chore: add M2M RBAC changeset and remove feature switch (#4593)

2025-01-13 21:30:30 -05:00 · 2023-09-28 14:35:19 +08:00 · 2023-09-28 14:35:19 +08:00 · a8b5a020fd
commit a8b5a020fd
parent 50a5b14e18
5 changed files with 37 additions and 17 deletions
--- a/.changeset/famous-zebras-begin.md
+++ b/.changeset/famous-zebras-begin.md
@ -0,0 +1,32 @@
+---
+"@logto/console": minor
+---
+
+feature: machine-to-machine (M2M) role-based access control (RBAC)
+
+### Summary
+
+This feature enables Logto users to apply role-based access control (RBAC) to their machine-to-machine (M2M) applications.
+
+In Logto, we have enabled Logto users to utilize RBAC to manage their own end-users. However, the methods for M2M connections and authorization are even more prevalent and critical across various use cases than end-user access management.
+
+From now on, Logto enables it's users to manage their M2M applications using RBAC.
+
+#### New role type: machine-to-machine
+
+We have introduced a new role type, "machine-to-machine".
+
+- When creating a new role, you can select the type (either "machine-to-machine" or "user" type), with "user" type by default if not specified.
+- Logto now ONLY allows the selection of the role type during role creation.
+
+#### Manage "machine-to-machine" roles
+
+You can manage the permissions of a "machine-to-machine" role in the same way as a "user" role.
+
+> Logto's management API resources are available to "machine-to-machine" roles but not for "user" roles.
+> "machine-to-machine" roles can only be assigned to M2M applications; and "user" roles can only be assigned to users.
+
+You can assign "machine-to-machine" roles to M2M applications in the following two ways:
+
+- "Applications" on sidebar -> Select an M2M application -> "Roles" tab -> "Assign Roles" button
+- "Roles" on sidebar -> Select an M2M role -> "Machine-to-machine apps" tab -> "Assign Applications" button
--- a/packages/console/src/components/RoleScopesTransfer/components/SourceScopesBox/index.tsx
+++ b/packages/console/src/components/RoleScopesTransfer/components/SourceScopesBox/index.tsx
@ -10,7 +10,6 @@ import useSWR from 'swr';
 import Search from '@/assets/icons/search.svg';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import type { DetailedResourceResponse } from '@/components/RoleScopesTransfer/types';
-import { isDevFeaturesEnabled } from '@/consts/env';
 import TextInput from '@/ds-components/TextInput';
 import type { RequestError } from '@/hooks/use-api';
 import * as transferLayout from '@/scss/transfer.module.scss';
@ -88,8 +87,7 @@ function SourceScopesBox({ roleId, roleType, selectedScopes, onChange }: Props)
      .filter(
        ({ indicator, scopes }) =>
          /** Should show management API scopes for machine-to-machine roles */
-          ((isDevFeaturesEnabled && roleType === RoleType.MachineToMachine) ||
-            !isManagementApi(indicator)) &&
+          (roleType === RoleType.MachineToMachine || !isManagementApi(indicator)) &&
          scopes.some(({ id }) => !excludeScopeIds.has(id))
      )
      .map(({ scopes, ...resource }) => ({
--- a/packages/console/src/pages/ApplicationDetails/components/AdvancedSettings.tsx
+++ b/packages/console/src/pages/ApplicationDetails/components/AdvancedSettings.tsx
@ -11,7 +11,6 @@ import { useFormContext } from 'react-hook-form';
 import { Trans, useTranslation } from 'react-i18next';

 import FormCard from '@/components/FormCard';
-import { isDevFeaturesEnabled } from '@/consts/env';
 import { openIdProviderConfigPath } from '@/consts/oidc';
 import { AppDataContext } from '@/contexts/AppDataProvider';
 import CopyToClipboard from '@/ds-components/CopyToClipboard';
@ -166,14 +165,6 @@ function AdvancedSettings({ app: { type }, oidcConfig }: Props) {
          </FormField>
        </>
      )}
-      {!isDevFeaturesEnabled && type === ApplicationType.MachineToMachine && (
-        <FormField title="application_details.enable_admin_access">
-          <Switch
-            label={t('application_details.enable_admin_access_label')}
-            {...register('isAdmin')}
-          />
-        </FormField>
-      )}
    </FormCard>
  );
 }
--- a/packages/console/src/pages/ApplicationDetails/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/index.tsx
@ -22,7 +22,6 @@ import Drawer from '@/components/Drawer';
 import PageMeta from '@/components/PageMeta';
 import UnsavedChangesAlertModal from '@/components/UnsavedChangesAlertModal';
 import { ApplicationDetailsTabs } from '@/consts';
-import { isDevFeaturesEnabled } from '@/consts/env';
 import { openIdProviderConfigPath } from '@/consts/oidc';
 import ActionMenu, { ActionMenuItem } from '@/ds-components/ActionMenu';
 import Button from '@/ds-components/Button';
@ -238,7 +237,7 @@ function ApplicationDetails() {
            >
              {t('application_details.advanced_settings')}
            </TabNavItem>
-            {isDevFeaturesEnabled && data.type === ApplicationType.MachineToMachine && (
+            {data.type === ApplicationType.MachineToMachine && (
              <>
                <TabNavItem href={`/applications/${data.id}/${ApplicationDetailsTabs.Roles}`}>
                  {t('application_details.application_roles')}
@ -262,7 +261,7 @@ function ApplicationDetails() {
              <TabWrapper isActive={tab === ApplicationDetailsTabs.AdvancedSettings}>
                <AdvancedSettings app={data} oidcConfig={oidcConfig} />
              </TabWrapper>
-              {isDevFeaturesEnabled && data.type === ApplicationType.MachineToMachine && (
+              {data.type === ApplicationType.MachineToMachine && (
                <>
                  <TabWrapper isActive={tab === ApplicationDetailsTabs.Roles}>
                    <MachineToMachineApplicationRoles application={data} />
--- a/packages/console/src/pages/Roles/components/CreateRoleForm/index.tsx
+++ b/packages/console/src/pages/Roles/components/CreateRoleForm/index.tsx
@ -13,7 +13,7 @@ import PlanName from '@/components/PlanName';
 import ProTag from '@/components/ProTag';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
 import RoleScopesTransfer from '@/components/RoleScopesTransfer';
-import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
+import { isCloud } from '@/consts/env';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import Button from '@/ds-components/Button';
 import DynamicT from '@/ds-components/DynamicT';
@ -202,7 +202,7 @@ function CreateRoleForm({ totalRoleCount, onClose }: Props) {
            }}
          />
        </FormField>
-        {isDevFeaturesEnabled && isTypeSelectorVisible && (
+        {isTypeSelectorVisible && (
          <FormField title="roles.role_type">
            <Controller
              name="type"