datahub icon indicating copy to clipboard operation
datahub copied to clipboard
verified publisher icon datahub-project

feat(search): Add canViewEntityPage permission flag field to search results

Open yorubaphenom opened this issue 1 month ago • 5 comments

Adds canViewEntityPage to the EntityPrivileges GraphQL type, allowing clients to check entity page view permissions through the standard privileges field instead of relying on search result extraProperties.

What Changed This PR exposes the existing VIEW_ENTITY_PAGE privilege through the GraphQL EntityPrivileges type, making it available via the entity query's privileges field.

Changes Made:

  1. Added canViewEntityPage: Boolean field to GraphQL EntityPrivileges type
  2. Created AuthorizationUtils.isViewEntityPageAuthorized() authorization check method
  3. Made PoliciesConfig.VIEW_ENTITY_PAGE_PRIVILEGE public (was package-private)
  4. Updated EntityPrivilegesResolver.addCommonPrivileges() to populate the new field

Now: Can now check view permissions directly through the entity's privileges field:

entity {
    ... on Dataset {
      urn
      type
      privileges {
        canViewEntityPage  # Boolean
      }
    }
  }
Screenshot 2025-11-12 at 8 00 28 AM

yorubaphenom avatar Nov 03 '25 16:11 yorubaphenom

Bundle Report

Bundle size has no change :white_check_mark:

codecov[bot] avatar Nov 03 '25 16:11 codecov[bot]

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: All tests successful. No failed tests found.

:loudspeaker: Thoughts on this report? Let us know!

codecov[bot] avatar Nov 03 '25 18:11 codecov[bot]

@yorubaphenom Thanks for the PR, can you add screenshots also depicting before and after state

deepgarg760 avatar Nov 06 '25 13:11 deepgarg760

Please add unit tests

deepgarg760 avatar Nov 12 '25 09:11 deepgarg760

We already expose privileges via the EntityPrivilegeResolver. So, it's only a matter of adding the value of AuthUtils.canViewEntity as canViewEntityPage in EntityPrivileges and that should be it. You can then use it like this:

entity {
   ... on Dataset {
      privileges {
         canViewEntityPage
      }
   }
}

That said, VIEW_AUTHORIZATION_ENABLED flag can be used to restrict search results based on available permissions. So this new privilege may not even be necessary unless there is any other use case.

thanks @sakethvarma397 I have implemented your suggestions. The use case for us is on the search page we don't want to show the entity sidebar to users who don't have the viewEntity permissions.

yorubaphenom avatar Nov 12 '25 20:11 yorubaphenom