ndb-core icon indicating copy to clipboard operation
ndb-core copied to clipboard

Hide sections without permissions

Open TheSlimvReal opened this issue 3 years ago • 3 comments

After finishing #768 some entities will not be visible to some user groups. If for example access to the HealthCheck subentity is denied, the user will not be able to load the health check data. The sections connected with this data should also be hidden from the user. This should happen automatically based on the users permissions, without further configuration settings.


Implementation steps:

  • [ ] extend the EntityDetailsComponent to support for an optional config property permittedUserRoles (an array of user-role strings) and only display those tabs for which a user has permission.

similar implementation already exists for Dashboard Widgets: https://github.com/Aam-Digital/ndb-core/blob/e6b40960babd7d8b89fd4bca554de63e24c2a52c/src/app/core/dashboard/dashboard/dashboard.component.ts#L69-L77

TheSlimvReal avatar Apr 14 '21 10:04 TheSlimvReal

Once the replication backend is finished, CASL should also be used in the frontend to enforce visual feedback on permissions

TheSlimvReal avatar Sep 27 '21 07:09 TheSlimvReal

This is actually still not done, the release was wrongly linked to this issue

TheSlimvReal avatar Jul 11 '22 07:07 TheSlimvReal

As a simpler initial implementation, this can also be done by allowing config to specify the roles who can access a section (same config structure as for dashboard widgets permittedUserRoles).

sleidig avatar Jan 26 '24 12:01 sleidig