Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RBAC: Add hasRole to API #1730

Closed
jeliasson opened this issue Feb 4, 2021 · 3 comments · Fixed by #3006
Closed

RBAC: Add hasRole to API #1730

jeliasson opened this issue Feb 4, 2021 · 3 comments · Fixed by #3006
Assignees
@dthyresson
Labels
topic/auth
Projects
Auth

Comments

@jeliasson
Copy link
Contributor

Currently we have hasRole method on the web side of things, but it would be neat having it on the api side. We currently have requireAuth, but that will throw an error while hasRole would most likely return a boolean.

For now it's super easy to just add copy the requireAuth logic and change out the throwing of exceptions to boolean, but would be nice seeing a native way in future RedwoodJS versions.

/cc @dthyresson
@dthyresson
Copy link
Contributor

dthyresson commented Feb 4, 2021
edited

Idea here is to move from auth.js (in the auth setup package template):

  if (
    typeof role !== 'undefined' &&
    typeof role === 'string' &&
    !context.currentUser.roles?.includes(role)
  ) {
    throw new ForbiddenError("You don't have access to do that.")
  }

  if (
    typeof role !== 'undefined' &&
    Array.isArray(role) &&
    !context.currentUser.roles?.some((r) => role.includes(r))
  ) {
    throw new ForbiddenError("You don't have access to do that.")
  }

into a hasRole() that returns a boolean and then use that to raise the ForbiddenError.

That way a hasRole() could even be used in a directive or maybe GraphQL shield to protect a service resolver easily.

@dthyresson
Copy link
Contributor

Note this PR should also address the inconsistency in role vs roles in requireAuth.

The params and docs should both use roles.

@jtoar jtoar added this to To do in Auth via automation May 18, 2021
@jtoar jtoar added this to Needs confirmation in Triage Jun 10, 2021
@jtoar jtoar moved this from Needs confirmation to In progress in Triage Jun 24, 2021
@jtoar jtoar moved this from In progress to Needs confirmation in Triage Jun 24, 2021
@jtoar jtoar moved this from Needs confirmation to In progress in Triage Jun 30, 2021
@jtoar
Copy link
Contributor

jtoar commented Jul 1, 2021

Do secure services kind of handle this? https://redwoodjs.com/docs/services#secure-services

@jtoar jtoar moved this from In progress to Needs feedback in Triage Jul 1, 2021
@dthyresson dthyresson self-assigned this Jul 5, 2021
@dthyresson dthyresson moved this from Needs feedback to In progress in Triage Jul 5, 2021
@dthyresson dthyresson added this to New issues in Current-Release-Sprint via automation Jul 5, 2021
@dthyresson dthyresson moved this from New issues to In progress (priority) in Current-Release-Sprint Jul 5, 2021
@thedavidprice thedavidprice removed this from In progress (priority) in Current-Release-Sprint Jul 6, 2021
@dthyresson dthyresson mentioned this issue Jul 7, 2021
Merged
@thedavidprice thedavidprice removed this from In progress in Triage Jul 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dthyresson dthyresson

Labels
topic/auth
Projects
No open projects
Auth
  
To do
Milestone
No milestone
3 participants
@jeliasson @dthyresson @jtoar