Skip to content

UniversityOfHelsinkiCS/jami

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

139 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
tests
tests
 
 
.env.template
.env.template
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
dev.Dockerfile
dev.Dockerfile
 
 
docker-compose.ci.yml
docker-compose.ci.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
prettier.config.js
prettier.config.js
 
 
tsconfig.json
tsconfig.json
 
 
vitest.config.ts
vitest.config.ts
 
 

Repository files navigation

Release to staging

Jami

Jämpti autorisaatio mankeli IAM:eille

Running locally

Requirements: docker, npm

# Install dependencies
$ npm i
# Start the server (you can also use npm start)
$ docker compose up

Jami API should now be available at http://localhost:3000/. Configure the port for your needs in docker-compose.yml.

If you need the importer client to work locally (to fetch a person's Sisu roles), you will need an api-gw token. Check documentation in GitLab for information on how to get one. If you already have a token for Oodikone, you can use that. Otherwise, select "Oodikone" when creating a new token. Once you have the token, add it to the .env file like this:

IMPORTER_DB_API_TOKEN=your-token-here

API

POST /

  • Body
{
  "userId": "hy-hlo-12345678",
  "iamGroups": ["hy-employees", "grp-toska"]
}
  • Response
{
  "500-M009": {
    "read": true,
    "write": true,
    "admin": true
  },
  "T920101": {
    "read": true,
    "write": false,
    "admin": false
  },
  "specialGroup": {
    "superAdmin": true
  }
}

POST /user-organisations

  • Response
Array<Faculty>

GET /:userId

  • Response
{
  "id": "hy-hlo-12345678",
  "iamGroups": ["hy-employees", "grp-toska"],
}

GET /access-to-all

  • Response
{
  "500-M009": {
    "read": true,
    "write": true,
    "admin": true
  },
  "T920101": {
    "read": true,
    "write": true,
    "admin": true
  },
  // ...
  "specialGroup": {
    "allProgrammes": true
  }
}

GET /organisation-data

GET /all-access

  • Response: all user's iam groups and their computed access rights:
  [
    {
      "id": "hy-hlo-12345678",
      "iamGroups": ["hy-employees", "grp-toska"],
      "500-M009": {
        "read": true,
        "write": true,
        "admin": true
      },
      "T920101": {
        "read": true,
        "write": false,
        "admin": false
      },
      "specialGroup": {
        "superAdmin": true
      }
    },
    // ...
  ]

POST /access-and-special-groups

Like GET /all-access, but for a specified list of users. This endpoint also includes the information about full access to student data in Sisu.

NB! Might be slow for large amounts of users, if Sisu access info is not in the cache (currently stored for 24 hours).

  • Body
{
  "userIds": ["hy-hlo-12345678", ...],
}
  • Response
[
  {
    "id": "hy-hlo-12345678",
    "iamGroups": [
      "hy-employees",
      "grp-toska"
    ],
    "access": {},
    "specialGroup": {
      "superAdmin": true,
      "fullSisuAccess": true
    }
  },
  ...
]

GET /iam-groups

  • Response: all unique iam groups in Jami DB:
["grp-toska", "hy-employees"]

Other routes

GET /ping => pong

About

Service for UoH IAM authorization

Topics

hacktoberfest

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 44

Remove @helsinki.fi address from the new IAM Latest
Jul 4, 2024
+ 43 releases

Contributors 7

Languages