Git Product home page Git Product logo

ra-auth-acl's Introduction

Access Control List for React Admin

GitHub top language GitHub contributors License npm

Provide a small ACL framework for react-admin to manage resources views access based on pre-defined roles.

Tip: For a more complete solution for complex roles and permissions, check out ra-rbac.

Getting Started

npm install --save-dev ra-auth-acl
# or
yarn add ra-auth-acl

Usage

This library relies on the existing React Admin permission management, which allows to get permissions from an authenticated user.

  1. Use <ResourceWithPermissions> instead of the react-admin <Resource> component.
import React from 'react';
import { Admin } from 'react-admin';
import { ResourceWithPermissions } from 'ra-auth-acl';

import authProvider from './authProvider';
import posts from './posts';
import comments from './comments';

render(
    <Admin authProvider={authProvider}>
        {permissions => [
            <ResourceWithPermissions name="posts" permissions={permissions} {...posts} />,
            <ResourceWithPermissions name="comments" permissions={permissions} {...comments} />,
        ]}
    </Admin>
);
  1. On your custom authentication provider, return an access control list when the framework asks for it using the AUTH_GET_PERMISSIONS verb:
// authProvider.js

import { AUTH_GET_PERMISSIONS } from 'react-admin';

export default (type, params) => {
    // ...
    if (type === AUTH_GET_PERMISSIONS) {
        return Promise.resolve({
            posts: {
                // Use the resource `name` prop as identifier
                enabled: true,
                list: true,
                create: false,
                edit: false,
                show: true,
            },
            comments: {
                enabled: false, // This won't show the resource at all
                custom: true, // You can pass your own custom keys if needed
            },
        });
    }
};

The ACL works with five default permissions, all false by default:

  • enabled: Display the resource or not.
  • list: Display the list view of the resource
  • create: Display the create view of the resource
  • edit: Display the edit view of the resource
  • show: Display the show view of the resource
  1. You can go with your custom permissions and use the hasAccess helper to customize your resources:
import { hasAccess } from 'ra-auth-acl';

export const UserList = ({ permissions, ...props }) => (
    <List {...props}>
        <Datagrid rowClick={hasAccess(permissions, 'users.edit') ? 'edit' : 'show'} expand={<UserEditEmbedded />}>
            <TextField source="id" />
            <TextField source="name" />
            {hasAccess(permissions, 'users.custom') && <TextField source="role" />}
        </Datagrid>
    </List>
);

You can chain all the permissions you need in the hasAccess helper. All of them should be true to unlock the access.

hasAccess(permissions, 'user.edit', 'user.custom');

Dealing With Roles

Instead of building the permissions list each time, you can store the role in the local storage or in a JSON Web Token, and request the permissions list at runtime:

// authProvider.js
import { AUTH_GET_PERMISSIONS } from 'react-admin';
import { buildFullAccessFor } from 'ra-auth-acl';

const permissions = {
    admin: {
        ...buildFullAccessFor(['posts', 'comments', 'users', 'tags']),
    },
    user: {
        ...buildFullAccessFor(['posts', 'comments', 'tags']),
    },
};

export default (type, params) => {
    if (type === AUTH_GET_PERMISSIONS) {
        const role = localStorage.getItem('role'); // Might be async request!
        return Promise.resolve(permissions[role]);
    }
};

Maintainer

Kmaschta Kmaschta

License

This library is licensed under the MIT License, sponsored and supported by marmelab.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.