Access Control List for React Admin
Provide a small ACL framework to manage resources views access based on pre-defined roles.
Getting Started
npm install --save-dev ra-auth-acl# or yarn add ra-auth-acl
Usage
This library relies on the existing React Admin permission management, which allows to get permissions from an authenticated user.
- Use
<ResourceWithPermissions>
instead of the react-admin<Resource>
component.
import React from 'react';import Admin from 'react-admin'; import authProvider from './authProvider';import posts from './posts';import comments from './comments'; ;
- On your custom authentication provider, return an access control list when the framework asks for it using the
AUTH_GET_PERMISSIONS
verb:
// authProvider.js ; { // ... if type === AUTH_GET_PERMISSIONS return Promise; };
The ACL works with five default permissions, all false
by default:
- enabled: Display the resource or not.
- list: Display the list view of the resource
- create: Display the create view of the resource
- edit: Display the edit view of the resource
- show: Display the show view of the resource
You can go with your custom permissions and use the hasAccess
helper to customize your resources:
import hasAccess from 'ra-auth-acl'; const UserList = permissions ...props <List > <Datagrid = => <TextField ="id" /> <TextField ="name" /> && <TextField ="role" /> </Datagrid> </List>;
Dealing With Roles
Instead of building the permissions list each time, you can store the role in the local storage or in a JSON Web Token, and request the permissions list at runtime:
// authProvider.js;; const permissions = admin: ... user: ... ; { if type === AUTH_GET_PERMISSIONS const role = localStorage; // Might be async request! return Promise; };
License
This library is licensed under the MIT License, sponsored and supported by marmelab.