Add RBAC (custom conditions) to Developer docs #187
Conversation
There was a problem hiding this comment.
Thank you for adding this documentation!
I suggested some improvements. Also, on a more general note, I'm not sure we should use "you" that much in a documentation. It's fine when used here and there, but especially when explaining procedures/actions to follow, I personally prefer when it's a bit more impersonal.
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
|
@pwizla / @meganelacheny just an FYI most of this documentation was written by @alexandrebodin originally so if there is anything that is not clear it would be best to loop him in to review as well. |
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
It was not clear that higher tiers also offer the feature.
derrickmehaffy
requested review from
Convly and
petersg83
and removed request for
alexandrebodin
|
@Convly / @petersg83 if either of you get some time can you just review this and make sure everything looks good to you from a backend perspective |
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
As discussed with JS, contrary to what was stated in the draft, and based on [this blog entry](https://strapi.io/blog/announcing-3.1-role-based-access-control), a condition handler is not necessarily a function, it can also be an object.
|
Thank you very much for all your reviews and comments! @petersg83 and @Convly , just wanted to mention that this PR is ready for another (final?) review. I hope this doc is now even clearer, more inclusive and more comprehensive :-) |
This also allows for various registering syntaxes, one where we declare and register all at once, and one where we first declare then register the conditions.
|
|
||
| #### Using the condition handler | ||
|
|
||
| The condition `handler` is used to verify the condition on the entities you read, create, update or delete. It can be a query object or a function. |
There was a problem hiding this comment.
In fact, a condition can be applied to every permission.
The condition query object, however, will only work for permission attached to a particular subject (aka entity).
For instance, I could create a condition that allows me to access a particular page of the admin panel only if the server date is 5pm. In this scenario, my action is not related to any subject/entity and my condition would look like this: handler: () => new Date().getHours() === 17
There was a problem hiding this comment.
Oh, I seeeeee! Thank you very much for clarifying, JS! Really interesting example :-)
So I updated the content with this commit.
Thanks so much for your help! 🙌 😊 |
6 participants
What does it do?
Describes how to define & add custom conditions for RBAC management.
Why is it needed?
There was no doc entry on how to add custom RBAC conditions yet 😅
Related issue(s)/PR(s)
The goal is to deploy it along with #118 (Add RBAC in user-guide)