Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Doc] Improve Access Control for Custom Pages #10357

Merged
merged 1 commit into from
Nov 19, 2024
Merged

[Doc] Improve Access Control for Custom Pages #10357

merged 1 commit into from
Nov 19, 2024

Conversation

fzaninotto
Copy link
Member

Problem

The current doc for securing custom pages with access control misses two things:

  1. The AccessDenied page (the current syntax only shows an empty page when the user doesn't have access)
  2. Instructions for tweaking the Menu

Solution

Improve the doc

@fzaninotto fzaninotto added the RFR Ready For Review label Nov 18, 2024
fzaninotto
fzaninotto commented Nov 18, 2024
View reviewed changes
docs/CanAccess.md

export const LogsPage = () => (
<Authenticated>
<CanAccess resource="logs" action="read" accessDenied={<AccessDenied />}>
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The important part is the accessDenied={<AccessDenied />} part, which was missing.

djhi
djhi reviewed Nov 18, 2024
View reviewed changes
docs/Permissions.md
**Note**: You don't need to use `<CanAccess>` on the core react-admin page components (`<List>`, `<Create>`, `<Edit>`, `<Show>`) because they already have built-in access control.

**Note**: You don't need to use `<CanAccess>` on custom pages if your admin uses [`requireAuth`](./Admin.md#requireauth).
**Note**: You don't need to use `<Authenticated>` on custom pages if your admin uses [`requireAuth`](./Admin.md#requireauth).
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd move that tip below the example that uses <Authenticated>

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought about that, too, but I feel that it interrupts the flow of the explanation for a particular case. So I'm -1 for this change.

@djhi djhi added this to the 5.3.5 milestone Nov 19, 2024
@djhi djhi merged commit 4357cc1 into master Nov 19, 2024
15 checks passed
@djhi djhi deleted the doc-access-control-custom-routes branch November 19, 2024 08:55
@djhi djhi modified the milestones: 5.3.5, 5.4.0 Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djhi djhi djhi approved these changes

Assignees
No one assigned
Labels
RFR Ready For Review
Projects
None yet
Milestone
5.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@fzaninotto @djhi