Merge pull request #17333 from strapi/fix/use-rbac-recalc

2026-01-06 12:13:52 +00:00 · 2023-07-17 14:58:13 +01:00 · 2023-07-17 14:58:13 +01:00 · e70c18d5ed
commit e70c18d5ed
parent 8aae5221b0 b4e73c4a05
2 changed files with 90 additions and 1 deletions
--- a/packages/core/helper-plugin/src/hooks/tests/useRBAC.test.js
+++ b/packages/core/helper-plugin/src/hooks/tests/useRBAC.test.js
@ -137,6 +137,95 @@ describe('useRBAC', () => {
        }
      `);
    });
+
+    /**
+     * There may be cases where permissionsToCheck and the passed Permissions update at different times
+     * so therefore we can't just depend on permissionsToCheck to recalculate the permissions but we also
+     * need to recalculate the permissions when the permissions argument changes.
+     */
+    it('should recalculate the permissions the permissions argument changes', async () => {
+      const { result, rerender } = renderHook(
+        ({ permissions, permissionsToCheck }) => {
+          return useRBAC(permissionsToCheck, permissions);
+        },
+        {
+          initialProps: {
+            permissionsToCheck: {
+              create: [
+                {
+                  action: 'plugin::content-manager.explorer.update',
+                  subject: 'api::about.about',
+                },
+              ],
+            },
+            permissions: [
+              {
+                action: 'plugin::content-manager.explorer.update',
+                subject: 'api::about.about',
+              },
+            ],
+          },
+        }
+      );
+
+      await waitFor(() => expect(result.current.isLoading).toBe(false));
+
+      expect(result.current.allowedActions).toMatchInlineSnapshot(`
+        {
+          "canCreate": true,
+        }
+      `);
+
+      rerender({
+        permissionsToCheck: {
+          create: [
+            {
+              action: 'plugin::content-manager.explorer.update',
+              subject: 'api::term.term',
+            },
+          ],
+        },
+        permissions: [
+          {
+            action: 'plugin::content-manager.explorer.update',
+            subject: 'api::about.about',
+          },
+        ],
+      });
+
+      await waitFor(() => expect(result.current.isLoading).toBe(false));
+
+      expect(result.current.allowedActions).toMatchInlineSnapshot(`
+        {
+          "canCreate": false,
+        }
+      `);
+
+      rerender({
+        permissionsToCheck: {
+          create: [
+            {
+              action: 'plugin::content-manager.explorer.update',
+              subject: 'api::term.term',
+            },
+          ],
+        },
+        permissions: [
+          {
+            action: 'plugin::content-manager.explorer.update',
+            subject: 'api::term.term',
+          },
+        ],
+      });
+
+      await waitFor(() => expect(result.current.isLoading).toBe(false));
+
+      expect(result.current.allowedActions).toMatchInlineSnapshot(`
+        {
+          "canCreate": true,
+        }
+      `);
+    });
  });

  describe('checking against the server if there are conditions in the permissions', () => {
--- a/packages/core/helper-plugin/src/hooks/useRBAC.js
+++ b/packages/core/helper-plugin/src/hooks/useRBAC.js
@ -40,7 +40,7 @@ export const useRBAC = (permissionsToCheck, passedPermissions) => {

  const queryResults = useQueries(
    permissionsToCheckEntries.map(([name, permissions]) => ({
-      queryKey: ['useRBAC', name, permissions.map(({ action, subject }) => ({ action, subject }))],
+      queryKey: ['useRBAC', name, permissions, userPermissions],
      async queryFn() {
        if (!permissions || !permissions.length) {
          return { name, hasPermission: true };