SSO config: view/edit config and disable role assigning for SSO mapped users

[fiskus]

• Disable setting role as default if role.isDefaultRoleSettingDisabled
• Show the SSO config if present. Allow changing its content in popup form
• Disable role assignments when user.isRoleAssignmentDisabled

• Changelog entry (skip if change is not significant to end users, e.g. docs only)

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 135 lines in your changes missing coverage. Please review.

Project coverage is 38.33%. Comparing base (9559afb) to head (d3de1ae).

Files	Patch %	Lines
...g/app/containers/Admin/UsersAndRoles/SsoConfig.tsx	0.00%	65 Missing and 1 partial ⚠️
...talog/app/containers/Admin/UsersAndRoles/Users.tsx	0.00%	25 Missing ⚠️
...talog/app/containers/Admin/UsersAndRoles/Roles.tsx	0.00%	23 Missing ⚠️
.../app/containers/Admin/UsersAndRoles/RoleSelect.tsx	0.00%	10 Missing ⚠️
catalog/app/utils/GraphQL/Provider.tsx	0.00%	5 Missing ⚠️
catalog/app/components/Lock/Lock.tsx	0.00%	2 Missing ⚠️
.../Admin/UsersAndRoles/gql/SetSsoConfig.generated.ts	0.00%	2 Missing ⚠️
...ers/Admin/UsersAndRoles/gql/SsoConfig.generated.ts	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4070      +/-   ##
==========================================
- Coverage   38.47%   38.33%   -0.14%     
==========================================
  Files         717      720       +3     
  Lines       33025    33143     +118     
  Branches     4665     4879     +214     
==========================================
  Hits        12706    12706              
+ Misses      19695    19289     -406     
- Partials      624     1148     +524     

Flag	Coverage Δ
api-python	90.75% <ø> (ø)
catalog	11.45% <0.00%> (-0.07%)	⬇️
lambda	87.97% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[nl0]

but this is what I'm working on now.

that can be done in a follow-up PR, it's even ok if we merge it after the release (or after RC at least)

[nl0]

looks okay.
i think you should also add some conditional logic to role editing menu: a) disable/remove "set as default" option; and b) remove "delete" option for mapped roles (do we have enough data in gql for this?)

[nl0]

Not sure if I should add something more for error handling.

what you've got seems sufficient i think

[fiskus]

a) disable/remove "set as default" option;

Thanks. Done.

b) remove "delete" option for mapped roles (do we have enough data in gql for this?)

No. @sir-sigurd can we add this to role struct: role is mapped, so user can't delete it?

[sir-sigurd]

No. @sir-sigurd can we add this to role struct: role is mapped, so user can't delete it?

I'm not sure (that's the best time to work on it right now|what's the best way to implement it)
we already forbid modification of some roles:

1. roles with reserved names can't be removed/edited
2. roles that are assigned to users can't be removed
3. + roles used by SSO config can't removed and renamed (because they're referenced using names)

so it looks like we need to add multiple fields and since it looks like you want to display a reason why specific action is forbidden that fields should return something more that just a bool

[nl0]

the changes look good. pls update the PR description to reflect the changes.