New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds a hasRole() and isAuthenticated() to determine the role membership or if the request is authenticated #3006
Conversation
@dthyresson do you think the RFC here is part of the future for addressing the disparity? #2431 |
I don't think this addresses #2431 since as I read the issue, that is more of a web-side concern to check membership/permissions -- and that can depend highly on the auth provider and the implementation. This PR simply intends to make checking server-side if the user belongs to a role (or not) rather than throwing exceptions when checking. It helps if you just "need to know if they do" without having to do some try/catch instead. I have a feeling that dbAuth might be a good first case for having both roles and permissions implemented --and then can think of a way web-side to enforce. |
Will need doc change to use |
packages/cli/src/commands/setup/auth/templates/auth.js.template
Outdated
Show resolved
Hide resolved
packages/cli/src/commands/setup/auth/templates/auth.js.template
Outdated
Show resolved
Hide resolved
packages/cli/src/commands/setup/auth/templates/auth.js.template
Outdated
Show resolved
Hide resolved
Co-authored-by: Tobbe Lundberg <tobbe@tlundberg.com>
Co-authored-by: Tobbe Lundberg <tobbe@tlundberg.com>
From @Tobbe
I see. The questions are what if the developer either set roles to
In both cases, the function should return But, then does the question, does the user have undefined roles mean they have no roles assigned, ie unassigned roles -- and then really need to check if their role assignment is undefined or roles length is 0. Or, should undefined throw an Error? Or, is undefined simply invalid and return false because preventing access is better than granted access. Perhaps just a comment to clarify? |
From a theoretical/academical point of view I think it should be a compilation error in a TS project, and a runtime error in a JS project. But from a DX pov it's probably nicer to do what you've done and just return |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added comment in JSDoc if not roles
Fixes #1730
Adds a
hasRole()
andisAuthenticated()
in auth.js that return booleans rather than exceptions (as is done byrequireAuth
) so these checks can be used to determine the role membership or if the request is authenticated.Also:
roles
instead ofrole
to be clear than can check a set of values Fixes TS error in default auth.ts #3024NOTE: Draft tested in local RBAC blog identity app.
Also needs to update
dbAuth.auth.js.template
(Done!)