Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new EntityPermissionGuard to check for EntityAbility #2125

Merged
merged 12 commits into from
Dec 13, 2023
Merged

new EntityPermissionGuard to check for EntityAbility #2125

merged 12 commits into from
Dec 13, 2023

Conversation

sleidig
Copy link
Member

@sleidig sleidig commented Dec 11, 2023
edited
Loading

  • PROBLEM: on new load (i.e. when typing the special URL in the browser), the EntityAbility does not seem to have the permissions loaded yet and is allowing any access.
  • make this apply on all routes by default
  • make Navigation menu check also for this guard, not only for userRoleGuard when hiding menu items

@github-actions GitHub Actions
Copy link
Contributor

Deployed to https://pr-2125.aam-digital.net/

@sleidig
Copy link
Member Author

sleidig commented Dec 12, 2023

To test critical path:

(1) create a route with EntityPermissionGuard, e.g. in app.routing.ts:

  {
    path: "user-account",
    component: UserAccountComponent,
    canActivate: [AuthGuard, EntityPermissionGuard],
    data: {
      requiredPermissionOperation: "update",
      config: { entityType: "Config" },
    },
  },

(2) change DatatabaseRules in demo-permission-generator.service.ts for user_app, to have some missing entity permissions

(3) visit that path, and also reload page on the forbidden path as this has previously been an error
try this in both mock and local mode, as behavior may be different.

@sleidig sleidig requested a review from TheSlimvReal December 12, 2023 13:43
@sleidig sleidig merged commit 9d650ec into master Dec 13, 2023
@sleidig sleidig deleted the permission-guards branch December 13, 2023 10:06
@sleidig sleidig mentioned this pull request Dec 13, 2023
Closed
@aam-digital-ci
Copy link
Collaborator

🎉 This PR is included in version 3.28.0-master.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@aam-digital-ci aam-digital-ci added the released on @master managed by CI (semantic-release) label Dec 13, 2023
@aam-digital-ci
Copy link
Collaborator

🎉 This PR is included in version 3.28.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@aam-digital-ci aam-digital-ci added the released managed by CI (semantic-release) label Jan 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheSlimvReal TheSlimvReal TheSlimvReal approved these changes

Assignees
No one assigned
Labels
released on @master managed by CI (semantic-release) released managed by CI (semantic-release)
Projects
All Tasks & Issues
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sleidig @aam-digital-ci @TheSlimvReal