Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set isFilterable to false in examples where read access is false #8247

Merged
merged 1 commit into from
Jan 16, 2023
Merged

Set isFilterable to false in examples where read access is false #8247

merged 1 commit into from
Jan 16, 2023

Conversation

borisno2
Copy link
Member

Both the basic and custom-sesson-validation examples have fields with field-level access control that don't allow reads, this PR also sets those fields to isFilterable: false

@changeset-bot

This comment was marked as resolved.

Sign in to view
@vercel
Copy link

vercel bot commented Jan 15, 2023

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
keystone-next-docs ✅ Ready (Inspect) Visit Preview Jan 15, 2023 at 10:32PM (UTC)

@codesandbox-ci
Copy link

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 04025f7:

Sandbox Source
@keystone-6/sandbox Configuration

@borisno2 borisno2 requested a review from dcousens January 15, 2023 22:37
@dcousens
Copy link
Member

dcousens commented Jan 15, 2023
edited
Loading

Any thoughts about

@borisno2
Copy link
Member Author

Any thoughts about

The first one requires filtering for auth to work - this is where isFilterable: false would be too blunt - this would generally fall to list filtering however in this example it is allowAll on read, so not the most security-centered example. If I was writing something like this where some parts of user needed to be public, I would separate those out into a separate list, and if required, use virtual fields to not replicate data.

As for the guide maybe this needs some rework to align with some "best practices", ie there is no access control at all on the User list. I would also generally recommend separate lists for User Authentication/Authorization and Application concerns with the Auth list completely locked down at the list level.

@borisno2 borisno2 merged commit e02761a into main Jan 16, 2023
@borisno2 borisno2 deleted the use-isFilterable-in-examples branch January 16, 2023 00:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dcousens dcousens dcousens approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@borisno2 @dcousens