fix(api-headless-cms): permissions checks #3449

brunozoric · 2023-07-27T08:42:51Z

Changes

The main part of this PR is the export of access checks for models and groups. Adrian removed those when he introduced new security stuff.

PR also includes:

attach permissions to the CmsContext so they are available to the public
remove unnecessary locale parameter from model and group permission checks as it already exists on both group and model
group permission check params now require only a small part of the group object to be sent into it
model permission check params now require only a small part of the model object to be sent into it

Jest and manually.

…nternal

…l and group permission checks

adrians5j

Thanks!

The base branch was changed.

brunozoric added 4 commits July 27, 2023 10:32

feat(api-headless-cms): attach permissions to cms context - mark as i…

e430e35

…nternal

feat(api-headless-cms): export access checks from root

7a6ed03

refactor(api-headless-cms): remove unnecessary locale when doing mode…

21a9238

…l and group permission checks

refactor(api-headless-cms): rename permissions attached to context

770075d

brunozoric requested review from adrians5j and Pavel910 July 27, 2023 08:42

brunozoric self-assigned this Jul 27, 2023

brunozoric added bug cms labels Jul 27, 2023

brunozoric added this to the 5.37.1 milestone Jul 27, 2023

adrians5j previously approved these changes Jul 27, 2023

View reviewed changes

brunozoric changed the base branch from next to dev July 27, 2023 10:34

brunozoric marked this pull request as ready for review July 27, 2023 10:35

brunozoric requested review from adrians5j and leopuleo July 27, 2023 10:36

leopuleo approved these changes Jul 27, 2023

View reviewed changes

brunozoric merged commit 26cace7 into dev Jul 27, 2023
58 checks passed

brunozoric deleted the bruno/fix/api-headless-cms/permissions-checks branch September 12, 2023 14:09