-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Add RBAC (custom conditions) to Developer docs #187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for adding this documentation!
I suggested some improvements. Also, on a more general note, I'm not sure we should use "you" that much in a documentation. It's fine when used here and there, but especially when explaining procedures/actions to follow, I personally prefer when it's a bit more impersonal.
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
|
@pwizla / @meganelacheny just an FYI most of this documentation was written by @alexandrebodin originally so if there is anything that is not clear it would be best to loop him in to review as well. |
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding this documentation.
I added some comments.
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
It was not clear that higher tiers also offer the feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
|
@Convly / @petersg83 if either of you get some time can you just review this and make sure everything looks good to you from a backend perspective |
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
docs/developer-docs/latest/setup-deployment-guides/configurations.md
Outdated
Show resolved
Hide resolved
As discussed with JS, contrary to what was stated in the draft, and based on [this blog entry](https://strapi.io/blog/announcing-3.1-role-based-access-control), a condition handler is not necessarily a function, it can also be an object.
|
Thank you very much for all your reviews and comments! @petersg83 and @Convly , just wanted to mention that this PR is ready for another (final?) review. I hope this doc is now even clearer, more inclusive and more comprehensive :-) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, it looks good to me :)
This also allows for various registering syntaxes, one where we declare and register all at once, and one where we first declare then register the conditions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Almost there 🎉
|
|
||
| #### Using the condition handler | ||
|
|
||
| The condition `handler` is used to verify the condition on the entities you read, create, update or delete. It can be a query object or a function. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In fact, a condition can be applied to every permission.
The condition query object, however, will only work for permission attached to a particular subject (aka entity).
For instance, I could create a condition that allows me to access a particular page of the admin panel only if the server date is 5pm. In this scenario, my action is not related to any subject/entity and my condition would look like this: handler: () => new Date().getHours() === 17
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I seeeeee! Thank you very much for clarifying, JS! Really interesting example :-)
So I updated the content with this commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, nice job!
Thanks so much for your help! 🙌 😊 |
What does it do?
Describes how to define & add custom conditions for RBAC management.
Why is it needed?
There was no doc entry on how to add custom RBAC conditions yet 😅
Related issue(s)/PR(s)
The goal is to deploy it along with #118 (Add RBAC in user-guide)