From cd8693ba9bbeeaa7ed25e94aa8d48d5fea66542a Mon Sep 17 00:00:00 2001 From: Josh <37798644+joshuaellis@users.noreply.github.com> Date: Thu, 2 Feb 2023 15:39:18 +0000 Subject: [PATCH] chore: add notes based on exploration --- .../frontend/fetching-permissions.mdx | 15 +++++++ .../frontend/using-permissions.mdx | 28 +++++++++++++ docs/docs/core/permissions/how-they-work.mdx | 20 +++++++++ docs/docs/core/permissions/intro.md | 29 +++++++++++++ docs/sidebars.js | 42 +++++++++++++++++++ 5 files changed, 134 insertions(+) create mode 100644 docs/docs/core/permissions/frontend/fetching-permissions.mdx create mode 100644 docs/docs/core/permissions/frontend/using-permissions.mdx create mode 100644 docs/docs/core/permissions/how-they-work.mdx create mode 100644 docs/docs/core/permissions/intro.md diff --git a/docs/docs/core/permissions/frontend/fetching-permissions.mdx b/docs/docs/core/permissions/frontend/fetching-permissions.mdx new file mode 100644 index 0000000000..0079e6c1df --- /dev/null +++ b/docs/docs/core/permissions/frontend/fetching-permissions.mdx @@ -0,0 +1,15 @@ +--- +title: Fetching Permissions +tags: + - permissions + - RBAC +--- + +- permissions are fetched from the API in `admin/admin/src/AuthenticatedApp` the cache key is `admin-users-permission`. +- Permission route is `/admin/users/me/permissions` because we're focussed on me as a user on the FE. +- ADD EXAMPLE RESPONSE + +- the data is then passed to an `RBACProvider` which the src for this is situated in the `helper-plugin` package. +- it's in the highest point of the actual application alongside the route where you login. +- the context also has a refetch functionality so we can check again at any time. +- You access all this via the `useRBACProvider` hook (separate doc). diff --git a/docs/docs/core/permissions/frontend/using-permissions.mdx b/docs/docs/core/permissions/frontend/using-permissions.mdx new file mode 100644 index 0000000000..eadbc9af75 --- /dev/null +++ b/docs/docs/core/permissions/frontend/using-permissions.mdx @@ -0,0 +1,28 @@ +--- +title: Using Permissions +tags: + - permissions + - RBAC + - useRBAC +--- + +- API reference for useRBACProvider hook (which is just a wrapper around useContext) & methods + +--- + +- There's two helper components + + - CheckPagePermissions this is for views + - CheckPermissions this is for components/fields etc. + +--- + +- useRBAC hook which is more of an actual hook + + - how does it work with REDUX? + +--- + +- useSyncRBAC hook (only in content manager LOL) (write about it here cause it's important but then add a doc in the CM documentation linking back to this) + - it gets the permissions specific to a content-type and then a particular view of that content-type e.g. ADDRESSES and just the list-view + - then passes "allowedActions" to `EditViewDataManagerProvider` so then write something on permissions in the content-manager cause that's obvs unique nice. diff --git a/docs/docs/core/permissions/how-they-work.mdx b/docs/docs/core/permissions/how-they-work.mdx new file mode 100644 index 0000000000..e61f9995df --- /dev/null +++ b/docs/docs/core/permissions/how-they-work.mdx @@ -0,0 +1,20 @@ +--- +title: How they work +tags: + - permissions + - RBAC +--- + +Talk about this stuff and what it means (probably needs Pierre to give me a 10min recap) + +```ts +const permissions = { + create: [{ action: 'plugin::content-manager.explorer.create', subject: null }], + delete: [{ action: 'plugin::content-manager.explorer.delete', subject: null }], + publish: [{ action: 'plugin::content-manager.explorer.publish', subject: null }], + read: [{ action: 'plugin::content-manager.explorer.read', subject: null }], + update: [{ action: 'plugin::content-manager.explorer.update', subject: null }], +}; +``` + +## Setting up permissions for a plugin diff --git a/docs/docs/core/permissions/intro.md b/docs/docs/core/permissions/intro.md new file mode 100644 index 0000000000..81338818cf --- /dev/null +++ b/docs/docs/core/permissions/intro.md @@ -0,0 +1,29 @@ +--- +title: Introduction +slug: /permissions +tags: + - permissions + - RBAC +--- + +# Permissions (RBAC) + +:::caution +This is not about the `user-permissions` plugin which is API orientated, this is about roles based access control commonly known as RBAC. +::: + +This section is an overview of all the features realted to the Permissions core plugin: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import { useCurrentSidebarCategory } from '@docusaurus/theme-common'; + + +``` + +--- + +## ⚠️ To document ⚠️ + +- RBAC in the settings page of the admin app +- How RBAC works serverside diff --git a/docs/sidebars.js b/docs/sidebars.js index 455f143990..bf6c6ecb96 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -35,6 +35,17 @@ const sidebars = { }, collapsible: false, items: [ + { + type: 'category', + label: 'Admin', + items: [ + { + type: 'doc', + label: 'Link Strapi Design System', + id: 'core/admin/link-strapi-design-system', + }, + ], + }, { type: 'category', label: 'Content Manager', @@ -98,6 +109,37 @@ const sidebars = { }, ], }, + { + type: 'category', + label: 'Permissions (RBAC)', + link: { + type: 'doc', + id: 'core/permissions/intro', + }, + items: [ + { + type: 'doc', + label: 'How Permissions Work', + id: 'core/permissions/how-they-work', + }, + { + type: 'category', + label: 'RBAC on the frontend', + items: [ + { + type: 'doc', + label: 'Fetching Permissions', + id: 'core/permissions/frontend/fetching-permissions', + }, + { + type: 'doc', + label: 'Using Permissions', + id: 'core/permissions/frontend/using-permissions', + }, + ], + }, + ], + }, { type: 'category', label: 'Utils',