ndb-core
ndb-core copied to clipboard
Hide sections without permissions
After finishing #768 some entities will not be visible to some user groups. If for example access to the HealthCheck
subentity is denied, the user will not be able to load the health check data. The sections connected with this data should also be hidden from the user. This should happen automatically based on the users permissions, without further configuration settings.
Implementation steps:
- [ ] extend the EntityDetailsComponent to support for an optional config property
permittedUserRoles
(an array of user-role strings) and only display those tabs for which a user has permission.
similar implementation already exists for Dashboard Widgets: https://github.com/Aam-Digital/ndb-core/blob/e6b40960babd7d8b89fd4bca554de63e24c2a52c/src/app/core/dashboard/dashboard/dashboard.component.ts#L69-L77
Once the replication backend is finished, CASL should also be used in the frontend to enforce visual feedback on permissions
This is actually still not done, the release was wrongly linked to this issue
As a simpler initial implementation, this can also be done by allowing config to specify the roles who can access a section (same config structure as for dashboard widgets permittedUserRoles
).