CDCgov
Fetch OrganizationRoleClaims from DB when feature flag enabled
BACKEND PULL REQUEST
Related Issue
- Why is this being done? Link to issue, or a few sentences describing why this PR exists
Changes Proposed
- Detailed explanation of what this PR should do
Additional Information
- decisions that were made
- notice of future work that needs to be done
Testing
- How should reviewers verify this PR?
DATABASE PULL REQUEST
Related Issue
- Why is this being done? Link to issue, or a few sentences describing why this PR exists
Changes Proposed
- Detailed explanation of what this PR should do
Additional Information
- decisions that were made
- notice of future work that needs to be done
Testing
- How should reviewers verify this PR?
DEVOPS PULL REQUEST
Related Issue
- Why is this being done? Link to issue, or a few sentences describing why this PR exists
Changes Proposed
- Detailed explanation of what this PR should do
Additional Information
- decisions that were made
- notice of future work that needs to be done
Testing
- How should reviewers verify this PR?
FRONTEND PULL REQUEST
Related Issue
- Why is this being done? Link to issue, or a few sentences describing why this PR exists
Changes Proposed
- Detailed explanation of what this PR should do
Additional Information
- decisions that were made
- notice of future work that needs to be done
Testing
- How should reviewers verify this PR?
Screenshots / Demos
- For large changes, please pair with a designer to ensure changes are as intended
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
96.7% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
forgive me if these are included in the remaining work you called out, but I noticed a couple unexpected places where we're using Okta groups as source of truth:
- getting count of users in facility (I think for support admin delete facility tool)
- activating org admins and getting their emails
- check to see if we're reprovisioning a user in a different org
- getting the org to use when updating user privileges
forgive me if these are included in the remaining work you called out, but I noticed a couple unexpected places where we're using Okta groups as source of truth:
- getting count of users in facility (I think for support admin delete facility tool)
- activating org admins and getting their emails
- check to see if we're reprovisioning a user in a different org
- getting the org to use when updating user privileges
I didn't explicitly call these out but I was going to search the entire repo for where we were calling the GroupApi and bundle all that work together. This is a very helpful starting point to make sure I have all the different usages covered 🙌 Thank you, Merethe! 🗒️
thank you for all your hard work on this! it's so cool to see this coming together 🤩
do you think we need to use the db roles for this permission check too? https://github.com/CDCgov/prime-simplereport/blob/refs/heads/elisa/7598-read-roles-from-db/backend/src/main/java/gov/cdc/usds/simplereport/config/authorization/UserAuthorizationVerifier.java#L100
ohhhh nice catch! I will update this 😅 Thank you!!! 🙌 🐛 🔍
I didn't explicitly call these out but I was going to search the entire repo for where we were calling the
GroupApiand bundle all that work together. This is a very helpful starting point to make sure I have all the different usages covered 🙌 Thank you, Merethe! 🗒️
oh nice that should definitely do it. everything looks good! the permission check update could totally go in a follow-up PR too if you want to just merge this
I didn't explicitly call these out but I was going to search the entire repo for where we were calling the
GroupApiand bundle all that work together. This is a very helpful starting point to make sure I have all the different usages covered 🙌 Thank you, Merethe! 🗒️oh nice that should definitely do it. everything looks good! the permission check update could totally go in a follow-up PR too if you want to just merge this
I'll fix the permission check in a separate PR 🙏 Thank you for your flexibility.