Skip to content

KEH-609 | Admin Access #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 29, 2025
Merged

KEH-609 | Admin Access #26

merged 6 commits into from
Oct 29, 2025

Conversation

@TotalDwarf03
Copy link
Contributor

What type of PR is this? (check all applicable)

  • Refactor
  • Feature
  • Bug Fix
  • Optimization
  • Documentation Update

What

  • API now collects which groups the authenticated user is apart of after decoding the Cognito token
  • This will determine what privileges the user has when editing projects.

This fixes our current workaround of using shared credentials.

Testing

Have any new tests been added as part of this issue? If not, try to explain why test coverage is not needed here.

  • Yes
  • No
    Please write a brief description of why test coverage is not necessary here.
  • Not as part of this ticket. (Could be done at a later point)

Documentation

Has any new documentation been written as part of this issue? We should try to keep documentation up to date
as new code is added, rather than leaving it for the future.

  • Yes
  • No
    Please write a brief description of why documentation is not necessary here.
  • Not as part of this ticket. (Could be done at a later point)

Related issues

KEH-609 (Jira)

How to review

This is currently deployed to sdp-dev.

See the instructions in the UI PR.

ONS-Innovation/keh-tech-audit-tool#54

@TotalDwarf03
fix(api tf): Add triggers for api gateway deployment to terraform
a47a3f8 
- This will make the API Gateway redeploy itself if main.tf changes
@TotalDwarf03
feat(resources): Add function to get user attributes from Cognito token
4c21600 
- Previously, we were only getting the email from this but now we need the groups.
@TotalDwarf03
feat: allow cognito users in admin group to edit projects
3e34bb4 
- Update /project/<proj> put method to check if user has admin group
- If the user has admin group (cognito) or is listed within the user list, allow edit
@TotalDwarf03
feat(cognito tf): Provision Admin group via Terraform
7e8fb17 
- This also fixes the COGNITO_TOKEN_URL which is incorrect
@TotalDwarf03 TotalDwarf03 requested a review from a team October 28, 2025 17:29
@TotalDwarf03 TotalDwarf03 self-assigned this Oct 28, 2025
mwirikia
mwirikia reviewed Oct 29, 2025
View reviewed changes
mwirikia
mwirikia reviewed Oct 29, 2025
View reviewed changes
@TotalDwarf03
refactor(cognito): Get all token attributes in a single method
156404b 
- Removes multiple functions doing a similar thing
- This does have a drawback where everything is collected even if it's not needed but that's fine
@TotalDwarf03 TotalDwarf03 requested a review from mwirikia October 29, 2025 14:04
@TotalDwarf03 TotalDwarf03 merged commit 7ccf648 into main Oct 29, 2025
4 checks passed
@TotalDwarf03 TotalDwarf03 deleted the KEH-609-admin-access branch October 29, 2025 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mwirikia mwirikia mwirikia approved these changes

Assignees

@TotalDwarf03 TotalDwarf03

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TotalDwarf03 @mwirikia