🚧 wip

server/routers/external.ts

@@ -700,6 +700,14 @@ authenticated.get(
     resource.listResourcePolicyRoles
 );
 
+authenticated.put(
+    "/resource-policy/:resourcePolicyId/access-control",
+    verifyResourcePolicyAccess,
+    verifyUserHasAction(ActionsEnum.setResourcePolicyUsers),
+    verifyUserHasAction(ActionsEnum.setResourcePolicyRoles),
+    policy.setResourcePolicyAccessControl
+);
+
 authenticated.get(
     "/resource-policy/:resourcePolicyId/users",
     verifyResourcePolicyAccess,

server/routers/integration.ts

@@ -30,7 +30,8 @@ import {
     verifyApiKeySetResourceClients,
     verifyLimits,
     verifyApiKeyDomainAccess,
-    verifyApiKeyResourcePolicyAccess
+    verifyApiKeyResourcePolicyAccess,
+    verifyUserHasAction
 } from "@server/middlewares";
 import HttpCode from "@server/types/HttpCode";
 import { Router } from "express";
@@ -619,6 +620,18 @@ authenticated.post(
     resource.setResourceUsers
 );
 
+authenticated.put(
+    "/resource-policy/:resourcePolicyId/access-control",
+    verifyApiKeyResourcePolicyAccess,
+    verifyApiKeyRoleAccess,
+    verifyLimits,
+    verifyUserHasAction(ActionsEnum.setResourcePolicyUsers),
+    verifyUserHasAction(ActionsEnum.setResourcePolicyRoles),
+    logActionAudit(ActionsEnum.setResourcePolicyUsers),
+    logActionAudit(ActionsEnum.setResourcePolicyRoles),
+    policy.setResourcePolicyAccessControl
+);
+
 authenticated.post(
     "/resource/:resourceId/roles/add",
     verifyApiKeyResourceAccess,

server/routers/policy/index.ts

@@ -1,2 +1,3 @@
 export * from "./getResourcePolicy";
 export * from "./updateResourcePolicy";
+export * from "./setResourcePolicyAccessControl";

server/routers/policy/setResourcePolicyAccessControl.ts

@@ -49,7 +49,7 @@ registry.registerPath({
     responses: {}
 });
 
-export async function setResourceUsers(
+export async function setResourcePolicyAccessControl(
     req: Request,
     res: Response,
     next: NextFunction

src/components/resource-policy/EditPolicyForm.tsx

@@ -275,12 +275,11 @@ export function EditPolicyForm({ hidePolicyNameForm }: EditPolicyFormProps) {
         <SettingsContainer>
             {/* Name */}
             {!hidePolicyNameForm && <PolicyNameSection />}
-            {/* <PolicyUsersRolesSection
+            <PolicyUsersRolesSection
-                       
+                allRoles={allRoles}
-                        allRoles={allRoles}
+                allUsers={allUsers}
-                        allUsers={allUsers}
+                allIdps={allIdps}
-                        allIdps={allIdps}
+            />
-                    /> */}
             {/* 
                     <PolicyAuthMethodsSection form={form} />
                     <PolicyOtpEmailSection
@@ -413,19 +412,35 @@ export function PolicyNameSection() {
 // ─── PolicyUsersRolesSection ──────────────────────────────────────────────────
 
 type PolicyUsersRolesSectionProps = {
-    form: UseFormReturn<PolicyFormValues, any, any>;
     allRoles: { id: string; text: string }[];
     allUsers: { id: string; text: string }[];
     allIdps: { id: number; text: string }[];
 };
 
 export function PolicyUsersRolesSection({
-    form,
     allRoles,
     allUsers,
     allIdps
 }: PolicyUsersRolesSectionProps) {
     const t = useTranslations();
+
+    const { policy } = useResourcePolicyContext();
+
+    const form = useForm({
+        resolver: zodResolver(
+            createPolicySchema.pick({
+                sso: true,
+                skipToIdpId: true,
+                users: true,
+                roles: true
+            })
+        ),
+        defaultValues: {
+            sso: policy.sso,
+            skipToIdpId: policy.idpId
+        }
+    });
+
     const ssoEnabled = useWatch({ control: form.control, name: "sso" });
     const selectedIdpId = useWatch({
         control: form.control,