Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Restriction Behaviour inconsistent #3238

Closed
tognotti opened this issue Jul 7, 2020 · 5 comments
Closed

Access Restriction Behaviour inconsistent #3238

tognotti opened this issue Jul 7, 2020 · 5 comments

Comments

@tognotti
Copy link

tognotti commented Jul 7, 2020
edited
Loading

Bug report

Bug description

When a user is not allowed to read, create or update a field, the field is still shown in Admin UI with a shield next to it. When a user is not allowed to create items of a list the create button is still shown to the user. If a user is not able to read a list, the list is still shown to the user in the left navigation.

To Reproduce

Steps to reproduce the behaviour. Please provide code snippets or a repository:

  1. Create keystonejs App and use the starter template
  2. Create a user which is no admin
  3. Got to Admin UI
  4. Go to Users
  5. Click on the new user
  6. Field "isAdmin" is presented to the user and the user can edit it and only get an error when trying to save

Expected behaviour

Fields users are not allowed to read, create and update should not be shown in Admin UI and fields users are not allowed to update or create but are allowed to read should be disabled. Lists users are not allowed to read should be removed from the sidebar and if users can not create items the create buttons should not be shown at all. This works as expected with static access control

System information

  • OS: macOS
@matheuschimelli
Copy link
Contributor

matheuschimelli commented Jul 9, 2020
edited
Loading

Have you enabled the auth protection for the Admin UI?

@tognotti
Copy link
Author

tognotti commented Jul 9, 2020
edited
Loading

Have you enabled the auth protection for the Admin UI?

Of course I have. It already happens in the starter project. The fields are displayed and only when trying to update them an error occurs instead of them being disabled or not shown at all if the user also is not allowed to read them.

@tognotti
Copy link
Author

tognotti commented Jul 9, 2020
edited
Loading

This is what happens if auth is set up like in the starter app. If a user is not allowed to read a list, it still is shown in the sidebar navigation. If a user has no access to a field, it is still shown to the user but updating it will fail. There is a shield next to a field if a user can not update it.

Bildschirmfoto 2020-07-09 um 08 05 39

Bildschirmfoto 2020-07-09 um 08 05 32

Bildschirmfoto 2020-07-09 um 08 01 23

@stale
Copy link

stale bot commented Nov 6, 2020

It looks like there hasn't been any activity here in over 6 months. Sorry about that! We've flagged this issue for special attention. It wil be manually reviewed by maintainers, not automatically closed. If you have any additional information please leave us a comment. It really helps! Thank you for you contribution. :)

@stale stale bot added the needs-review label Nov 6, 2020
@bladey
Copy link
Contributor

bladey commented Apr 8, 2021

Keystone 5 has officially moved into active maintenance mode as we push towards the next major new version Keystone Next, you can find out more information about this transition here.

In an effort to sustain the project going forward, we're cleaning up and closing old issues such as this one. If you feel this issue is still relevant for Keystone Next, please let us know.

@bladey bladey closed this as completed Apr 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bladey @matheuschimelli @tognotti