Add roles to API keys

Description

As a admin user I would like to

  • add roles to the given API Key (aka Service Account)

  • remove roles to the given API Key

  • see all roles assigned to the given API Key

Questions

  • Should we handle this in the same way as we handle user role assignment? <-

  • How the UI should look like? <-

Acceptance criteria

  • Each service should be able to check if API key has right to resource

Notes from review:

  • modify the AccessTokenEnhancer class in the auth service to add id of entity related with API key.

    • we could check if token is related with API key by checking if authentication.getOAuth2Request().getClientId() starts with proper prefix.

  • in the PermissionService class in each services (currently we have about 6 of them) we use ID to check if API key has assigned the required right (this will be done in the reference data service, similar to hasRight endpoint for users)

  • endpoint to check right: (Reference Data) GET /api/serviceAccounts/{token}/hasRight?facilityId=&programId=&warefouse= - check if API key has right to facility, program and/or warehouse

Status

Assignee

Unassigned

Reporter

Łukasz Lewczyński

Labels

None

Components

Priority

Major
Configure