diff --git a/app/src/auth/authorize/Guard.ts b/app/src/auth/authorize/Guard.ts index e66dba1..6336a59 100644 --- a/app/src/auth/authorize/Guard.ts +++ b/app/src/auth/authorize/Guard.ts @@ -203,14 +203,17 @@ export class Guard { // set the default effect of the role permission let allowed = rolePermission.effect === "allow"; for (const policy of rolePermission.policies) { + $console.debug("guard: checking policy", { policy: policy.toJSON(), ctx }); // skip filter policies if (policy.content.effect === "filter") continue; // if condition is met, check the effect const meets = policy.meetsCondition(ctx); if (meets) { + $console.debug("guard: policy meets condition"); // if deny, then break early if (policy.content.effect === "deny") { + $console.debug("guard: policy is deny, setting allowed to false"); allowed = false; break; @@ -218,6 +221,8 @@ export class Guard { } else if (policy.content.effect === "allow") { allowed = true; } + } else { + $console.debug("guard: policy does not meet condition"); } } diff --git a/app/src/ui/components/form/json-schema-form/Form.tsx b/app/src/ui/components/form/json-schema-form/Form.tsx index acfa25b..5608796 100644 --- a/app/src/ui/components/form/json-schema-form/Form.tsx +++ b/app/src/ui/components/form/json-schema-form/Form.tsx @@ -130,7 +130,7 @@ export function Form< if (errors.length === 0) { await onSubmit(data as Data); } else { - console.log("invalid", errors); + console.error("form: invalid", { data, errors }); onInvalidSubmit?.(errors, data); } } catch (e) { diff --git a/app/src/ui/routes/auth/auth.roles.edit.$role.tsx b/app/src/ui/routes/auth/auth.roles.edit.$role.tsx index 9637ed1..e1be5dd 100644 --- a/app/src/ui/routes/auth/auth.roles.edit.$role.tsx +++ b/app/src/ui/routes/auth/auth.roles.edit.$role.tsx @@ -37,6 +37,8 @@ import { cn } from "ui/lib/utils"; import { JsonViewer } from "ui/components/code/JsonViewer"; import { mountOnce, useApiQuery } from "ui/client"; import { CodePreview } from "ui/components/code/CodePreview"; +import type { JsonError } from "json-schema-library"; +import { Alert } from "ui/components/display/Alert"; export function AuthRolesEdit(props) { useBrowserTitle(["Auth", "Roles", props.params.role]); @@ -72,6 +74,7 @@ const formConfig = { function AuthRolesEditInternal({ params }: { params: { role: string } }) { const [navigate] = useNavigate(); const { config, schema: authSchema, actions } = useBkndAuth(); + const [error, setError] = useState(); const roleName = params.role; const role = config.roles?.[roleName]; const { readonly, permissions } = useBknd(); @@ -91,6 +94,7 @@ function AuthRolesEditInternal({ params }: { params: { role: string } }) { } } async function handleUpdate(data: any) { + setError(undefined); await actions.roles.patch(roleName, data); } @@ -102,10 +106,13 @@ function AuthRolesEditInternal({ params }: { params: { role: string } }) { beforeSubmit={(data) => { return { ...data, - permissions: [...Object.values(data.permissions)], + permissions: [...Object.values(data.permissions).filter(Boolean)], }; }} onSubmit={handleUpdate} + onInvalidSubmit={(errors) => { + setError(errors); + }} > + {error && }