(this,s)}async updateDraft(i,t){const{fetch:s}=this.fetchApi,c=await s(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${i}`,{method:"PATCH",body:JSON.stringify(t),headers:{"Content-Type":"application/json"}});return a(this,r,o).call(this,c)}async deleteDraft(i){const{fetch:t}=this.fetchApi,s=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${i}`,{method:"DELETE"});return a(this,r,o).call(this,s)}async publishPolicy(i,t){const{fetch:s}=this.fetchApi,c=await s(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${i}/publish`,{method:"PUT",headers:{"Content-Type":"application/json"},body:JSON.stringify(t)});return a(this,r,o).call(this,c)}async testPolicyDecisions(i){return await Promise.all(i.map(async t=>{const{policyConfig:s,roleIds:c,permission:h}=t,{decision:n,decisionOrigin:l}=await a(this,y,A).call(this,s,c,h);return{decision:n,permission:h,decisionOrigin:l}}))}async fetchAllPermissionMetadata(i){const t=await Promise.all(i.map(s=>a(this,d,w).call(this,s)));return{permissions:t.flatMap(({permissions:s})=>s),rules:t.flatMap(({rules:s})=>s)}}}y=new WeakSet,A=async function(e,i,t){const{fetch:s}=this.fetchApi,c=await s(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/test-policy-decision`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({policyConfig:e,roleIds:i,permission:t})});return a(this,r,o).call(this,c)},d=new WeakSet,w=async function(e){var i,t,s,c;const h=await this.discoveryApi.getBaseUrl(e);let n;try{n=await(await this.fetchApi.fetch(`${h}/.well-known/backstage/permissions/metadata`)).json()}catch{return{permissions:[],rules:[]}}const l=(t=(i=n.permissions)==null?void 0:i.filter(Boolean))!=null?t:[],v=(c=(s=n.rules)==null?void 0:s.filter(Boolean))!=null?c:[];return{permissions:l,rules:v.map(g=>({...g,pluginId:e}))}},r=new WeakSet,o=async function(e){var i,t;if(e.ok)return e.status===204?void 0:e.json();const s=await O.fromResponse(e);throw s.message=(t=(i=s.body.error.message)!=null?i:s.message)!=null?t:"Unknown error",s};const f=B({id:"rbac"}),u=C({id:"rbac",routes:{root:f},apis:[P({api:b,deps:{fetchApi:$,discoveryApi:U},factory(e){return new I(e)}})]}),D=u.provide(S({name:"RBACRoot",component:()=>import("./Root-dbaad539.esm.js").then(e=>e.RBACRoot),mountPoint:f})),J=u.provide(T({name:"RBACSidebarItem",component:{lazy:()=>import("./RBACSidebarItem-2a1cccb8.esm.js").then(e=>e.RBACSidebarItem)}}));export{D as R,f as a,u as b,J as c,b as r};
2	+ //# sourceMappingURL=index-1291dce7.esm.js.map

package/dist/index.esm.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{R as i,c as m,b as R}from"./esm/index-72180512.esm.js";import"@backstage/core-plugin-api";import"@backstage/errors";export{i as RBACRoot,m as RBACSidebarItem,R as rbacPlugin};
+import{R as i,c as m,b as R}from"./esm/index-1291dce7.esm.js";import"@backstage/core-plugin-api";import"@backstage/errors";export{i as RBACRoot,m as RBACSidebarItem,R as rbacPlugin};
 //# sourceMappingURL=index.esm.js.map

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@spotify/backstage-plugin-rbac",
   "description": "Control access to actions and data in Backstage with ease.",
-  "version": "0.5.8",
+  "version": "0.5.10",
   "license": "SEE LICENSE IN LICENSE.md",
   "homepage": "https://backstage.spotify.com",
   "main": "dist/index.esm.js",
@@ -25,22 +25,23 @@
   },
   "dependencies": {
     "@backstage/catalog-model": "^1.4.3",
-    "@backstage/core-components": "^0.13.6",
-    "@backstage/core-plugin-api": "^1.7.0",
+    "@backstage/core-components": "^0.13.9",
+    "@backstage/core-plugin-api": "^1.8.1",
     "@backstage/errors": "^1.2.3",
-    "@backstage/plugin-catalog-react": "^1.8.5",
-    "@backstage/plugin-permission-common": "^0.7.9",
-    "@backstage/plugin-permission-node": "^0.7.17",
-    "@backstage/plugin-permission-react": "^0.4.16",
-    "@backstage/theme": "^0.4.3",
+    "@backstage/plugin-catalog-react": "^1.9.2",
+    "@backstage/plugin-permission-common": "^0.7.11",
+    "@backstage/plugin-permission-node": "^0.7.19",
+    "@backstage/plugin-permission-react": "^0.4.18",
+    "@backstage/theme": "^0.5.0",
     "@backstage/types": "^1.1.1",
     "@material-ui/core": "^4.12.2",
     "@material-ui/icons": "^4.9.1",
     "@material-ui/lab": "4.0.0-alpha.61",
-    "@spotify/backstage-plugin-core": "^0.5.7",
-    "@spotify/backstage-plugin-rbac-common": "^0.5.7",
+    "@spotify/backstage-plugin-core": "^0.5.8",
+    "@spotify/backstage-plugin-rbac-common": "^0.5.9",
     "ajv": "^8.11.2",
     "file-saver": "^2.0.5",
+    "immutable-json-patch": "^5.1.3",
     "js-yaml": "^4.1.0",
     "json-schema": "^0.4.0",
     "lodash": "^4.17.21",
@@ -48,21 +49,21 @@
     "react-use": "^17.2.4",
     "react-virtualized": "^9.22.5",
     "uuid": "^9.0.0",
-    "vanilla-jsoneditor": "^0.17.0",
+    "vanilla-jsoneditor": "^0.20.0",
     "zod": "^3.20.0",
     "zod-to-json-schema": "^3.20.2"
   },
   "peerDependencies": {
-    "@backstage/plugin-permission-node": "^0.7.17",
+    "@backstage/plugin-permission-node": "^0.7.19",
     "react": "^16.13.1 || ^17.0.0",
     "react-router-dom": "6.0.0-beta.0 || ^6.3.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.23.0",
-    "@backstage/core-app-api": "^1.11.0",
-    "@backstage/dev-utils": "^1.0.22",
+    "@backstage/cli": "^0.25.0",
+    "@backstage/core-app-api": "^1.11.2",
+    "@backstage/dev-utils": "^1.0.25",
     "@backstage/e2e-test-utils": "^0.1.0",
-    "@backstage/test-utils": "^1.4.4",
+    "@backstage/test-utils": "^1.4.6",
     "@playwright/test": "^1.32.3",
     "@testing-library/jest-dom": "^6.0.0",
     "@testing-library/react": "^12.1.5",
@@ -72,7 +73,7 @@
     "@types/jest": "^29.4.0",
     "@types/node": "^18.0.0",
     "@types/react-virtualized": "^9.21.21",
-    "cross-fetch": "^3.1.5",
+    "cross-fetch": "^4.0.0",
     "msw": "^1.0.0"
   },
   "files": [

package/dist/esm/Root-ce389844.esm.js DELETED Viewed

@@ -1,3 +0,0 @@
-import e,{createContext as Pe,useState as k,useCallback as R,useMemo as L,useContext as De,useEffect as _,Fragment as Ne,useRef as ne,Children as vt,isValidElement as we,useReducer as Rn,useLayoutEffect as $n}from"react";import{useNavigate as G,Link as In,useParams as Ve,Routes as On,Route as Ae}from"react-router-dom";import{useApi as I,configApiRef as Bn,alertApiRef as le,useRouteRef as Mn,useApp as Ue}from"@backstage/core-plugin-api";import ue from"react-use/lib/useAsync";import{isResourcePermission as _e}from"@backstage/plugin-permission-common";import{r as W,a as Ln}from"./index-72180512.esm.js";import{forEach as Fn,mapValues as jn,groupBy as Hn,uniq as Wn}from"lodash";import{Breadcrumbs as zn,Link as de,Page as Gn,Header as Vn,Content as Un,EmptyState as Te,Progress as Se,ErrorPanel as bt,Table as _n,ContentHeader as ke}from"@backstage/core-components";import Ct from"react-use/lib/useMount";import{makeStyles as N,Typography as C,Container as Yn,Grid as F,Button as w,Card as Y,CardContent as pe,Box as f,Chip as Re,Tooltip as fe,List as Jn,ListItem as xt,ListItemIcon as re,ListItemText as ae,CardActions as qn,Dialog as oe,DialogContent as K,DialogTitle as $e,TextField as Ee,DialogActions as Ye,CircularProgress as Pt,IconButton as z,Checkbox as Je,TableRow as V,TableCell as D,debounce as Kn,Table as qe,TableHead as Ke,TableBody as Qe,Tabs as Qn,Tab as Xn,FormControl as Xe,InputLabel as Ie,Select as Ze,MenuItem as U,Menu as Dt,FormControlLabel as Nt,FormHelperText as wt,Popper as Zn,Paper as el,Divider as et,DialogContentText as tl,ButtonBase as nl,CardHeader as At,ButtonGroup as ll,MenuList as tt,CardActionArea as rl,Radio as al}from"@material-ui/core";import{SpotifyLicenseBanner as ol,useAutoUpdatingRelativeTime as il,invariant as Oe}from"@spotify/backstage-plugin-core";import ie from"react-use/lib/useAsyncFn";import cl,{dump as sl}from"js-yaml";import{PolicyConfigParser as Be,isConditionalDecision as nt,isAllOfPermissionCriteria as ml,isAnyOfPermissionCriteria as ul,isNotPermissionCriteria as dl,isMatchingPermission as pl,BackstageUserPlaceholder as ye,RoleParser as fl,UpdateDraftRequestParser as El}from"@spotify/backstage-plugin-rbac-common";import{v4 as ce}from"uuid";import Tt from"lodash/keyBy";import yl from"lodash/isEqual";import St from"@material-ui/icons/ReportProblemOutlined";import gl from"@material-ui/icons/CalendarToday";import kt from"@material-ui/icons/Person";import hl from"@material-ui/icons/FiberManualRecord";import{DateTime as Me}from"luxon";import vl from"react-use/lib/useLocalStorage";import{saveAs as bl}from"file-saver";import Rt from"lodash/omit";import Cl from"lodash/pickBy";import lt from"@material-ui/icons/Close";import xl from"@material-ui/icons/Publish";import Pl from"@material-ui/icons/FilterNone";import{parseEntityRef as Q,DEFAULT_NAMESPACE as Dl}from"@backstage/catalog-model";import{humanizeEntityRef as Nl,catalogApiRef as wl}from"@backstage/plugin-catalog-react";import{Autocomplete as rt,ToggleButton as Al,ToggleButtonGroup as Tl}from"@material-ui/lab";import{List as Sl}from"react-virtualized";import ge from"@material-ui/icons/Delete";import kl from"@material-ui/icons/Group";import Rl from"@material-ui/icons/GroupWork";import $t from"@material-ui/icons/Info";import It from"ajv";import $l from"lodash/uniqBy";import{JSONEditor as Il,isTextContent as Ol,createAjvValidator as Bl,Mode as Ml}from"vanilla-jsoneditor";import at from"@material-ui/icons/Add";import Ll from"@material-ui/icons/Remove";import Fl from"@material-ui/icons/Edit";import jl from"@material-ui/icons/Check";import Hl from"@material-ui/icons/KeyboardArrowDown";import Wl from"@material-ui/icons/KeyboardArrowUp";import zl from"../images/no-permissions.svg";import Gl from"../images/no-roles.svg";import Vl from"@material-ui/icons/MoreHoriz";import Ul from"@material-ui/icons/Undo";import _l from"@material-ui/icons/Save";import Yl from"@material-ui/icons/Settings";import Jl from"@material-ui/icons/VerticalAlignTop";import{A as ql}from"./Authorized-051797a2.esm.js";import"@backstage/errors";const Ot=Pe(null),Kl=({children:t})=>{const n=I(Bn),l=I(W),a=I(le),[r,o]=k(null),i=R(async()=>{var s;if(!r){const m=await l.fetchAllPermissionMetadata((s=n.getOptionalStringArray("permission.permissionedPlugins"))!=null?s:[]),c=Xl(m.rules);Fn(c,d=>{d.length!==1&&a.post({message:`The plugin(s) ${d.slice(1).join(", ")} expose rules which are conflicting with rules exposed by the ${d[0]} plugin. These rules will not be available for use. Please contact RBAC support if you need assistance resolving this issue.`,severity:"error"})});const p=Zl(m,c);return o(p),p}return r},[a,r,l,n]);return e.createElement(Ot.Provider,{value:L(()=>({getMetadata:i}),[i])},t)};function Le(){const t=De(Ot),{value:n}=ue(async()=>t==null?void 0:t.getMetadata(),[t]);return n}function Bt(){var t;const n=Le();return(t=n==null?void 0:n.rules)!=null?t:null}function Mt(){var t;const n=Le();return(t=n==null?void 0:n.permissions)!=null?t:null}function Lt(){const t=Le();return t?[...new Set(t.permissions.filter(n=>_e(n)).map(({resourceType:n})=>n))]:null}function Ql(){const t=Le(),n=Lt();return!t||!n?null:n.reduce((l,a)=>{const r=t.rules.find(o=>o.resourceType===a);return r&&(l[a]={pluginId:r.pluginId}),l},{})}function Xl(t){return jn(Hn(t,"resourceType"),n=>Wn(n.map(({pluginId:l})=>l)))}function Zl(t,n){return{...t,rules:t.rules.filter(({resourceType:l,pluginId:a})=>{const r=n[l];return a===r[0]})}}const er=N(t=>({breadcrumbs:{marginBottom:t.spacing(4)}}));function tr({pages:t}){const n=Mn(Ln),l=er();return e.createElement(zn,{className:l.breadcrumbs},e.createElement(de,{to:n()},"Home"),t.map(({title:a,path:r},o)=>r?e.createElement(de,{to:r,key:r,relative:"path"},a):e.createElement(C,{key:`${o}`},a)))}function Fe({children:t,header:n,pages:l}){return e.createElement(Gn,{themeId:"tool"},e.createElement(ol,{backend:"rbac",invalidLicenseMessage:"Your existing policy will continue to apply, but you will be unable to make any changes until you enter a valid license."}),e.createElement(Vn,{title:"Role Based Access Control"}),e.createElement(Un,null,e.createElement(Yn,{maxWidth:"lg"},e.createElement(F,{container:!0,spacing:4},e.createElement(F,{item:!0,xs:12},l&&e.createElement(tr,{pages:l}),n),t))))}const Ft=Pe({hasDraftPolicy:!1,policies:void 0,setPolicies:()=>{},setPolicy:()=>{},getPolicy:()=>{},removePolicy:()=>{}}),je=()=>De(Ft);function nr({children:t,initialState:n={policies:void 0,cache:{}}}){const[l,a]=k(n),r=R(m=>{a(c=>({...c,policies:m,cache:jt(c.cache,m)}))},[]),o=R(m=>l.cache[m],[l.cache]),i=R(m=>a(c=>({...c,cache:{...c.cache,[m]:void 0},policies:void 0})),[]),s=R(m=>a(c=>({...c,policies:void 0,cache:jt(c.cache,[m])})),[]);return e.createElement(Ft.Provider,{value:L(()=>{var m;return{hasDraftPolicy:((m=l.policies)==null?void 0:m.some(({status:c})=>c==="draft"))||!1,policies:l.policies,setPolicies:r,setPolicy:s,getPolicy:o,removePolicy:i}},[l.policies,r,s,o,i])},t)}function jt(t,n){if(!n)return t;const l={...t};return n.forEach(a=>{l[a.id]=a}),l}const he=()=>{const t=I(W),{setPolicies:n,policies:l}=je(),[{loading:a,error:r},o]=ie(()=>t.getPolicies(),[t],l?{loading:!1,value:{items:l,totalItems:l.length}}:{loading:!0}),i=R(async()=>{const s=await o();n(s.items)},[o,n]);return{loading:a,error:r,fetchPolicies:i}};function lr(){const t=I(W),n=G(),l=I(le);function a(r){var o,i;const s=(i=(o=r.target)==null?void 0:o.files)==null?void 0:i[0],m=new FileReader;s&&(m.readAsText(s,"utf-8"),m.onload=async c=>{var p,d;const u=(d=(p=c.target)==null?void 0:p.result)==null?void 0:d.toString();if(u){let b=null;try{b=cl.load(u)}catch{l.post({message:"YAML file is invalid",severity:"error"});return}const g=Be.safeParse(b);if(!g.success){l.post({message:"Imported policy is invalid",severity:"error"});return}const E=g.data;if((await t.getPolicies()).items.some(P=>P.status==="draft")){l.post({message:"Unable to import new policy due to existing draft policy",severity:"error"});return}const y=await t.createDraft(E);n(`./versions/${y.id}`),l.post({message:"Policy imported successfully",severity:"success"})}})}return e.createElement(w,{variant:"outlined",color:"primary",component:"label"},"Import",e.createElement("input",{role:"input",type:"file",hidden:!0,onChange:a,accept:".yaml"}))}const rr=N(t=>({cardContent:{padding:t.spacing(6,3),"& > *":{background:"transparent"}}}));function ar(){const t=rr(),n=I(W),l=G(),[a,r]=ie(async()=>n.createDraft({roles:[],options:{resolutionStrategy:"any-allow"}}),[n]);return _(()=>{a.value&&l(`./versions/${a.value.id}`)},[l,a.value]),e.createElement(Y,null,e.createElement(pe,{className:t.cardContent},e.createElement(Te,{missing:"content",title:"No policy configured",description:e.createElement(e.Fragment,null,e.createElement(f,{component:"span",display:"block",pb:2},"Until you've configured your policy, authorization will be denied for all permissions."),e.createElement(f,{component:"span",display:"block"},"Click the button below to create the first version of your policy.")),action:e.createElement(w,{variant:"contained",color:"primary",disabled:a.loading,onClick:r},"New version")})))}function or(t){var n,l;return((l=(n=t==null?void 0:t.body)==null?void 0:n.response)==null?void 0:l.statusCode)===404}const ir=(t,n)=>{const l={resolutionStrategy:{operation:"UNCHANGED",before:t==null?void 0:t.resolutionStrategy,after:n==null?void 0:n.resolutionStrategy}};for(const a of Object.keys(l)){const r=a;l[r].before!==l[r].after&&(l[r].operation="CHANGED")}return l},ot=(t,n)=>{const l=Object.entries(t);for(const[,a]of l){const r=n(a);for(const[,o]of l){const i=n(o);i.operation!=="ADDED"&&i.operation!=="REMOVED"&&(r.operation==="ADDED"&&r.indexAfter<i.indexAfter?i.indexBefore+=1:r.operation==="REMOVED"&&r.indexBefore<i.indexBefore&&(i.indexBefore-=1))}}for(const[,a]of l){const r=n(a);r.operation==="UNCHANGED"&&r.indexAfter!==r.indexBefore&&(r.operation=r.indexAfter>r.indexBefore?"MOVED_DOWN":"MOVED_UP")}return t},it=(t,n)=>{if(t==="*")return n==="*"?{"*":{operation:"UNCHANGED",after:"*",before:"*",indexAfter:0,indexBefore:0}}:{"*":{operation:"REMOVED",after:null,before:"*",indexAfter:-1,indexBefore:0},...Object.fromEntries(n.map((a,r)=>[a,{operation:"ADDED",after:a,before:null,indexAfter:r,indexBefore:-1}]))};if(n==="*")return{"*":{operation:"ADDED",after:"*",before:null,indexAfter:0,indexBefore:-1},...Object.fromEntries(t.map((a,r)=>[a,{operation:"REMOVED",after:null,before:a,indexAfter:-1,indexBefore:r}]))};const l=Object.fromEntries(n.map((a,r)=>[a,{operation:"ADDED",after:a,before:null,indexAfter:r,indexBefore:-1}]));for(let a=0;a<t.length;a++){const r=t[a];l[r]?(l[r].before=r,l[r].indexBefore=a,l[r].operation="UNCHANGED"):l[r]={operation:"REMOVED",after:null,before:r,indexAfter:-1,indexBefore:a}}return ot(l,a=>a)},ct=(t,n)=>{const l=Tt(n,"id"),a=Object.fromEntries(n.map((r,o)=>[r.id,{operation:"ADDED",indexAfter:o,indexBefore:-1,after:r,before:null}]));for(let r=0;r<t.length;r++){const o=t[r];if(a[o.id]){const i=!yl(o,l[o.id]);a[o.id].before=o,a[o.id].indexBefore=r,a[o.id].operation=i?"CHANGED":"UNCHANGED"}else a[o.id]={operation:"REMOVED",after:null,before:o,indexAfter:-1,indexBefore:r}}return ot(a,r=>r)},cr=(t=[],n=[])=>{const l=Tt(n,"id"),a=Object.fromEntries(n.map((r,o)=>[r.id,{role:{operation:"ADDED",indexAfter:o,indexBefore:-1,after:r,before:null},members:it([],r.members),permissions:ct([],r.permissions)}]));for(let r=0;r<t.length;r++){const o=t[r];if(l[o.id]){const i=l[o.id],s=it(o.members,i.members),m=ct(o.permissions,i.permissions),c=Object.values(m).some(({operation:u})=>u!=="UNCHANGED"),p=Object.values(s).some(({operation:u})=>u!=="UNCHANGED"),d=o.name!==i.name||c||p;a[o.id].role.before=o,a[o.id].role.indexBefore=r,a[o.id].role.operation=d?"CHANGED":"UNCHANGED",a[o.id].members=s,a[o.id].permissions=m}else a[o.id]={role:{operation:"REMOVED",after:null,before:o,indexAfter:-1,indexBefore:r},members:it(o.members,[]),permissions:ct(o.permissions,[])}}return ot(a,({role:r})=>r)},sr=(t,n)=>{const l=cr((t==null?void 0:t.roles)||[],n.roles||[]),a=ir(t==null?void 0:t.options,n.options),r=(t==null?void 0:t.name)!==n.name,o=Object.values(a).some(({operation:i})=>i!=="UNCHANGED");return{policy:{operation:r||o?"CHANGED":"UNCHANGED",before:t,after:n},roles:l,options:a}},Ht=t=>{const n=I(W),{value:l,loading:a,error:r}=ue(()=>n.getActivePolicy(),[n]);return L(()=>t&&!a&&!r?sr(l,t):null,[l,t,a,r])},mr=N(t=>({chip:{margin:0},icon:{color:t.palette.success.main}}));function Wt(t){const n=mr();return t.status==="inactive"?null:t.status==="draft"?e.createElement(Re,{className:n.chip,label:"Draft",size:t.size}):e.createElement(Re,{className:n.chip,classes:{icon:n.icon},label:"Active",icon:e.createElement(hl,null),size:t.size})}const st=(t,n)=>{switch(n){case"ADDED":return t.palette.success.main;case"REMOVED":return t.palette.error.main;case"CHANGED":return t.palette.info.main;case"MOVED_UP":case"MOVED_DOWN":return t.palette.info.main;case"UNCHANGED":default:return t.palette.text.primary}},ur=t=>{switch(t){case"ADDED":return"New";case"REMOVED":return"Removed";case"CHANGED":return"Changed";case"MOVED_UP":return"Moved up";case"MOVED_DOWN":return"Moved down";case"UNCHANGED":default:return"No changes"}};function dr(t){var n;return nt(t.decision)?"Conditional":(n={allow:"Allow",deny:"Deny"}[t.decision])!=null?n:"Unknown"}function mt(t){var n;if(t.match==="*")return"All";if(t.match.name)return t.match.name;const l=[];return t.match.resourceType&&l.push(t.match.resourceType),(n=t.match.actions)!=null&&n.length&&l.push(t.match.actions.join(", ")),l.join(" | ")}const pr=N(t=>({root:({operation:n})=>({color:st(t,n)})})),M=t=>e.createElement(C,{...t,variant:"body2"}),x=t=>{const n=pr(t);return e.createElement(f,{...t,className:n.root,component:"span",fontWeight:"fontWeightBold"})},zt=({policy:t})=>{var n,l,a,r;const o=Ht(t),i=(o==null?void 0:o.policy.operation)==="CHANGED"||Object.values((n=o==null?void 0:o.roles)!=null?n:{}).some(d=>d.role.operation!=="UNCHANGED")||((l=o==null?void 0:o.options)==null?void 0:l.resolutionStrategy.operation)==="CHANGED";if(!o||!i)return e.createElement(f,null,"No changes");const s=!!o.policy.before&&!!o.policy.after&&o.policy.before.name!==o.policy.after.name,m=o.options.resolutionStrategy.operation==="CHANGED",c=({before:d,after:u})=>d&&u&&d.name!==u.name,p=({operation:d})=>d!=="ADDED"&&d!=="REMOVED";return e.createElement(f,null,s&&e.createElement(M,null,"Policy name ",e.createElement(x,{operation:"CHANGED"},"changed")," from"," ",e.createElement(x,null,'"',(a=o.policy.before)==null?void 0:a.name,'"')," to"," ",e.createElement(x,null,'"',(r=o.policy.after)==null?void 0:r.name,'"')),m&&e.createElement(M,null,"Resolution Strategy ",e.createElement(x,{operation:"CHANGED"},"changed")," ","from ",e.createElement(x,null,'"',o.options.resolutionStrategy.before,'"')," to"," ",e.createElement(x,null,'"',o.options.resolutionStrategy.after,'"')),Object.entries(o.roles).map(([d,{role:u,permissions:b,members:g}])=>{var E,y,P,T,$,j;return e.createElement(Ne,{key:d},u.operation==="ADDED"&&e.createElement(M,null,"Role ",e.createElement(x,null,'"',(E=u.after)==null?void 0:E.name,'"')," has been"," ",e.createElement(x,{operation:"ADDED"},"added")),u.operation==="REMOVED"&&e.createElement(M,null,"Role ",e.createElement(x,null,'"',(y=u.before)==null?void 0:y.name,'"')," has been"," ",e.createElement(x,{operation:"REMOVED"},"removed")),c(u)&&e.createElement(M,null,"Role name changed from ",e.createElement(x,null,'"',(P=u.before)==null?void 0:P.name,'"')," ","to ",e.createElement(x,null,'"',(T=u.after)==null?void 0:T.name,'"')),u.indexAfter>u.indexBefore&&u.indexBefore!==-1&&e.createElement(M,null,"Role ",e.createElement(x,null,'"',($=u.after)==null?void 0:$.name,'"')," has been"," ",e.createElement(x,{operation:"MOVED_DOWN"},"moved down")," in priority"),u.indexAfter<u.indexBefore&&u.indexAfter!==-1&&e.createElement(M,null,"Role ",e.createElement(x,null,'"',(j=u.after)==null?void 0:j.name,'"')," has been"," ",e.createElement(x,{operation:"MOVED_UP"},"moved up")," in priority"),p(u)&&e.createElement(e.Fragment,null,Object.entries(b).map(([B,v])=>{var A,h,S,O,Z;const{before:J,after:se}=v,ee=J&&mt(J),q=se&&mt(se);return e.createElement(Ne,{key:B},v.operation==="ADDED"&&v.after&&e.createElement(M,null,"Permission decision"," ",e.createElement(x,null,'"',q,'"')," has been"," ",e.createElement(x,{operation:"ADDED"},"added")," to"," ",e.createElement(x,null,'"',(A=u.after)==null?void 0:A.name,'"')),v.operation==="REMOVED"&&v.before&&e.createElement(M,null,"Permission decision"," ",e.createElement(x,null,'"',ee,'"')," has been"," ",e.createElement(x,{operation:"REMOVED"},"removed")," ","from ",e.createElement(x,null,'"',(h=u.after)==null?void 0:h.name,'"')),v.operation==="CHANGED"&&e.createElement(M,null,ee!==q?e.createElement(e.Fragment,null,"Permission decision"," ",e.createElement(x,null,'"',ee,'"')," has been"," ",e.createElement(x,{operation:"CHANGED"},"updated")," ","to ",e.createElement(x,null,'"',q,'"')):e.createElement(e.Fragment,null,"Permission decision"," ",e.createElement(x,null,'"',ee,'"')," has been"," ",e.createElement(x,{operation:"CHANGED"},"updated"))," ","in ",e.createElement(x,null,'"',(S=u.after)==null?void 0:S.name,'"')),v.indexAfter>v.indexBefore&&v.indexBefore!==-1&&e.createElement(M,null,"Permission decision"," ",e.createElement(x,null,'"',q,'"')," has been"," ",e.createElement(x,{operation:"MOVED_DOWN"},"moved down")," ","in priority in"," ",e.createElement(x,null,'"',(O=u.after)==null?void 0:O.name,'"')),v.indexAfter<v.indexBefore&&v.indexAfter!==-1&&e.createElement(M,null,"Permission decision"," ",e.createElement(x,null,'"',q,'"')," has been"," ",e.createElement(x,{operation:"MOVED_UP"},"moved up")," ","in priority in"," ",e.createElement(x,null,'"',(Z=u.after)==null?void 0:Z.name,'"')))}),Object.entries(g).map(([B,v])=>{var A,h;return e.createElement(Ne,{key:B},v.operation==="ADDED"&&v.after&&e.createElement(M,null,"Member ",e.createElement(x,null,'"',v.after,'"')," has been"," ",e.createElement(x,{operation:"ADDED"},"added")," to"," ",e.createElement(x,null,'"',(A=u.after)==null?void 0:A.name,'"')),v.operation==="REMOVED"&&v.before&&e.createElement(M,null,"Member ",e.createElement(x,null,'"',v.before,'"')," has been"," ",e.createElement(x,{operation:"REMOVED"},"removed")," from"," ",e.createElement(x,null,'"',(h=u.after)==null?void 0:h.name,'"')))})))}))},fr=N(()=>({root:{display:"inline-flex"}})),Gt=({timestamp:t,description:n})=>{const l=fr(),a=Me.fromISO(t).toLocaleString(Me.DATETIME_FULL),r=il(t),o=n?`${n}${r}`:r;return e.createElement("span",{className:l.root},e.createElement(fe,{title:a},e.createElement(C,{component:"span",display:"inline",variant:"inherit"},o)))};function Vt(t,n,l){var a,r;let o=n.created,i=t.createdBy;l!=null&&l.created&&(i=l.created+i);let s=t.createdAt;return t.status==="active"?(o=n.published,i=(a=t.lastPublishedBy)!=null?a:"",l!=null&&l.published&&(i=l.published+i),s=(r=t.lastPublishedAt)!=null?r:""):t.createdAt!==t.updatedAt&&(o=n.updated,i=t.updatedBy,l!=null&&l.updated&&(i=l.updated+i),s=t.updatedAt),{activityDateText:o,activityUser:i,timestamp:s}}const Er=N(t=>({card:n=>({backgroundImage:n.policy.status==="active"?"linear-gradient(256.15deg, #00782A 19.77%, #1DB954 100%)":"linear-gradient(256.15deg, #BDBDBD 19.77%, #EEEEEE 100%)",backgroundPosition:"top",backgroundSize:"100% 8px",backgroundRepeat:"no-repeat",paddingTop:"8px",height:"100%"}),diffSummaryContainer:{backgroundColor:t.palette.background.default,padding:t.spacing(2),borderWidth:"1px",borderStyle:"solid",borderColor:t.palette.divider,borderRadius:t.shape.borderRadius},header:{display:"flex",justifyContent:"space-between",alignItems:"center"},detailsHeader:{...t.typography.body1,paddingTop:t.spacing(2),color:t.palette.text.secondary},activityList:{color:t.palette.text.secondary},activityListItem:{padding:0},actions:{justifyContent:"flex-start"}}));function ve(t){const n=Er(t),{policy:l,to:a,withChangeSummary:r}=t,o=`${l.name} ${l.status==="draft"?"- Draft":""}`,i={created:"Created: ",published:"Published: ",updated:"Updated: "},s={created:"Created by ",published:"Published by ",updated:"Updated by "},{activityDateText:m,activityUser:c,timestamp:p}=Vt(l,i,s);return e.createElement(Y,{className:n.card},e.createElement(pe,null,e.createElement("div",{className:n.header},a?e.createElement(de,{to:`versions/${l.id}`},e.createElement(C,{variant:"h5",component:"h1"},o)):e.createElement(C,{variant:"h5",component:"h1"},o),l.status==="active"?e.createElement(Wt,{status:"active",size:"small"}):null),l.description?e.createElement(C,{variant:"body1",color:"textSecondary"},'"',l.description,'"'):null,e.createElement(C,{component:"h2",className:n.detailsHeader},"Details"),e.createElement(Jn,{className:n.activityList},e.createElement(xt,{className:n.activityListItem},e.createElement(re,null,e.createElement(gl,null)),e.createElement(ae,{primary:e.createElement(Gt,{timestamp:p,description:m})})),e.createElement(xt,{className:n.activityListItem},e.createElement(re,null,e.createElement(kt,null)),e.createElement(ae,{primary:c}))),r&&e.createElement(f,{paddingTop:2},e.createElement(C,{gutterBottom:!0,variant:"subtitle2"},"What's changed"),e.createElement(f,{className:n.diffSummaryContainer},e.createElement(zt,{policy:l})))),t.actions?e.createElement(qn,{className:n.actions},t.actions):null)}const yr=N(t=>({icon:{color:t.palette.warning.main,width:"2rem",height:"2rem"},label:{align:"center",display:"block",marginBottom:t.spacing(1),color:t.palette.text.secondary,fontSize:t.typography.caption.fontSize},policiesContainer:{display:"flex",gap:t.spacing(4),marginTop:t.spacing(4),marginBottom:t.spacing(4)},button:{marginTop:t.spacing(4)}})),gr=({localPolicy:t,onSelectLocalPolicy:n,onSelectServerPolicy:l,serverPolicy:a})=>{const r=yr();return e.createElement(oe,{open:!0,maxWidth:"md"},e.createElement(K,null,e.createElement(f,{display:"flex",flexDirection:"column",gridGap:8},e.createElement(f,{display:"flex",justifyContent:"center"},e.createElement(St,{className:r.icon})),e.createElement(C,{align:"center",variant:"h6"},"There is a conflict with your drafts"),e.createElement(f,null,e.createElement(C,{align:"center"},"A newer version of the draft you are trying to edit has been recently saved."),e.createElement(C,{align:"center"},"Please review the changes and decide on a version to keep."))),e.createElement(f,{className:r.policiesContainer},e.createElement(f,{alignItems:"center",display:"flex",flexDirection:"column",flex:"1 1 0%"},e.createElement(C,{className:r.label,variant:"button"},"Your local draft"),e.createElement(ve,{policy:t,withChangeSummary:!0}),e.createElement(w,{className:r.button,color:"primary",onClick:n,variant:"outlined"},"Keep local draft")),e.createElement(f,{alignItems:"center",display:"flex",flexDirection:"column",flex:"1 1 0%"},e.createElement(C,{className:r.label,variant:"button"},"Recently saved draft"),e.createElement(ve,{policy:a,withChangeSummary:!0}),e.createElement(w,{className:r.button,color:"primary",onClick:l,variant:"outlined"},"Keep recently saved draft")))))},hr=({serverPolicy:t,localPolicy:n})=>!n||!t?{policy:t,policyConflict:!1}:t.status!=="draft"?{policy:t,policyConflict:!1}:n.id!==t.id?{policy:t,policyConflict:!1}:n.updatedAt===t.updatedAt?{policy:n,policyConflict:!1}:{policy:n,policyConflict:!0},vr=()=>vl("@spotify/backstage-plugin-rbac:draftPolicy");function Ut(t){const n=new Blob([br(t)],{type:"text/yaml"});bl(n,`${(t.name||"policy").toLocaleLowerCase().replace(/\W/g,"-")}.yaml`)}function br(t){const{name:n,roles:l,options:a,description:r}=t;return`# this is an autogenerated file, do not edit
-${sl(Cl({name:n,description:r,options:a,roles:l.map(({permissions:o,...i})=>({...Rt(i,["id"]),permissions:o.map(s=>Rt(s,["id"]))}))},o=>o!==null||o!==void 0))}`}const Cr=N(t=>({icon:{color:t.palette.warning.main,width:"2rem",height:"2rem"}})),xr=({onConfirm:t,policy:n})=>{const l=Cr(),a=()=>{Ut(n)};return e.createElement(oe,{open:!0},e.createElement(K,null,e.createElement(f,{display:"flex",flexDirection:"column",gridGap:16},e.createElement(f,{display:"flex",flexDirection:"column",gridGap:4},e.createElement(f,{display:"flex",justifyContent:"center"},e.createElement(St,{className:l.icon})),e.createElement(C,{align:"center",variant:"h6"},"Invalid local draft")),e.createElement(f,{display:"flex",flexDirection:"column",gridGap:8},e.createElement(C,{align:"center"},"You have a local draft that is no longer compatible or has become corrupted."),e.createElement(C,{align:"center"},"Click export to download your draft. You can attempt to restore your draft by importing this file on the RBAC home page."),e.createElement(C,{align:"center"},"Clicking continue will discard your draft."," ",e.createElement(f,{component:"span",fontWeight:"fontWeightBold"},"This action cannot be undone."))),e.createElement(f,{display:"flex",justifyContent:"center",gridGap:8,marginY:3},e.createElement(w,{color:"primary",onClick:a,variant:"outlined"},"Export"),e.createElement(w,{color:"primary",onClick:t,variant:"contained"},"Discard and continue")))))};function ut(){const t=I(W),n=I(le),l=ie(async(r,o,i)=>{if(r)return await t.publishPolicy(r.id,{description:o,update:i}),t.getPolicy(r.id)},[]),[{error:a}]=l;return _(()=>{a&&n.post({message:a.message,severity:"error"})},[a,n]),l}const Pr=N(t=>({closeButton:{color:t.palette.text.secondary},diffSummaryContainer:{backgroundColor:t.palette.background.default,marginBottom:t.spacing(2)}}));function dt({open:t,onPublish:n,onClose:l,policy:a}){const[r,o]=k(!1),i=Pr(),s=ne(null),m=async()=>{var c,p;o(!0),await n((p=(c=s.current)==null?void 0:c.value)!=null?p:""),o(!1)};return e.createElement(oe,{open:t,onClose:l,fullWidth:!0},e.createElement($e,null,e.createElement(f,{display:"flex",justifyContent:"space-between",alignItems:"center"},"Ready to publish?",e.createElement(w,{startIcon:e.createElement(lt,null),onClick:l,className:i.closeButton},"Close")),e.createElement(C,null,"Double check your changes, then click Publish to activate this version of your policy. This will immediately apply the permissions defined in this version across Backstage.")),e.createElement(K,{className:i.diffSummaryContainer,dividers:!0},e.createElement(zt,{policy:a})),e.createElement(K,null,e.createElement(Ee,{variant:"outlined",fullWidth:!0,label:"Summary (optional)",placeholder:"Briefly describe this version (or changes from a previous version)",inputRef:s})),e.createElement(Ye,null,e.createElement(w,{color:"primary",onClick:m,disabled:r},r?e.createElement(Pt,{size:20}):"Publish")))}const Dr=N(t=>({paper:{padding:t.spacing(2,2,0,2)}})),pt=({isOpen:t,onClose:n,policy:l})=>{const a=Dr();return e.createElement(oe,{classes:{...a},open:t,onClose:n},e.createElement($e,{disableTypography:!0},e.createElement(f,{display:"flex",flexDirection:"row"},e.createElement(f,null,e.createElement(C,{variant:"h4",component:"h2"},"Success!"),e.createElement(C,null,l.name," has been published and is now your active policy.")),e.createElement(f,null,e.createElement(z,{onClick:n,title:"Close dialog"},e.createElement(lt,null))))),e.createElement(K,null,e.createElement(ve,{policy:l})),e.createElement(Ye,null,e.createElement(f,{display:"flex",flexDirection:"row",flexGrow:1,justifyContent:"flex-start"},e.createElement(w,{component:In,color:"primary",onClick:n,role:"link",to:"/rbac"},"View all versions"))))},Nr={canPublish:!1,diff:null,hasChanges:!1,isValid:!1,policy:void 0,createNewRole:()=>"",discardLocalDraft:()=>{},exportPolicy:()=>{},publish:()=>{},saveLocalDraftToServer:()=>Promise.reject(),saveAndPublish:()=>Promise.reject(),refetchPolicy:()=>Promise.reject(),updateLocalDraft:()=>{}},_t=Pe(Nr),X=()=>De(_t);function He({children:t,policyId:n}){const l=G(),a=I(le),r=I(W),{getPolicy:o,setPolicy:i}=je(),s=Ue(),{NotFoundErrorPage:m}=s.getComponents(),[c,p]=k({active:!1,update:!1}),[d,u]=k(!1),[{loading:b,value:g},E]=ut(),y=o(n),[P,T,$]=vr(),j=!P||Be.safeParse(P).success,B=j?P:void 0,{policy:v,policyConflict:A}=hr({serverPolicy:y,localPolicy:B}),h=Ht(v),S=Be.safeParse(v).success,O=S&&!B&&!b,[{loading:Z,error:J},se]=ie(()=>r.getPolicy(n),[r,n],y?{loading:!1,value:y}:{loading:!0}),ee=()=>{p({active:!0,update:!1})},q=()=>{p({active:!0,update:!0})},xn=R(async H=>{await E(v,H,c.update?v:void 0),p({active:!1,update:!1})},[v,c,E,p]),Pn=async()=>{u(!1)},Dn=()=>{T(H=>H&&y&&{...H,updatedAt:y.updatedAt})},te=R(async()=>{const H=await se();i(H)},[se,i]),Nn=R(async()=>{if(!v)throw new Error("No policy to save");try{await r.updateDraft(v.id,{name:v.name,roles:v.roles,options:v.options}),a.post({message:"Policy saved",severity:"success"}),$(),te==null||te()}catch(H){a.post({message:(H==null?void 0:H.message)||"An error occurred while updating the policy",severity:"error"})}},[a,r,v,te,$]),wn=R(()=>{if(!v)throw new Error("No policy to create a new role");const H=new Set(v.roles.map(kn=>kn.id));let me;do me=ce().split("-")[0];while(H.has(me));const Sn={name:`Role ${me}`,permissions:[],members:"*",id:me};return T({...v,roles:[...v.roles,Sn]}),me},[v,T]),An=()=>{$(),l("/rbac")},Tn=()=>{v&&Ut(v)};return _(()=>{y||te()},[te,y]),_(()=>{g&&u(!0)},[g]),j?v?e.createElement(_t.Provider,{value:{canPublish:O,diff:h,hasChanges:!!B,isValid:S,policy:v,createNewRole:wn,discardLocalDraft:$,exportPolicy:Tn,publish:ee,saveLocalDraftToServer:Nn,refetchPolicy:te,updateLocalDraft:T,saveAndPublish:q}},A&&B&&y&&e.createElement(gr,{localPolicy:B,onSelectLocalPolicy:Dn,onSelectServerPolicy:$,serverPolicy:y}),e.createElement(dt,{open:c.active,onClose:()=>p({active:!1,update:!1}),onPublish:xn,policy:v}),g&&e.createElement(pt,{isOpen:d,onClose:Pn,policy:g}),t):Z?e.createElement(Se,null):J?or(J)?e.createElement(m,null):e.createElement(bt,{error:J!=null?J:new Error("Unknown")}):null:e.createElement(xr,{onConfirm:An,policy:P})}function wr(t){throw new Error("Invalid state")}function ft(){const t=I(W),n=I(le),l=G(),{fetchPolicies:a}=he();return ie(async r=>{if(!r)return;const{roles:o,name:i,options:s}=r;try{const m=await t.createDraft({roles:o,options:s,name:i});return await a(),l(`/rbac/versions/${m.id}`),m}catch(m){throw m instanceof Error&&n.post({message:m.message,severity:"error"}),m}},[l,t,n,a])}const Ar=[{title:"Name",field:"name",render:t=>e.createElement(de,{to:`versions/${t.id}`},t.name)},{title:"Status",field:"status",render:t=>{switch(t.status){case"active":return"Active";case"draft":return"Draft";case"inactive":return"Inactive";default:return wr(t.status)}}},{title:"Publish date",field:"lastPublishedAt",render:t=>t.lastPublishedAt?Me.fromISO(t.lastPublishedAt).toLocaleString(Me.DATETIME_MED_WITH_SECONDS):"",type:"datetime",defaultSort:"desc"},{title:"Published by",field:"lastPublishedBy"}];function Tr(t){const n=t.data.length>3,{fetchPolicies:l}=he(),[{loading:a},r]=ft(),[{loading:o,value:i},s]=ut(),[m,c]=k(void 0),[p,d]=k(!1),u=()=>{c(void 0),l()},b=(m==null?void 0:m.id)===(i==null?void 0:i.id)?i:void 0,g=[E=>{const{tableData:y,...P}=E;return{icon:xl,tooltip:"Republish",onClick:()=>{c(P),d(!0)},disabled:o}},E=>{const{tableData:y,...P}=E;return{icon:Pl,tooltip:"Duplicate",disabled:a||!t.canDuplicate,onClick:()=>r(P)}}];return e.createElement(e.Fragment,null,e.createElement(_n,{title:"Previous Versions",columns:Ar,data:t.data,options:{paging:n,pageSize:3,pageSizeOptions:[3,5,10,20],actionsColumnIndex:-1,loadingType:"linear"},actions:g}),m&&e.createElement(dt,{open:p,onPublish:E=>{s(m,E),d(!1)},onClose:()=>{c(void 0),d(!1)},policy:m}),b&&e.createElement(pt,{isOpen:!0,policy:b,onClose:u}))}const Sr=t=>{const[n,l]=k(!1),{fetchPolicies:a}=he(),[{loading:r,value:o},i]=ut(),{policy:s,hasChanges:m}=X(),c=Be.safeParse(s).success,p=!m&&c,d=async b=>{await i(s,b),l(!1)},u=()=>{a()};return e.createElement(e.Fragment,null,e.createElement(w,{...t,onClick:()=>l(!0),disabled:!p||r},"Publish"),e.createElement(dt,{open:n,onClose:()=>l(!1),onPublish:d,policy:s}),o&&e.createElement(pt,{isOpen:!0,onClose:u,policy:o}))};function kr(t){const n=I(W),l=I(le),{fetchPolicies:a}=he();return ie(async()=>{if(t)return n.deleteDraft(t.id).then(a).catch(r=>(l.post({message:r.message,severity:"error"}),Promise.reject(r)))},[t])}function Rr({policies:t}){const n=t.find(c=>c.status==="draft"),l=t.find(c=>c.status==="active"),[a,r]=ft(),[o,i]=kr(n),s=G(),m=$r(t);return e.createElement(F,{container:!0,spacing:4},l?e.createElement(F,{item:!0,xs:12,md:6},e.createElement(ve,{policy:l,to:`./versions/${l.id}`,actions:e.createElement(w,{color:"primary",disabled:a.loading||!!n,onClick:()=>r(l)},"Duplicate")})):null,n?e.createElement(F,{item:!0,xs:12,md:6},e.createElement(ve,{policy:n,to:`./versions/${n.id}`,actions:e.createElement(e.Fragment,null,e.createElement(w,{onClick:()=>s(`versions/${n.id}`),color:"primary"},"Edit"),e.createElement(w,{color:"primary",disabled:o.loading,onClick:i},"Delete Draft"),e.createElement(He,{policyId:n.id},e.createElement(Sr,{color:"primary"})))})):null,e.createElement(F,{item:!0,xs:12},e.createElement(Tr,{data:m,canDuplicate:!n})))}function $r(t){return t.filter(({status:n})=>n==="inactive")}function Ir(){const{policies:t}=je(),{loading:n,error:l,fetchPolicies:a}=he();Ct(()=>{t||a()});let r;return n?r=e.createElement(F,{item:!0,xs:12},e.createElement(Se,null)):l?r=e.createElement(bt,{error:l}):!t||t.length===0?r=e.createElement(ar,null):r=e.createElement(Rr,{policies:t}),e.createElement(Fe,{pages:void 0,header:e.createElement(ke,{title:"RBAC Policies"},e.createElement(lr,null))},r)}const Or=N(t=>({titleWrapper:{display:"flex",alignItems:"center",gap:t.spacing(2)}}));function Yt({children:t}){const n=Or();return e.createElement(C,{noWrap:!0,variant:"h4",component:"h2",color:"textSecondary",className:n.titleWrapper},t)}const Br=e.forwardRef(function({children:t,role:n,...l},a){const r=L(()=>{const s=[];return vt.forEach(t,m=>{if(we(m)){const c=m.props.children[0];we(c)&&s.push(c);const p=m.props.children[1];if(we(p)){const d=vt.toArray(p.props.children).filter(we);s.push(...d)}}}),s},[t]),o=r.length,i=54;return e.createElement("div",{ref:a},e.createElement("ul",{...l},e.createElement(Sl,{height:250,width:250,rowHeight:i,overscanCount:5,rowCount:o,rowRenderer:s=>e.cloneElement(r[s.index],{style:{...s.style,whiteSpace:"nowrap"}}),role:n})))}),Mr=N({autocomplete:{display:"flex",flex:1}});function Lr({members:t,options:n,namespaceOptions:l,loading:a=!1,disabled:r=!1,isMultiNamespaces:o=!1,onTextChange:i,onToggleMember:s,onChange:m}){const[c,p]=k(!1),d=Mr(),[u,b]=Rn(y=>y+1,0),g=(y,P)=>{P&&(s(P),b())};_(()=>{c&&i("")},[c,i]);const E=o?l.concat((n==null?void 0:n.members)||[]):(n==null?void 0:n.members)||[];return e.createElement(f,{width:250},e.createElement(rt,{key:`${u}`,open:c,onOpen:()=>{p(!0)},onClose:()=>{p(!1)},onChange:g,getOptionLabel:be,groupBy:Fr,ListboxComponent:Br,renderOption:y=>e.createElement(e.Fragment,null,e.createElement(Je,{id:`checkbox-${y.entityRef}`,checked:t.includes(y.entityRef),color:"primary"}),e.createElement("label",{htmlFor:`checkbox-${y.entityRef}`},o?be(y,!1):be(y))),options:E,openOnFocus:!0,disabled:r,loading:a,className:d.autocomplete,renderInput:y=>e.createElement(Ee,{...y,label:o?"Select members":"Select specific users/groups",variant:"standard",onChange:m,InputProps:{...y.InputProps,endAdornment:e.createElement(e.Fragment,null,a?e.createElement(Pt,{color:"inherit",size:20}):null,y.InputProps.endAdornment)}})}))}function be(t,n=!0){var l;const a=Q(t.entityRef);return a.name==="*"?a.namespace:Nl({...a,name:(l=t.name)!=null?l:a.name},{defaultKind:a.kind,defaultNamespace:n?Dl:!1})}const Jt={user:"USERS",group:"GROUPS",namespace:"NAMESPACES"};function Fr(t){const{name:n,kind:l}=Q(t.entityRef),a=n==="*"?"namespace":l;if(!Jt[a])throw new Error(`Group '${a}' is not supported for members in a policy`);return Jt[a]}const jr=N(t=>({root:({operation:n})=>({borderRadius:100,borderColor:st(t,n),borderSize:1,borderStyle:"solid",color:st(t,n),lineHeight:1,padding:t.spacing(.5,1),whiteSpace:"nowrap"})})),Hr={small:"span",medium:"div",large:"div"},Wr={small:"caption",medium:"body1",large:"subtitle1"},Ce=({operation:t,size:n="small"})=>{const l=jr({operation:t}),a=ur(t);return!t||t==="UNCHANGED"?null:e.createElement(C,{className:l.root,variant:Wr[n],component:Hr[n]},a)},zr=N(t=>({actionCol:{width:48},typeIconCol:{paddingRight:"0.4rem"},nameCol:{paddingLeft:0},typeIcon:{color:t.palette.grey[500]}}));function Gr({diff:t,loading:n,isMultiNamespaces:l,members:a,error:r,onToggleMember:o,readonly:i=!1}){const s=zr();if(n)return e.createElement(V,null,e.createElement(D,{scope:"row",colSpan:i?4:5},e.createElement(Se,null)));if(r&&r.message!=null,a==="*")return e.createElement(V,null,e.createElement(D,{colSpan:2,height:80},"All"),e.createElement(D,{colSpan:i?2:3},e.createElement(Ce,{operation:t==null?void 0:t.members["*"].operation})));if(a.length===0)return e.createElement(V,null,e.createElement(D,{scope:"row",colSpan:i?4:5},"Select users or groups using the drop-down menu above."));const m=a.sort((c,p)=>{let d=0;l&&p.name==="*"&&c.name!=="*"?d=1:l&&c.name==="*"&&p.name!=="*"&&(d=-1);const u=c.type.localeCompare(p.type),b=Q(c.entityRef).namespace.localeCompare(Q(p.entityRef).namespace),g=Q(c.entityRef).name.localeCompare(Q(p.entityRef).name);return d||u||b||g});return e.createElement(e.Fragment,null,m.map(c=>{var p;const{name:d,type:u,entityRef:b}=c;return e.createElement(V,{key:b},e.createElement(D,{className:s.typeIconCol},u==="group"&&e.createElement(kl,{className:s.typeIcon})||l&&d==="*"&&e.createElement(Rl,{className:s.typeIcon})||e.createElement(kt,{className:s.typeIcon})),e.createElement(D,{scope:"row",className:s.nameCol},(p=l?be(c,!1):be(c))!=null?p:"Unknown"),e.createElement(D,{scope:"row"},d==="*"&&l?"namespace":u),e.createElement(D,null,d&&e.createElement(Ce,{operation:t==null?void 0:t.members[b].operation})),!i&&e.createElement(D,{scope:"row",className:s.actionCol},e.createElement(z,{"aria-label":"delete",onClick:()=>o(c),size:"small"},e.createElement(ge,null))))}))}const qt=Pe({loading:!1}),Vr=({children:t})=>{const n=I(W),l=ue(async()=>await n.searchMembers({query:""}),[n]);return e.createElement(qt.Provider,{value:l},t)},Ur=()=>De(qt),_r=N(()=>({header:{display:"flex",flexDirection:"row",justifyContent:"space-between",paddingLeft:"1rem",paddingRight:"1rem",gap:"1rem"},actionCol:{width:48},typeIconCol:{paddingRight:"0.4rem"},nameCol:{paddingLeft:0}}));function Yr({diff:t,policyId:n,role:l,onToggleMember:a,readonly:r=!1,debounceTime:o=1e3}){const i=I(W),s=I(wl),m=_r(),c=l.members==="*",[p,d]=k(""),{current:u}=ne({}),b=h=>{u[h.entityRef]=h,a(h.entityRef)},g=h=>{var S;if(u[h])return u[h];const O=Q(h);return{entityRef:h,type:O.kind.toLowerCase(),name:(S=O.name)!=null?S:h}},{value:E,loading:y}=Ur(),{loading:P,value:T}=ue(async()=>{const h=await s.getEntityFacets({facets:["metadata.namespace"]}).then(S=>S.facets["metadata.namespace"].map(O=>O.value));return Jr(h)},[s]),$=T?(T==null?void 0:T.length)>1:!1,j=T?T.filter(h=>h.entityRef.toLowerCase().includes(p)):[],B=L(()=>Kn(h=>{d(h.target.value.toLowerCase())},o),[d,o]),{loading:v,error:A}=ue(async()=>{l.members==="*"||l.members.length===0||(await i.getPolicy(n)).roles.find(h=>h.id===l.id)===void 0||l.members.forEach(h=>{const S=g(h);u[S.entityRef]=S})},[n,c]);return e.createElement(e.Fragment,null,e.createElement("div",{className:m.header},e.createElement("h2",null,"Members"),e.createElement(Lr,{onToggleMember:b,members:l.members,disabled:r,options:E,namespaceOptions:j,isMultiNamespaces:$,loading:y||P,onTextChange:d,onChange:B})),e.createElement(qe,null,e.createElement(Ke,null,e.createElement(V,null,e.createElement(D,{className:m.typeIconCol}),e.createElement(D,{className:m.nameCol},"Name"),e.createElement(D,null,"Type"),e.createElement(D,null),!r&&e.createElement(D,{className:m.actionCol}))),e.createElement(Qe,null,e.createElement(Gr,{diff:t,loading:v||P,isMultiNamespaces:$,error:A,members:Array.isArray(l.members)?l.members.map(g):l.members,onToggleMember:b,readonly:r}))))}function Jr(t){return t.map(n=>({name:"*",type:"user",entityRef:`user:${n}/*`})).sort((n,l)=>n.entityRef.toLowerCase().localeCompare(l.entityRef.toLowerCase()))}function Kt(t){return`${t.palette.primary.main}50`}const qr=N(t=>({indicator:{right:"unset"},tab:{maxWidth:"none","&.Mui-selected":{backgroundColor:Kt(t),color:t.palette.primary.main}}}));function Kr({options:t,selected:n,onChange:l,readonly:a=!1}){const r=qr();return e.createElement(Qn,{orientation:"vertical",value:t.map(({id:o})=>o).indexOf(n),onChange:(o,i)=>l(t[i].id),indicatorColor:"primary",TabIndicatorProps:{className:r.indicator}},t.map(o=>e.createElement(Xn,{key:o.id,label:o.displayText.toUpperCase(),className:r.tab,disabled:a})))}const Qr=["condition","anyOf","allOf","not"],Qt={condition:"Condition",anyOf:"Any of",allOf:"All of",not:"Not"};function Et(t){return t===null?!1:t.hasOwnProperty("id")&&t.hasOwnProperty("ruleName")&&t.hasOwnProperty("parameters")}function xe(t){return t.hasOwnProperty("levelType")}function Xr(t){return t==="anyOf"||t==="allOf"||t==="not"}function Zr(t){return t?{id:t.id,match:ea(t),decisionType:ta(t),criteria:nt(t.decision)?We(t.decision.conditions):null}:{id:ce(),match:{method:"specificPermission"},decisionType:"allow",criteria:null}}function ea(t){var n;return t.match==="*"?{method:"all"}:t.match.name?{method:"specificPermission",name:t.match.name}:t.match.resourceType||(n=t.match.actions)!=null&&n.length?{method:"filter",resourceType:t.match.resourceType,actions:t.match.actions}:{method:"specificPermission"}}function ta(t){return typeof t.decision=="string"?t.decision:"conditional"}function We(t){const n=ce();return ml(t)?{id:n,levelType:"allOf",children:t.allOf.map(l=>We(l))}:ul(t)?{id:n,levelType:"anyOf",children:t.anyOf.map(l=>We(l))}:dl(t)?{id:n,levelType:"not",children:[We(t.not)]}:{id:n,ruleName:t.rule,parameters:t.params}}function Xt(t,n){if(!t)return!1;if(xe(t))return t.children.length>0&&t.children.every(a=>Xt(a,n));if(!t.ruleName)return!1;const l=n==null?void 0:n.find(({name:a})=>a===t.ruleName);return l?l.paramsSchema?new It({allErrors:!0}).compile(l.paramsSchema)(t.parameters):!0:!1}function na(t,n,l){return{id:t,match:Zt(n,l),decision:l}}function Zt({method:t,...n},l){return t==="all"?"*":l&&nt(l)?{resourceType:l.resourceType,...n}:n}function yt(t){return Et(t)?{rule:t.ruleName,params:t.parameters}:t.levelType==="not"?{not:yt(t.children[0])}:{[t.levelType]:t.children.map(n=>yt(n))}}const la=N(t=>({toggleButton:{"&.Mui-selected":{backgroundColor:Kt(t),color:t.palette.primary.main},"&.Mui-selected:hover":{backgroundColor:"#97BBE8"},color:t.palette.primary.main,border:`1px solid ${t.palette.primary.main}`}}));function gt({className:t,...n}){const l=la();return e.createElement(Al,{className:`${l.toggleButton} ${t}`,...n})}const ra=N({fullWidth:{width:"100%","& > *":{flexGrow:1}}});function aa({className:t,fullWidth:n,...l}){const a=ra();return e.createElement(Tl,{className:`${n?a.fullWidth:""} ${t}`,...l})}function oa(t,n){const l=(t!=null?t:[]).filter(o=>pl(o,Zt(n))),a=$l(l,o=>_e(o)?o.resourceType:void 0),r=a.length===1&&_e(a[0])?a[0].resourceType:void 0;return{permissions:l,commonResourceType:r}}const ia=N(()=>({fullWidth:{width:"100%","& > *":{flexGrow:1}}})),en="Permission name";function ca({name:t="",readonly:n,onNameChange:l}){const a=ia(),r=Mt();return e.createElement(Xe,{className:a.fullWidth,variant:"outlined",disabled:n},e.createElement(Ie,{id:"match-by-name-dropdown"},en),e.createElement(Ze,{labelId:"match-by-name-dropdown",label:en,value:r?t:"",onChange:o=>l==null?void 0:l(o.target.value)},r==null?void 0:r.map(o=>e.createElement(U,{key:o.name,value:o.name},o.name))))}const sa=N(()=>({fullWidth:{width:"100%","& > *":{flexGrow:1}}})),tn="Resource type";function ma({resourceType:t="",readonly:n,onResourceTypeChange:l}){const a=sa(),r=Lt();return e.createElement(Xe,{className:a.fullWidth,variant:"outlined",disabled:n},e.createElement(Ie,{id:"match-by-resource-dropdown"},tn),e.createElement(Ze,{labelId:"match-by-resource-dropdown",label:tn,value:r?t:"",onChange:o=>l==null?void 0:l(o.target.value),displayEmpty:!0},r==null?void 0:r.map(o=>e.createElement(U,{key:o,value:o},o))))}const ua="Action";function da({actions:t,readonly:n,onActionsChange:l}){return e.createElement(rt,{multiple:!0,id:"match-by-attribute-dropdown",options:["create","read","update","delete"],getOptionLabel:a=>a,value:t!=null?t:[],onChange:(a,r)=>l==null?void 0:l(r),filterSelectedOptions:!0,renderInput:a=>e.createElement(Ee,{...a,variant:"outlined",label:ua,placeholder:"Choose attributes",margin:"normal"}),disabled:n})}const pa=N(t=>({descriptiveText:{fontWeight:500,marginBottom:t.spacing(1)}})),ze=({children:t})=>{const n=pa();return e.createElement(C,{variant:"body2",className:n.descriptiveText},t)},nn="#FF737F",fa="#E22134";function ln({condition:t}){return e.createElement(ze,null,e.createElement(f,{component:"span",color:nn},t.ruleName,"("),e.createElement(f,{component:"span",color:fa},JSON.stringify(t.parameters)),e.createElement(f,{component:"span",color:nn},")"))}const rn=({children:t})=>e.createElement(f,{pl:3},t);function an({level:t}){return e.createElement(e.Fragment,null,e.createElement(ze,null,Qt[t.levelType]),e.createElement(rn,null,t.children.map((n,l)=>xe(n)?e.createElement(an,{key:l,level:n}):e.createElement(ln,{key:l,condition:n}))))}const Ea="#4CAF50";function ya({permissionCriteria:t}){return e.createElement("div",null,e.createElement(ze,null,"If the below conditions are met"),e.createElement(rn,null,Et(t)&&e.createElement(ln,{condition:t}),xe(t)&&e.createElement(an,{level:t})),e.createElement(ze,null,"Then the action is"," ",e.createElement(f,{component:"span",color:Ea},"allowed")))}const ga=N(()=>({addButton:{paddingLeft:40,paddingRight:40}}));function on({onSelect:t}){const n=ga(),l=ne(null),[a,r]=k(!1),o=()=>{r(i=>!i)};return e.createElement("div",null,e.createElement(w,{className:n.addButton,variant:"outlined",color:"primary",onClick:o,ref:l},"Add"),e.createElement(Dt,{anchorEl:l.current,open:a,onClose:o,BackdropProps:{}},Qr.map(i=>e.createElement(U,{key:i,onClick:()=>{t==null||t(i),r(!1)}},Qt[i]))))}const ha=N(t=>({editor:{"--jse-main-border":`1px solid ${t.palette.divider}`,"--jse-panel-border":`1px solid ${t.palette.divider}`,"--jse-message-error-background":t.palette.error.main,"--jse-message-warning-background":t.palette.warning.main,"--jse-background-color":t.palette.background.default,"--jse-panel-background":t.palette.background.default,"--jse-delimiter-color":t.palette.type==="light"?"rgba(0, 0, 0, 0.38)":"rgba(255, 255, 255, 0.38)","--jse-error-color":t.palette.text.primary,"--jse-key-color":t.palette.text.primary,"--jse-value-color":t.palette.text.primary,"--jse-text-color":t.palette.text.primary,"--jse-panel-color-readonly":t.palette.text.hint,"--jse-value-color-string":t.palette.status.ok,"--jse-value-color-null":t.palette.status.warning,"--jse-value-color-number":t.palette.status.error,"--jse-value-color-boolean":t.palette.status.running,"--jse-font-family":"inherit"}})),va=t=>"parseError"in t,ba=t=>{var n;return t?va(t)?!!t.parseError:((n=t==null?void 0:t.validationErrors)==null?void 0:n.length)>0:!1};function Ca({onChange:t,schema:n,value:l}){const a=ne(null),r=ne(),o=ha();return _(()=>(a.current&&!r.current&&(r.current=new Il({target:a.current,props:{onChange:(i,s,{contentErrors:m})=>{!ba(m)&&Ol(i)&&t(JSON.parse(i.text))},validator:Bl({schema:n}),content:{json:{}},mainMenuBar:!1,mode:Ml.text}})),()=>{var i;(i=r.current)==null||i.destroy(),r.current=void 0}),[t,n]),Ct(()=>{var i;(i=r.current)==null||i.updateProps({content:{json:l}})}),e.createElement("div",{ref:a,className:o.editor,style:{height:300}})}const xa=[];function Pa(t){const{onChange:n,schema:l,name:a}=t,{description:r,items:o}=l,[i,s]=e.useState(!1),m=Array.isArray(t.value)?t.value:xa,c=m.includes(ye),p=(y,P)=>{if(!Array.isArray(P)){const T=[...m];T[y]=P||"",n(T)}},d=R(()=>{n([...m,""])},[n,m]),u=y=>{n(m.filter((P,T)=>T!==y))},b=()=>{n(c?[]:[ye])},g=()=>{c&&s(!0)},E=()=>{s(!1)};return _(()=>{m.length?c&&m.length>1&&n([ye]):d()},[d,n,m,c]),!o||!("type"in o)?null:e.createElement(e.Fragment,null,(m!=null?m:[]).map((y,P,{length:T})=>e.createElement(sn,{allowEmptyStrings:!0,key:P,onChange:$=>p(P,$),name:P===0?a:"",schema:{description:P===T-1?r:"",type:o.type},value:y,controls:e.createElement(z,{size:"small",onClick:()=>u(P)},e.createElement(Ll,null))})),!!(m!=null&&m.length)&&e.createElement(f,{alignItems:"center",display:"flex",flexDirection:"row",justifyContent:"space-between"},e.createElement(f,null,e.createElement(Nt,{control:e.createElement(Je,{checked:c,onChange:b,name:"checkedB",color:"primary"}),label:"Use the claims from the logged in users token"})),e.createElement(f,null,e.createElement(fe,{onClose:E,onOpen:g,open:i,title:"To add additional entries you must uncheck using the claims from the logged in user."},e.createElement("span",null,e.createElement(z,{disabled:c,size:"small",onClick:d},e.createElement(at,null)))))))}function Da(t){const{onChange:n,schema:l,name:a,value:r}=t,{description:o}=l;return e.createElement(f,{mb:1},e.createElement(Nt,{control:e.createElement(Je,{checked:r===!0,onChange:i=>{n(i.target.checked)},name:a,color:"primary"}),label:a}),o&&e.createElement(C,{display:"block",variant:"caption",color:"textSecondary"},o))}function Na({allowEmptyStrings:t,controls:n,name:l,onChange:a,schema:r,value:o}){const i=s=>{a(Aa({value:s.currentTarget.value,type:r.type}))};return e.createElement(f,{mb:1},e.createElement(f,{display:"flex",gridGap:6},e.createElement(Ee,{fullWidth:!0,id:l,label:l,placeholder:"Enter",variant:"outlined",size:"small",value:wa(o,t),onChange:ht(o,t)?void 0:i,disabled:ht(o,t)}),n&&e.createElement(f,{alignSelf:"center"},n)),r.description&&e.createElement(C,{variant:"caption",color:"textSecondary"},r.description,ht(o)&&!t&&e.createElement(e.Fragment,null," (switch to JSON editor to edit)")))}function ht(t,n=!1){return!n&&t===""||t===null||t===ye}function wa(t,n=!1){return!n&&t===""?"[empty string]":t===null?"[null]":t===ye?"[BackstageUserClaims]":t||""}function Aa({value:t,type:n}){switch(n){case"string":return t===""?void 0:t;case"number":case"integer":return Number.isNaN(Number(t))?void 0:Number(t);case"null":return t==="null"?null:void 0;default:return}}function cn(t){return!!t&&"type"in t&&(t.type==="array"||t.type==="boolean"||t.type==="null"||t.type==="number"||t.type==="integer"||t.type==="string")}function Ta(t){return"type"in t&&t.type==="array"}function Sa(t){return"type"in t&&t.type==="boolean"}function sn({schema:t,...n}){return cn(t)?Ta(t)?e.createElement(Pa,{...n,schema:t}):Sa(t)?e.createElement(Da,{...n,schema:t}):e.createElement(Na,{...n,schema:t}):null}const ka=new It({allErrors:!0});function Ra({onChange:t,schema:n,value:l}){var a;const r=L(()=>ka.compile(n),[n]),o=L(()=>r(l),[r,l]),i=Object.entries(n.properties),s=m=>c=>{t({...l,[m]:c})};return e.createElement(e.Fragment,null,i.map(([m,c])=>{var p;return e.createElement(sn,{isRequired:((p=n.required)==null?void 0:p.includes(m))||!1,key:m,name:m,onChange:s(m),schema:c,value:l==null?void 0:l[m]})}),e.createElement(wt,{error:!o},(a=r.errors)==null?void 0:a[0].message))}const $a=t=>!!t&&"properties"in t;function Ia({onChange:t,rule:n,value:l}){const[a,r]=k(!1),{paramsSchema:o}=n!=null?n:{},i=()=>r(p=>!p);if(!$a(o))return null;const s=!Oa(o),m=s||a,c=e.createElement(w,{size:"small",onClick:i,disabled:s},m?"Close editor":"Edit as JSON");return e.createElement(f,{marginTop:2},e.createElement("form",null,m?e.createElement(Ca,{onChange:t,schema:o,value:l}):e.createElement(e.Fragment,null,e.createElement(f,{marginBottom:2},e.createElement(Ie,null,"Parameters")),e.createElement(Ra,{onChange:t,schema:o,value:l}))),e.createElement(f,{display:"flex",flexDirection:"column",alignItems:"flex-end",marginTop:1},s?e.createElement(fe,{title:"Only JSON editing is supported for this parameter",arrow:!0},e.createElement("span",null,c)):c))}function Oa(t){return Object.values(t.properties).every(cn)}const Ba=N(t=>({conditionCard:{minWidth:t.spacing(63)},conditionCardBar:{height:t.spacing(1),backgroundImage:"linear-gradient(90deg, #007DFF 0%, #0057B2 100%)"},autocomplete:{flex:1}}));function mn({ruleName:t,parameters:n,resourceType:l,onChange:a,onDelete:r}){var o;const i=Ba(),s=Bt(),m=(o=s==null?void 0:s.filter(u=>u.resourceType===l))!=null?o:[],c=m.find(u=>u.name===t),p=u=>{a(u,{})},d=R(u=>{a(t,u)},[a,t]);return e.createElement(f,{display:"flex",alignItems:"center"},e.createElement(Y,{className:i.conditionCard},e.createElement("div",{className:i.conditionCardBar}),e.createElement(pe,null,e.createElement(f,null,e.createElement(f,null,e.createElement(rt,{className:i.autocomplete,"data-testid":"rule-select",getOptionLabel:u=>u.name,getOptionSelected:(u,b)=>u.name===b.name,options:m,onChange:(u,b)=>p(b?b.name:null),renderInput:u=>e.createElement(e.Fragment,null,e.createElement(f,{marginBottom:2},e.createElement(Ie,null,"Rule")),e.createElement(Ee,{...u,placeholder:"Select",variant:"outlined",size:"small",name:"rule"})),renderOption:u=>e.createElement(f,null,e.createElement(C,{variant:"body2"},u.name),e.createElement(C,{noWrap:!0,variant:"caption"},u.description)),value:c||null,PopperComponent:u=>e.createElement(Zn,{...u,style:{width:"auto"},placement:"bottom-start"})})),e.createElement(f,{flex:"1"},e.createElement(f,{display:"flex",flexDirection:"column"},e.createElement(Ia,{rule:c,onChange:d,value:n})))))),e.createElement(f,{ml:1},e.createElement(z,{"aria-label":"delete",onClick:r,size:"small"},e.createElement(ge,null))))}function Ge(){return{id:ce(),ruleName:null,parameters:{}}}const Ma=N(t=>({conditionTypeFormControl:{minWidth:80,marginLeft:t.spacing(1)}}));function La({level:t,onSelect:n}){const l=Ma(),a=t.children.length>1;return e.createElement(f,{display:"flex",alignItems:"center"},e.createElement(Xe,{className:l.conditionTypeFormControl},e.createElement(Ze,{value:t.levelType,onChange:r=>n==null?void 0:n(r.target.value)},e.createElement(U,{key:"anyOf",value:"anyOf"},"Any of"),e.createElement(U,{key:"allOf",value:"allOf"},"All of"),e.createElement(U,{key:"not",value:"not",disabled:a},"Not"))),e.createElement(f,{ml:1},e.createElement(z,{"aria-label":"delete",onClick:()=>n==null?void 0:n(null),size:"small"},e.createElement(ge,null))))}const Fa=N(t=>({treeVerticalSpacer:{width:t.spacing(2),borderLeft:`1px solid ${t.palette.status.aborted}`},treeHorizontalSpacer:{height:t.spacing(3),borderLeft:`1px solid ${t.palette.status.aborted}`},treeVerticalBranchHalf:{position:"absolute",height:"50%",borderLeft:`1px solid ${t.palette.status.aborted}`,alignSelf:"flex-start"},treeVerticalBranchFull:{borderLeft:`1px solid ${t.palette.status.aborted}`,alignSelf:"stretch"},treeHorizontalBranch:{width:t.spacing(2),borderTop:`1px solid ${t.palette.status.aborted}`}}));function un({level:t,resourceType:n,onChange:l,parentConditionType:a,isRoot:r=!1}){const o=Fa(),i=R((g,E)=>{const y=[...t.children];return y.splice(g,1,E),y},[t]),s=R(g=>{l({...t,children:g})},[l,t]),m=R(g=>{g===null?l(null):g==="not"&&t.children.length>1?l({...t,levelType:g,children:t.children.slice(0,1)}):l({...t,levelType:g})},[l,t]),c=R((g,E)=>{s(g===null?dn(t.children,E):i(E,g))},[t,s,i]),p=g=>{const E=ce();g==="condition"?s([...t.children,Ge()]):g==="not"?s([...t.children,{id:E,levelType:g,children:[]}]):Xr(g)&&s([...t.children,{id:E,levelType:g,children:[Ge()]}])},d=g=>{s(dn(t.children,g))},u=L(()=>t.children.map((g,E)=>(y,P)=>{s(i(E,{...g,ruleName:y,parameters:P}))}),[t.children,s,i]),b=L(()=>t.children.map((g,E)=>y=>c(y,E)),[t.children,c]);return e.createElement("div",null,!r&&e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(f,{display:"flex",alignItems:"center",position:"relative"},!r&&e.createElement(e.Fragment,null,e.createElement("div",{className:a==="not"?o.treeVerticalBranchHalf:o.treeVerticalBranchFull}),e.createElement("div",{className:o.treeHorizontalBranch})),e.createElement(La,{level:t,onSelect:m})),e.createElement(f,{display:"flex"},r||a==="not"?e.createElement(f,{pl:2}):e.createElement("div",{className:o.treeVerticalSpacer}),!r&&e.createElement(f,{pl:2}),e.createElement("div",null,t.children.map((g,E)=>xe(g)?e.createElement(f,{key:g.id},e.createElement(un,{level:g,resourceType:n,parentConditionType:t.levelType,onChange:b[E]})):e.createElement(Ne,{key:g.id},e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(f,{display:"flex",alignItems:"center",position:"relative"},e.createElement("div",{className:t.levelType==="not"?o.treeVerticalBranchHalf:o.treeVerticalBranchFull}),e.createElement("div",{className:o.treeHorizontalBranch}),e.createElement(mn,{ruleName:g.ruleName,parameters:g.parameters,resourceType:n,onChange:u[E],onDelete:()=>d(E)})))),!(t.levelType==="not"&&t.children.length>=1)&&e.createElement(e.Fragment,null,e.createElement("div",{className:o.treeHorizontalSpacer}),e.createElement(f,{display:"flex",alignItems:"center",position:"relative"},e.createElement("div",{className:o.treeVerticalBranchHalf}),e.createElement("div",{className:o.treeHorizontalBranch}),e.createElement(on,{onSelect:p}))))))}function dn(t,n){const l=[...t];return l.splice(n,1),l}const ja=N(t=>({paper:{backgroundColor:t.palette.background.default,padding:t.spacing(3),marginBottom:t.spacing(3),minHeight:t.spacing(48)}}));function Ha({permissionCriteria:t,resourceType:n,onUpdate:l,readonly:a=!1}){const r=ja(),o=R(p=>{l(d=>({...d,...p}))},[l]),i=R(p=>{const d=ce();o(p==="condition"?Ge():p==="not"?{id:d,levelType:p,children:[]}:{id:d,levelType:p,children:[Ge()]})},[o]),s=R((p,d)=>{l(u=>({...u,ruleName:p,parameters:d}))},[l]),m=R(()=>{l(null)},[l]);let c;return a?c=e.createElement(ya,{permissionCriteria:t}):t===null?c=e.createElement(on,{onSelect:i}):Et(t)?c=e.createElement(mn,{ruleName:t.ruleName,parameters:t.parameters,resourceType:n,onChange:s,onDelete:m}):xe(t)&&(c=e.createElement(un,{level:t,resourceType:n,onChange:l,isRoot:!0})),e.createElement(el,{variant:"outlined",className:r.paper},c)}const Wa=N(t=>({dialogTitle:{display:"flex",alignItems:"center",justifyContent:"space-between"},fullWidth:{width:"100%","& > *":{flexGrow:1}},infoIcon:{position:"absolute",right:t.spacing(3)},content:{padding:t.spacing(7)},saveButton:{paddingLeft:t.spacing(5),paddingRight:t.spacing(5)},contentContainerConditional:{display:"flex",gap:t.spacing(5),maxWidth:1480}})),za={specificPermission:"Choose a specific permission",filter:"Filter by permission properties",all:"Match all permissions"},pn="Choose the name of a resource permission or filter by resource type to set a conditional decision.";function Ga({rolePermission:t,readonly:n=!1,onClose:l,onSave:a}){const r=Wa(),o=Mt(),i=Bt(),s=Ql(),m=Zr(t),[c,p]=k(m.match),[d,u]=k(m.decisionType),[b,g]=k(m.criteria),E=L(()=>oa(o,c),[o,c]),y=d==="conditional",P=y?"xl":"sm";_(()=>{y&&o&&!E.commonResourceType&&u("allow")},[y,o,E.commonResourceType,u]);const T=A=>{A!==null&&u(A)},$=L(()=>c.method==="specificPermission"&&!c.name||c.method==="filter"&&!c.resourceType&&!c.actions,[c]),j=L(()=>E.permissions.length===0?!1:!$,[E,$]),B=L(()=>d!=="conditional"?!0:!(!E.commonResourceType||!(s!=null&&s[E.commonResourceType].pluginId)||!Xt(b,i)),[d,E,s,b,i]),v=()=>{a==null||a(na(m.id,c,d==="conditional"?{resourceType:E.commonResourceType,pluginId:s[E.commonResourceType].pluginId,conditions:yt(b)}:d))};return e.createElement(oe,{open:!0,maxWidth:P,onClose:l,fullWidth:!0},e.createElement($e,{disableTypography:!0,className:r.dialogTitle},e.createElement(C,{variant:"h4",component:"h2"},"New Permission Decision"),e.createElement(w,{startIcon:e.createElement(lt,null),onClick:l},"Close")),e.createElement(K,{dividers:!0,className:r.content},e.createElement(f,{className:y?r.contentContainerConditional:void 0},e.createElement(f,{mb:5,flex:1},e.createElement(Kr,{options:Object.entries(za).map(([A,h])=>({id:A,displayText:h})),selected:c.method,onChange:A=>p({method:A}),readonly:n})),e.createElement(f,{mb:5,height:189,flex:1},c.method==="specificPermission"&&e.createElement(ca,{name:c.name,readonly:n,onNameChange:A=>p({...c,name:A})}),c.method==="filter"&&e.createElement(e.Fragment,null,e.createElement(ma,{resourceType:c.resourceType,readonly:n,onResourceTypeChange:A=>p({...c,resourceType:A})}),e.createElement(da,{actions:c.actions,readonly:n,onActionsChange:A=>p({...c,actions:A.length?A:void 0})}),$?null:e.createElement(e.Fragment,null,e.createElement(f,{marginY:2},e.createElement(et,{variant:"middle"})),e.createElement(wt,null,`Matched ${E.permissions.length} ${E.permissions.length===1?"permission":"permissions"}`)))),e.createElement(f,{mb:5,flex:1},e.createElement(f,{display:"flex",alignItems:"center"},e.createElement(aa,{value:d,exclusive:!0,fullWidth:!0,"aria-label":"Decision result",onChange:(A,h)=>T(h)},e.createElement(gt,{value:"allow","aria-label":"Decision allowed",disabled:n},"Allow"),e.createElement(gt,{value:"deny","aria-label":"Decision denied",disabled:n},"Deny"),e.createElement(gt,{value:"conditional","aria-label":"Decision conditionally allowed",disabled:!E.commonResourceType||n},"Conditional")),!y&&!n&&e.createElement(fe,{title:pn},e.createElement($t,{className:r.infoIcon,color:"primary","aria-label":pn}))))),d==="conditional"&&!!E.commonResourceType&&e.createElement(Ha,{permissionCriteria:b,resourceType:E.commonResourceType,onUpdate:g,readonly:n}),!n&&e.createElement(f,{display:"flex",justifyContent:"flex-end"},e.createElement(w,{variant:"contained",color:"primary",className:r.saveButton,onClick:v,disabled:!j||!B},"Save"))))}const Va=N(t=>({container:{display:"flex",position:"relative",alignItems:"center",gap:t.spacing(1),flexShrink:1,maxWidth:"100%",minWidth:0},input:({invalid:n})=>({boxSizing:"content-box",display:"block",maxWidth:"100%",padding:0,borderWidth:2,borderStyle:"solid",borderColor:n?t.palette.error.main:"transparent",borderRadius:t.shape.borderRadius,backgroundColor:"transparent",color:t.palette.textContrast,fontFamily:"inherit",fontSize:"inherit",lineHeight:"inherit",fontWeight:"inherit",textOverflow:"ellipsis"}),hiddenSpan:{position:"absolute",top:0,left:0,borderWidth:1,whiteSpace:"pre",opacity:0,pointerEvents:"none"}}));function fn({invalid:t,name:n,value:l,onTextChange:a}){const r=Va({invalid:t}),[o,i]=k(!1),[s,m]=k(null),c=ne(null),[p,d]=k(l);_(()=>{d(l)},[l]),$n(()=>{c.current&&s&&c.current.style.setProperty("width",`max(${s.getBoundingClientRect().width}px, 3ch)`)},[s,p]);const u=()=>{i(!1),d(l)},b=()=>{i(!1),a==null||a(p)},g=()=>{var y;o?b():(i(!0),(y=c.current)==null||y.focus())},E=y=>{var P;y.key==="Enter"&&((P=c.current)==null||P.blur()),y.key==="Escape"&&u()};return e.createElement(e.Fragment,null,e.createElement("div",{className:r.container},e.createElement("input",{"aria-label":n,className:r.input,name:n,ref:c,onChange:y=>d(y.target.value),onFocus:g,onBlur:b,onKeyDown:E,value:p}),e.createElement("span",{"aria-hidden":"true",className:r.hiddenSpan,ref:m},p),e.createElement(z,{onClick:g,size:"small"},o?e.createElement(jl,{"aria-label":"Save title"}):e.createElement(Fl,{"aria-label":"Edit title"}))))}const En=t=>{if(t.success)return{};const n={};for(const l of t.error.issues)n[l.path.join(".")]=!0;return n},yn=({children:t,onConfirm:n,message:l,title:a})=>{const[r,o]=k(!1),i=()=>o(!1),s=()=>o(!0),m=()=>{n(),i()};return e.createElement(e.Fragment,null,t({onClick:s}),e.createElement(oe,{open:r,onClose:i},e.createElement($e,null,e.createElement(f,{display:"flex",justifyContent:"space-between",alignItems:"center"},a)),e.createElement(K,null,e.createElement(tl,null,l)),e.createElement(Ye,null,e.createElement(w,{"aria-label":"Cancel action",color:"primary",onClick:i},"Cancel"),e.createElement(w,{"aria-label":"Confirm action",color:"secondary",onClick:m,variant:"contained"},"Confirm"))))},gn=({helpText:t})=>e.createElement(f,{display:"flex",alignItems:"center"},e.createElement(f,{component:"span",mr:1},e.createElement(C,{variant:"body2",noWrap:!0},"Reorder")),e.createElement(fe,{title:t},e.createElement($t,{color:"primary","aria-label":t}))),hn=(t,n,l)=>{const a=n+l;if(a<0||a>=t.length)return t;const r=[...t];return[r[a],r[n]]=[r[n],r[a]],r},vn=({array:t,index:n,onReorder:l})=>{const a=n===0,r=n===t.length-1;return e.createElement(f,{display:"flex"},e.createElement(z,{disabled:a,onClick:()=>l(hn(t,n,-1)),"aria-label":"Move up",size:"small"},e.createElement(Wl,null)),e.createElement(z,{disabled:r,onClick:()=>l(hn(t,n,1)),"aria-label":"Move down",size:"small"},e.createElement(Hl,null)))},Ua=N(()=>({emptyStateImage:{width:"95%",zIndex:2,position:"relative",left:"50%",top:"50%",transform:"translate(-50%, 15%)"}}));function bn({src:t,alt:n}){const l=Ua();return e.createElement("img",{src:t,className:`${l.emptyStateImage} `,alt:n})}const _a="Use the arrows to change the order in which permission decisions are evaluated.";function Ya({diff:t,permissions:n,onReorderPermissions:l,onNewPermissionClick:a,onOpenPermission:r,onRemovePermissionClick:o,anyAllow:i,readonly:s=!1}){return e.createElement(e.Fragment,null,e.createElement(f,{display:"flex",justifyContent:"space-between",padding:2},e.createElement(C,{variant:"h5"},"Permission Decisions"),!s&&n.length!==0&&e.createElement(w,{color:"primary",variant:"outlined",startIcon:e.createElement(at,null),onClick:a},"New")),e.createElement(qe,null,e.createElement(Ke,null,e.createElement(V,null,!s&&!i&&e.createElement(D,{style:{width:0}},e.createElement(gn,{helpText:_a})),e.createElement(D,null,"Match by"),e.createElement(D,null,"Decision"),e.createElement(D,null),!s&&e.createElement(D,null))),e.createElement(Qe,null,n.length===0&&e.createElement(V,null,e.createElement(D,{colSpan:5},e.createElement(Te,{title:"No permission decisions set",description:"Click the button below to create your first permission.",missing:{customImage:e.createElement(bn,{src:zl,alt:"No permission placeholder"})},action:e.createElement(w,{variant:"contained",color:"primary",onClick:a},"New permission decision")}))),n.map((m,c)=>e.createElement(V,{key:c},!s&&!i&&e.createElement(D,null,e.createElement(vn,{array:n,index:c,onReorder:l})),e.createElement(D,null,e.createElement(nl,{onClick:()=>r(c)},e.createElement(C,{variant:"body2",color:"primary"},mt(m)))),e.createElement(D,null,dr(m)),e.createElement(D,null,e.createElement(Ce,{operation:t==null?void 0:t.permissions[m.id].operation})),!s&&e.createElement(D,{align:"right"},e.createElement(yn,{message:"Are you sure you want to remove this permission decision?",onConfirm:()=>o(c),title:"Remove?"},p=>e.createElement(z,{...p,"aria-label":"Remove permission decision",size:"small"},e.createElement(ge,null)))))))))}function Ja(){const{roleId:t,versionId:n}=Ve();return Oe(t),Oe(n),e.createElement(He,{policyId:n},e.createElement(qa,{roleId:t}))}function qa({roleId:t}){const{diff:n,updateLocalDraft:l,policy:a}=X(),r=a.roles.find(h=>h.id===t),o=n==null?void 0:n.roles[t],[i,s]=k(null),[m,c]=k(!1),p=Ue(),{NotFoundErrorPage:d}=p.getComponents(),u=G(),b=N(h=>({cardContainer:{margin:h.spacing(0)}}))();if(!r)return e.createElement(d,null);const g=r.name,E=h=>{const S=a.roles.findIndex(Z=>Z.id===h.id),O=[...a.roles];O.splice(S,1,h),l({...a,roles:O})},y=h=>{E({...r,name:h})},P=h=>{if(i===null)E({...r,permissions:[h,...r.permissions]});else{const S=[...r.permissions];S.splice(i,1,h),E({...r,permissions:S})}c(!1)},T=h=>{if(h==="*")E({...r,members:r.members==="*"?[]:"*"});else if(r.members==="*")E({...r,members:[h]});else{const S=r.members.includes(h)?r.members.filter(O=>O!==h):[...r.members,h];E({...r,members:S.length===0?"*":S})}},$=h=>{E({...r,permissions:r.permissions.filter((S,O)=>h!==O)})},j=h=>{E({...r,permissions:h})},B=En(fl.safeParse(r)).name,v=a.status!=="draft",A=a.options.resolutionStrategy==="any-allow";return e.createElement(e.Fragment,null,e.createElement(Fe,{pages:[{title:a.name,path:`../../../${a.id}`},{title:g}],header:e.createElement(ke,{titleComponent:e.createElement(Yt,null,a.name," \xA0\u01C0",v?e.createElement(e.Fragment,null,"\xA0",g):e.createElement(fn,{invalid:B,value:g,onTextChange:y}),e.createElement(Ce,{operation:o==null?void 0:o.role.operation,size:"large"})),description:a.description},e.createElement(w,{variant:"outlined",color:"primary",onClick:()=>u("../..",{relative:"path"})},"Back to policy"))},e.createElement(F,{container:!0,className:b.cardContainer,spacing:4,direction:"row"},e.createElement(F,{item:!0,xs:6},e.createElement(Y,null,e.createElement(Yr,{diff:o||null,role:r,policyId:a.id,onToggleMember:T,readonly:v}))),e.createElement(F,{item:!0,xs:6},e.createElement(Y,null,e.createElement(Ya,{diff:o||null,permissions:r.permissions,onNewPermissionClick:()=>{s(null),c(!0)},onOpenPermission:h=>{s(h),c(!0)},onReorderPermissions:j,onRemovePermissionClick:$,anyAllow:A,readonly:v}))))),m&&e.createElement(Ga,{rolePermission:i!==null?r.permissions[i]:void 0,onClose:()=>c(!1),onSave:P,readonly:v}))}const Ka="Use the arrows to change the order in which roles are evaluated.";function Qa({}){const{diff:t,policy:n,createNewRole:l,updateLocalDraft:a}=X(),r=G(),o=Xa(n),i=n.status!=="draft",s=n.options.resolutionStrategy==="any-allow",m=d=>{a({...n,roles:d})},c=d=>{a({...n,roles:n.roles.filter(({id:u})=>u!==d)})},p=()=>{r(`./roles/${l()}`)};return e.createElement(Y,null,e.createElement(f,{display:"flex",justifyContent:"space-between",padding:2},e.createElement(C,{variant:"h3"},"Roles"),!i&&e.createElement(w,{color:"primary",variant:"outlined",startIcon:e.createElement(at,null),onClick:()=>p()},"New role")),e.createElement(qe,null,e.createElement(Ke,null,e.createElement(V,null,!i&&!s&&e.createElement(D,{style:{width:0}},e.createElement(gn,{helpText:Ka})),e.createElement(D,null,"Name"),e.createElement(D,null,"Users"),e.createElement(D,null,"Groups"),!i&&e.createElement(D,{style:{width:0}}))),e.createElement(Qe,null,o.map((d,u)=>e.createElement(V,{key:u},!i&&!s&&e.createElement(D,null,e.createElement(vn,{array:n.roles,index:u,onReorder:m})),e.createElement(D,null,e.createElement(f,{alignItems:"center",display:"flex",gridGap:8},e.createElement(de,{to:`roles/${d.id}`},d.name),e.createElement(Ce,{operation:t==null?void 0:t.roles[d.id].role.operation}))),e.createElement(D,null,d.userCount),e.createElement(D,null,d.groupCount),!i&&e.createElement(D,{align:"right"},e.createElement(yn,{message:"Are you sure you want to remove this role?",title:"Remove role?",onConfirm:()=>c(d.id)},b=>e.createElement(z,{...b,"aria-label":"Remove role",size:"small"},e.createElement(ge,null)))))))))}function Xa(t){return t.roles.map(n=>({id:n.id,name:n.name,userCount:Array.isArray(n.members)?n.members.filter(l=>l.startsWith("user:")).length:n.members,groupCount:Array.isArray(n.members)?n.members.filter(l=>l.startsWith("group:")).length:n.members}))}const Za=N(t=>({cardHeader:{padding:t.spacing(3,3),borderBottom:`1px solid ${t.palette.border}`},cardContent:{padding:t.spacing(6,3),"& > *":{background:"transparent"}},emptyStateImage:{width:"95%",zIndex:2,position:"relative",left:"50%",top:"50%",transform:"translate(-50%, 15%)"}}));function eo({readonly:t}){const n=Za(),l=G(),{createNewRole:a}=X(),r=()=>{const o=a();l(`./roles/${o}`)};return e.createElement(Y,null,e.createElement(At,{title:"Roles",className:n.cardHeader}),e.createElement(pe,{className:n.cardContent},t?e.createElement(Te,{title:"No roles configured",missing:"content"}):e.createElement(Te,{title:"No roles yet",description:"Click the button below to create your first role.",missing:{customImage:e.createElement(bn,{src:Gl,alt:"No roles placeholder"})},action:e.createElement(w,{variant:"contained",color:"primary",onClick:()=>r()},"New role")})))}function to(){const[t,n]=k(null),{hasDraftPolicy:l}=je(),{isValid:a,discardLocalDraft:r,exportPolicy:o,hasChanges:i,policy:s,saveLocalDraftToServer:m,saveAndPublish:c,publish:p}=X(),d=G(),[u,b]=ft(),g=y=>{n(y.currentTarget)},E=()=>{n(null)};return e.createElement(e.Fragment,null,e.createElement(ll,{variant:"contained",color:"primary"},s.status==="draft"&&e.createElement(w,{disabled:!a,onClick:()=>m()},"Save"),s.status==="inactive"&&e.createElement(w,{onClick:()=>p()},"Republish"),s.status==="active"&&e.createElement(w,{disabled:l||u.loading,onClick:()=>b(s)},"Duplicate"),e.createElement(w,{color:"primary",title:"options",size:"small",onClick:g},e.createElement(Vl,null))),e.createElement(Dt,{getContentAnchorEl:null,anchorEl:t,anchorOrigin:{vertical:"bottom",horizontal:"right"},open:!!t,onClose:E,PaperProps:{style:{width:240}}},s.status==="draft"&&e.createElement(tt,null,e.createElement(U,{disabled:!a,onClick:()=>c()},e.createElement(re,null,e.createElement(_l,{fontSize:"small"})),e.createElement(ae,null,"Save & Publish")),e.createElement(U,{disabled:!i,onClick:()=>r()},e.createElement(re,null,e.createElement(Ul,{color:i?"secondary":"inherit",fontSize:"small"})),e.createElement(ae,null,e.createElement(C,{color:i?"secondary":"inherit"},"Discard changes"))),e.createElement(et,null)),e.createElement(tt,null,e.createElement(U,{onClick:()=>o()},e.createElement(re,null,e.createElement(Jl,{fontSize:"small"})),e.createElement(ae,null,"Export"))),e.createElement(et,null),e.createElement(tt,null,e.createElement(U,{disabled:!a,onClick:()=>d("./options")},e.createElement(re,null,e.createElement(Yl,{fontSize:"small"})),e.createElement(ae,null,"Options")))))}function no(){const{versionId:t}=Ve();return Oe(t),e.createElement(He,{policyId:t},e.createElement(lo,null))}function lo(){const{policy:t,updateLocalDraft:n}=X(),l=o=>{n({...t,name:o})},a=En(El.safeParse(t)).name,r=t.status!=="draft";return e.createElement(Fe,{pages:[{title:t.name}],header:e.createElement(ke,{title:t.name,titleComponent:e.createElement(e.Fragment,null,e.createElement(Yt,null,r?t.name:e.createElement(fn,{invalid:a,name:"Policy name",value:t.name,onTextChange:l}),e.createElement(Wt,{status:t.status})),ro(t))},e.createElement(to,null))},e.createElement(F,{item:!0,xs:12},t.roles.length>0?e.createElement(Qa,null):e.createElement(eo,{readonly:r})))}function ro(t){const n={created:"Created by ",published:"Last published by ",updated:"Last updated by "},{activityDateText:l,activityUser:a,timestamp:r}=Vt(t,n);return e.createElement(C,{variant:"body2"},e.createElement(C,{component:"span",display:"inline",variant:"body2"},`${l} ${a} `),e.createElement(Gt,{timestamp:r}))}const ao=N(t=>({card:n=>({marginTop:t.spacing(3),height:"100%","&:hover":n.readonly?{pointerEvents:"none"}:{}}),cardHeader:{paddingBottom:t.spacing(2),alignItems:"flex-start"},defaultChip:{marginLeft:t.spacing(1),marginBottom:0},title:{display:"flex",alignItems:"center",paddingTop:t.spacing(.5),paddingBottom:t.spacing(1)}}));function Cn(t){const n=ao(t),{title:l,description:a,active:r,changeResolutionStrategy:o,defaultOption:i,readonly:s}=t,m=()=>{s||o()};return e.createElement(Y,{className:`${n.card}`,onClick:m},e.createElement(rl,{disabled:s},e.createElement(pe,null,e.createElement(At,{className:n.cardHeader,avatar:e.createElement(al,{checked:r,color:"primary",disabled:s}),title:e.createElement("div",{className:n.title},e.createElement(C,{variant:"h6",component:"h2"},l),i?e.createElement(Re,{label:"Default",size:"small",className:n.defaultChip}):null),subheader:a}))))}const oo=N(t=>({title:{display:"flex",alignItems:"center",paddingBottom:t.spacing(2)},maxWidthWrapper:{maxWidth:"800px"},readOnlyChip:{marginLeft:t.spacing(1)},paragraph:{paddingBottom:t.spacing(1)}}));function io(){const{versionId:t}=Ve();return Oe(t),e.createElement(He,{policyId:t},e.createElement(co,null))}function co(){const t=oo(),{policy:n,updateLocalDraft:l}=X(),a=G(),r=n.status!=="draft",o=i=>{l({...n,options:{...n.options,resolutionStrategy:i}})};return e.createElement(Fe,{pages:[{title:n.name,path:".."},{title:"Options"}],header:e.createElement(ke,{title:"Options"},e.createElement(w,{variant:"outlined",color:"primary",onClick:()=>a("..",{relative:"path"})},"Back to policy"))},e.createElement(F,{item:!0,xs:12,className:t.maxWidthWrapper},e.createElement("div",null,e.createElement("div",{className:t.title},e.createElement(C,{variant:"h5",component:"h1"},"Decision resolution strategy"),r?e.createElement(Re,{label:"Read only",className:t.readOnlyChip}):null),e.createElement(C,{variant:"body2",component:"p",className:t.paragraph},"Multiple decisions from multiple roles could be applicable to a single user when authorizing a permission request. Please select the decision resolution strategy that makes sense for your policy."),e.createElement(C,{variant:"body2",component:"p",className:t.paragraph},"Please note this strategy will be applied to the whole policy and greatly affects the outcome of permission decisions."),e.createElement(Cn,{title:"Any-allow",changeResolutionStrategy:()=>o("any-allow"),readonly:r,defaultOption:!0,description:e.createElement(e.Fragment,null,e.createElement(C,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"The first allow decision from all of the roles and decisions is the final result. A single explicit allow or an allow as a result of a conditional decision would result in a final allow decision, otherwise the decision is deny."),e.createElement(C,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"With this option, the order of roles and decisions does not matter.")),active:n.options.resolutionStrategy==="any-allow"}),e.createElement(Cn,{title:"First match",changeResolutionStrategy:()=>o("first-match"),readonly:r,description:e.createElement(e.Fragment,null,e.createElement(C,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"The first matching decision from the first matching role that is applicable to the user is the final result, regardless if that decision is an allow, deny or conditional."),e.createElement(C,{variant:"body2",color:"textSecondary",component:"p",className:t.paragraph},"With this option, the order in which you define roles and decisions matters.")),active:n.options.resolutionStrategy==="first-match"}))))}function so(){const t=Ue(),{NotFoundErrorPage:n}=t.getComponents();return e.createElement(ql,{loading:e.createElement(Se,null),unauthorized:e.createElement(n,null)},e.createElement(nr,null,e.createElement(Kl,null,e.createElement(Vr,null,e.createElement(On,null,e.createElement(Ae,{element:e.createElement(Ir,null),path:"/"}),e.createElement(Ae,{element:e.createElement(no,null),path:"/versions/:versionId"}),e.createElement(Ae,{element:e.createElement(io,null),path:"/versions/:versionId/options"}),e.createElement(Ae,{element:e.createElement(Ja,null),path:"/versions/:versionId/roles/:roleId"}))))))}export{so as RBACRoot};
-//# sourceMappingURL=Root-ce389844.esm.js.map

package/dist/esm/index-72180512.esm.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import{createApiRef as w,createRouteRef as g,createPlugin as R,createApiFactory as B,fetchApiRef as C,discoveryApiRef as $,createRoutableExtension as P,createComponentExtension as U}from"@backstage/core-plugin-api";import{ResponseError as S}from"@backstage/errors";var T=Object.defineProperty,E=(i,t,e)=>t in i?T(i,t,{enumerable:!0,configurable:!0,writable:!0,value:e}):i[t]=e,f=(i,t,e)=>(E(i,typeof t!="symbol"?t+"":t,e),e),k=(i,t,e)=>{if(!t.has(i))throw TypeError("Cannot "+e)},y=(i,t,e)=>{if(t.has(i))throw TypeError("Cannot add the same private member more than once");t instanceof WeakSet?t.add(i):t.set(i,e)},r=(i,t,e)=>(k(i,t,"access private method"),e),h,d,a,o;const u=w({id:"plugin.rbac"});class j{constructor(t){y(this,h),y(this,a),f(this,"fetchApi"),f(this,"discoveryApi"),this.fetchApi=t.fetchApi,this.discoveryApi=t.discoveryApi}async getPolicies(){const{fetch:t}=this.fetchApi,e=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies`);return r(this,a,o).call(this,e)}async getPolicy(t){const{fetch:e}=this.fetchApi,s=await e(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${t}`);return r(this,a,o).call(this,s)}async getActivePolicy(){const{fetch:t}=this.fetchApi,e=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/active`);return r(this,a,o).call(this,e)}async searchMembers(t){const{fetch:e}=this.fetchApi,s=await e(`${await this.discoveryApi.getBaseUrl("rbac")}/members?query=${encodeURIComponent(t.query)}`);return r(this,a,o).call(this,s)}async authorize(){const{fetch:t}=this.fetchApi,e=await t(`${await this.discoveryApi.getBaseUrl("rbac")}/authorize`);return r(this,a,o).call(this,e)}async createDraft(t){const{fetch:e}=this.fetchApi,s=await e(`${await this.discoveryApi.getBaseUrl("rbac")}/policies`,{method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json"}});return r(this,a,o).call(this,s)}async updateDraft(t,e){const{fetch:s}=this.fetchApi,c=await s(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${t}`,{method:"PATCH",body:JSON.stringify(e),headers:{"Content-Type":"application/json"}});return r(this,a,o).call(this,c)}async deleteDraft(t){const{fetch:e}=this.fetchApi,s=await e(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${t}`,{method:"DELETE"});return r(this,a,o).call(this,s)}async publishPolicy(t,e){const{fetch:s}=this.fetchApi,c=await s(`${await this.discoveryApi.getBaseUrl("rbac")}/policies/${t}/publish`,{method:"PUT",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return r(this,a,o).call(this,c)}async fetchAllPermissionMetadata(t){const e=await Promise.all(t.map(s=>r(this,h,d).call(this,s)));return{permissions:e.flatMap(({permissions:s})=>s),rules:e.flatMap(({rules:s})=>s)}}}h=new WeakSet,d=async function(i){var t,e,s,c;const m=await this.discoveryApi.getBaseUrl(i);let n;try{n=await(await this.fetchApi.fetch(`${m}/.well-known/backstage/permissions/metadata`)).json()}catch{return{permissions:[],rules:[]}}const A=(e=(t=n.permissions)==null?void 0:t.filter(Boolean))!=null?e:[],b=(c=(s=n.rules)==null?void 0:s.filter(Boolean))!=null?c:[];return{permissions:A,rules:b.map(v=>({...v,pluginId:i}))}},a=new WeakSet,o=async function(i){var t,e;if(i.ok)return i.status===204?void 0:i.json();const s=await S.fromResponse(i);throw s.message=(e=(t=s.body.error.message)!=null?t:s.message)!=null?e:"Unknown error",s};const l=g({id:"rbac"}),p=R({id:"rbac",routes:{root:l},apis:[B({api:u,deps:{fetchApi:C,discoveryApi:$},factory(i){return new j(i)}})]}),I=p.provide(P({name:"RBACRoot",component:()=>import("./Root-ce389844.esm.js").then(i=>i.RBACRoot),mountPoint:l})),O=p.provide(U({name:"RBACSidebarItem",component:{lazy:()=>import("./RBACSidebarItem-1be44d99.esm.js").then(i=>i.RBACSidebarItem)}}));export{I as R,l as a,p as b,O as c,u as r};
2	- //# sourceMappingURL=index-72180512.esm.js.map