prime icon indicating copy to clipboard operation
prime copied to clipboard
verified publisher icon birkir

add users

Open jmarsault opened this issue 6 years ago • 12 comments

Hi,

I can't add new users, the "create" button is greyed out. I deployed the project on Heroku, do I need to configure something ?

It would be really great if we could delegate authentication and roles to a third party tool like Keycloak or Okta

jmarsault avatar Mar 21 '19 09:03 jmarsault

I'll look into this. Looks like you don't have an admin role on your account.

https://github.com/birkir/prime/blob/master/packages/prime-ui/src/routes/settings/Users.tsx#L203

  • I will not be integrating third party SaaS for authentication.
  • Prime must work offline.
  • I am using accounts-js which has support for everything but roles.
  • I am using @casl/ability for roles.
  • No matter what service, I would always have to build the UI to control roles, permissions and accounts.

birkir avatar Mar 22 '19 13:03 birkir

Hey @casl/ability looks great, in case you want to change the permissions layer down the road, https://github.com/maticzav/graphql-shield let's use a more graphql-centric approach to it, applying a resolvers/permissions layer to a graphql schema on your yoga server or with middleware on any graphQL app.

agustif avatar Mar 22 '19 15:03 agustif

Yes I tried graphql-shield, nice library, but having an isomorphic solution was a game changer for me.

I create the roles on prime core and can pass them as JSON object to the UI for rehydration of @cask/ability so I can check permissions on the front-end too, like disable buttons and so on 👍

It was very easy to add decorator to authorize the same way https://github.com/birkir/prime/blob/master/packages/prime-core/src/modules/internal/resolvers/UserResolver.ts#L44

birkir avatar Mar 22 '19 17:03 birkir

Yes I tried graphql-shield, nice library, but having an isomorphic solution was a game changer for me.

I create the roles on prime core and can pass them as JSON object to the UI for rehydration of @cask/ability so I can check permissions on the front-end too, like disable buttons and so on 👍

It was very easy to add decorator to authorize the same way https://github.com/birkir/prime/blob/master/packages/prime-core/src/modules/internal/resolvers/UserResolver.ts#L44

Thanks for sharing your insights, I haven't got to use prime at our company yet, but it does has discovered me the wonders of TypeScript, and also TypeORM+TypeGraphQL, and planning to use AccountsJS...

Alas I'm gonna give @casl/ability a shot as I am already enjoying decorators and what not in my project!

Not sure what isomorphic means (googling it like now) but if it's the type safe approach I love it and really helps me understand and debug my system to be able to get linting and what not from the language itself and catching those ugly bugs before release.

Anyway, thanks again for sharing, And I'm sure I will be able to add in some way in the future either by doing nice extensions/examples/blogposts/documentation/translations whatever is welcome!

PS: I also find ant.design a great -bootstrap- current beautiful alternative for the frontend to shine. and the nextJS and Gatsby examples are great too!

agustif avatar Mar 22 '19 18:03 agustif

Managing access with Single Sign-On is a major concern for a company. Do you plan to support it in the future?

jmarsault avatar Mar 24 '19 10:03 jmarsault

No. Not from prime standpoint. It will have to be done for accounts-js.

I could create a PR to accounts-js to add support for that. Or the community.

Does that make sense?

Quick question, what sso is most used? Do you know of any npm package that does the support? for reference.

Thanks.

birkir avatar Mar 24 '19 16:03 birkir

I don't know accounts-js but openid-client could do the job.

I was able to implement SSO quite easily on personal projects in Vue/Angular with vue-authenticate and angular-oauth2-oidc

Thanks

jmarsault avatar Mar 27 '19 19:03 jmarsault

Hi @birkir You say to create an new user i need to have an administrator role. I have created a new prime instance. How do I add a role to my user?

thank you in advance

HerrGries avatar Apr 02 '19 17:04 HerrGries

No. Not from prime standpoint. It will have to be done for accounts-js.

I could create a PR to accounts-js to add support for that. Or the community.

Does that make sense?

Quick question, what sso is most used? Do you know of any npm package that does the support? for reference.

Thanks.

Hey birkir, I just saw this on accountsJS docs https://accounts-js.netlify.com/docs/strategies/oauth

agustif avatar Apr 05 '19 22:04 agustif

I fixed the issue for now. But I need to do a real overhaul on roles and permissions.

birkir avatar Apr 07 '19 21:04 birkir

Hi @birkir same question as @oxivon. Have a new instance, but my default user doesn't have access to create additional users. How do I give my default user the correct privileges?

alihasan avatar May 08 '19 21:05 alihasan

Hey @alihasan, Did you update the repository to the newest version? All members are admin by default now.

HerrGries avatar May 09 '19 06:05 HerrGries