diff --git a/src/pages/Admin/UserManagement/rbacMocks.ts b/src/pages/Admin/UserManagement/rbacMocks.ts new file mode 100644 index 0000000..083d1e8 --- /dev/null +++ b/src/pages/Admin/UserManagement/rbacMocks.ts @@ -0,0 +1,134 @@ +export interface MockUser { + id: string + username: string + displayName: string + email: string + provider: 'local' | 'oidc' + createdAt: string + directRoles: string[] + directGroups: string[] +} + +export interface MockGroup { + id: string + name: string + parentId: string | null + builtIn: boolean + directRoles: string[] + memberUserIds: string[] +} + +export interface MockRole { + id: string + name: string + description: string + scope: 'system' | 'custom' + system: boolean +} + +export const MOCK_ROLES: MockRole[] = [ + { id: 'role-1', name: 'ADMIN', description: 'Full system access', scope: 'system', system: true }, + { id: 'role-2', name: 'USER', description: 'Standard user access', scope: 'system', system: true }, + { id: 'role-3', name: 'EDITOR', description: 'Can modify routes and configurations', scope: 'custom', system: false }, + { id: 'role-4', name: 'VIEWER', description: 'Read-only access to all resources', scope: 'custom', system: false }, + { id: 'role-5', name: 'OPERATOR', description: 'Pipeline operator — start, stop, monitor', scope: 'custom', system: false }, + { id: 'role-6', name: 'AUDITOR', description: 'Access to audit logs and compliance data', scope: 'custom', system: false }, +] + +export const MOCK_GROUPS: MockGroup[] = [ + { id: 'grp-1', name: 'ADMINS', parentId: null, builtIn: true, directRoles: ['ADMIN'], memberUserIds: ['usr-1'] }, + { id: 'grp-2', name: 'Developers', parentId: null, builtIn: false, directRoles: ['EDITOR'], memberUserIds: ['usr-2', 'usr-3'] }, + { id: 'grp-3', name: 'Frontend', parentId: 'grp-2', builtIn: false, directRoles: ['VIEWER'], memberUserIds: ['usr-4'] }, + { id: 'grp-4', name: 'Operations', parentId: null, builtIn: false, directRoles: ['OPERATOR', 'VIEWER'], memberUserIds: ['usr-5', 'usr-6'] }, +] + +export const MOCK_USERS: MockUser[] = [ + { + id: 'usr-1', username: 'hendrik', displayName: 'Hendrik Siegeln', + email: 'hendrik@example.com', provider: 'local', createdAt: '2025-01-15T10:00:00Z', + directRoles: ['ADMIN'], directGroups: ['grp-1'], + }, + { + id: 'usr-2', username: 'alice', displayName: 'Alice Johnson', + email: 'alice@example.com', provider: 'oidc', createdAt: '2025-03-20T14:30:00Z', + directRoles: ['VIEWER'], directGroups: ['grp-2'], + }, + { + id: 'usr-3', username: 'bob', displayName: 'Bob Smith', + email: 'bob@example.com', provider: 'local', createdAt: '2025-04-10T09:00:00Z', + directRoles: [], directGroups: ['grp-2'], + }, + { + id: 'usr-4', username: 'carol', displayName: 'Carol Davis', + email: 'carol@example.com', provider: 'oidc', createdAt: '2025-06-01T11:15:00Z', + directRoles: [], directGroups: ['grp-3'], + }, + { + id: 'usr-5', username: 'dave', displayName: 'Dave Wilson', + email: 'dave@example.com', provider: 'local', createdAt: '2025-07-22T16:45:00Z', + directRoles: ['AUDITOR'], directGroups: ['grp-4'], + }, + { + id: 'usr-6', username: 'eve', displayName: 'Eve Martinez', + email: 'eve@example.com', provider: 'oidc', createdAt: '2025-09-05T08:20:00Z', + directRoles: [], directGroups: ['grp-4'], + }, + { + id: 'usr-7', username: 'frank', displayName: 'Frank Brown', + email: 'frank@example.com', provider: 'local', createdAt: '2025-11-12T13:00:00Z', + directRoles: ['USER'], directGroups: [], + }, + { + id: 'usr-8', username: 'grace', displayName: 'Grace Lee', + email: 'grace@example.com', provider: 'oidc', createdAt: '2026-01-08T10:30:00Z', + directRoles: ['VIEWER', 'AUDITOR'], directGroups: [], + }, +] + +/** Resolve all roles for a user, including those inherited from groups */ +export function getEffectiveRoles(user: MockUser): Array<{ role: string; source: 'direct' | string }> { + const result: Array<{ role: string; source: 'direct' | string }> = [] + const seen = new Set() + + // Direct roles + for (const role of user.directRoles) { + result.push({ role, source: 'direct' }) + seen.add(role) + } + + // Walk group chain for inherited roles + function walkGroup(groupId: string) { + const group = MOCK_GROUPS.find((g) => g.id === groupId) + if (!group) return + for (const role of group.directRoles) { + if (!seen.has(role)) { + result.push({ role, source: group.name }) + seen.add(role) + } + } + // Walk parent group + if (group.parentId) walkGroup(group.parentId) + } + + for (const groupId of user.directGroups) { + walkGroup(groupId) + } + + return result +} + +/** Get all groups in the chain (self + ancestors) for display */ +export function getGroupChain(groupId: string): MockGroup[] { + const chain: MockGroup[] = [] + let current = MOCK_GROUPS.find((g) => g.id === groupId) + while (current) { + chain.unshift(current) + current = current.parentId ? MOCK_GROUPS.find((g) => g.id === current!.parentId) : undefined + } + return chain +} + +/** Get child groups of a given group */ +export function getChildGroups(groupId: string): MockGroup[] { + return MOCK_GROUPS.filter((g) => g.parentId === groupId) +}