Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication? #141

Closed
n8stowell82 opened this issue Sep 6, 2019 · 3 comments
Closed

Authentication? #141

n8stowell82 opened this issue Sep 6, 2019 · 3 comments

Comments

@n8stowell82
Copy link

@n8stowell82 n8stowell82 commented Sep 6, 2019

Hey, I have been evaluating AdminBro as a drop in tool for building out a backend portal for a work project. one of the requirements is that we have full authentication model baked in. The practical example is that we want to have some users be able to update any record in the db, while we want other users to only be able to update some records, or even only some fields on a record. I see the login route (which btw needs some documentation around) and that is a good place to start. However, I don't see any practical way to limit a user's access once they have been authenticated.

It should be noted that I have my own authentication platform that will hold all the rules and groups, I am just looking for a way to say that when User "X" logs in and wants to change a record, I can look at their role and decide what is available to them

Great work so far, the tool is incredibly easy to get setup and understand outside of this issue.

@wojtek-krysiak
Copy link
Contributor

@wojtek-krysiak wojtek-krysiak commented Sep 7, 2019

Thanks!

  1. please point out the place (login route) where you would like to have better docs - I will try to work on that
  2. there are 2 guarding functions which you can use to limit access to particular resource:
    ** https://softwarebrothers.github.io/admin-bro-dev/BaseAction.html#.isAccessible
    ** https://softwarebrothers.github.io/admin-bro-dev/BaseAction.html#.isVisible
    There are 2 functions because sometimes you want just to hide one resource form a list (list: {isVisible: false}) but allow users to filter by this resource when it is a reference.
  3. BUT: there is a limitation to this - both isVisible and isAccessible doesn't take a record (at least right now) as a parameter (#139)

@n8stowell82
Copy link
Author

@n8stowell82 n8stowell82 commented Sep 9, 2019

@wojtek-krysiak thanks for the response.

  1. I think a tutorial on how to add authentication/authorization to the admin would be really nice. I had to go looking at source code to realize there were different ways to setup the app. Though looking through the source is good for many reasons, I think dedicated docs showcasing all the ways the app can be setup will be more welcoming to new users.

  2. I did see those two properties, but I was unsure how to pair them with the authentication aspect. Specifically, I am unsure how to know what authentication level the current user has and how to toggle isAccessible or isVisible based on that level. Again maybe a tutorial would be good here?

Thanks so much for all the hard work

@wojtek-krysiak
Copy link
Contributor

@wojtek-krysiak wojtek-krysiak commented Sep 20, 2019

I added a task about this Documentation section with RBAC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants