Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add access control to controllers #10247

Merged
merged 25 commits into from
Oct 1, 2024
Merged

Add access control to controllers #10247

merged 25 commits into from
Oct 1, 2024

Conversation

djhi
Copy link
Collaborator

@djhi djhi commented Sep 30, 2024
edited by fzaninotto
Loading

Problem

Page controllers (useEditController, etc.) don't have any access control check by default. Adding some as an afterthought leads to race conditions (e.g., access control being checked before authentication) and is cumbersome.

Solution

Add built-in access control in all 5 page controllers:

  • useListController
  • useInfiniteListController
  • useCreateController
  • useEditController
  • useShowController

How To Test

Stories for each controller

Additional Checks

  • The PR targets master for a bugfix, or next for a feature
  • The PR includes unit tests (if not possible, describe why)
  • The PR includes one or several stories (if not possible, describe why)

Part of #10222

@djhi djhi added the WIP Work In Progress label Sep 30, 2024
@djhi djhi changed the base branch from next to access-control-resources September 30, 2024 09:20
@djhi djhi added RFR Ready For Review and removed WIP Work In Progress labels Sep 30, 2024
@fzaninotto
Copy link
Member

Conditional menu items and buttons are out of the scope of this PR, right?

@djhi
Copy link
Collaborator Author

djhi commented Sep 30, 2024

Conditional menu items and buttons are out of the scope of this PR, right?

Yes, next PR

fzaninotto
fzaninotto requested changes Sep 30, 2024
View reviewed changes
Copy link
Member

@fzaninotto fzaninotto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!

docs/useRequireAccess.md Outdated Show resolved Hide resolved
docs/useRequireAccess.md Outdated Show resolved Hide resolved
docs/useRequireAccess.md Show resolved Hide resolved
docs/useRequireAccess.md Show resolved Hide resolved
packages/ra-core/src/auth/CanAccess.tsx Outdated Show resolved Hide resolved
packages/ra-core/src/auth/useRequireAccess.spec.tsx Outdated Show resolved Hide resolved
packages/ra-core/src/controller/create/useCreateController.ts Outdated Show resolved Hide resolved
packages/ra-core/src/controller/create/useCreateController.ts Show resolved Hide resolved
packages/ra-core/src/controller/create/useCreateController.security.stories.tsx Outdated Show resolved Hide resolved
packages/ra-core/src/controller/create/useCreateController.security.stories.tsx Outdated Show resolved Hide resolved
@djhi @fzaninotto
Apply suggestions from code review
c429d46 
Co-authored-by: Francois Zaninotto <francois@marmelab.com>
@djhi djhi force-pushed the access-control-controllers branch from 2ca26a4 to a8adf6e Compare October 1, 2024 08:42
@fzaninotto fzaninotto merged commit c0b26e0 into access-control-resources Oct 1, 2024
14 checks passed
@fzaninotto fzaninotto deleted the access-control-controllers branch October 1, 2024 09:22
@fzaninotto fzaninotto added this to the 5.3.0 milestone Oct 1, 2024
@fzaninotto fzaninotto mentioned this pull request Oct 1, 2024
Merged
19 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fzaninotto fzaninotto fzaninotto approved these changes

Assignees
No one assigned
Labels
RFR Ready For Review
Projects
None yet
Milestone
5.3.0
Development

Successfully merging this pull request may close these issues.
2 participants
@djhi @fzaninotto