dependent-tan
dependent-tan2y ago

user authorization within getUserIdentity

I'd like to check user's role before I let him use ADMIN page. My API returns accessToken only when a user logged in. So, I thought getUserIdentity is a right place to perform authorization. the following is what I have in my authProvider; 
    getUserIdentity: async () => {
      const userInfo = await axiosInstance.get(`${apiUrl}/user`)
      if (userInfo?.data?.role === 'ADMIN') {
         return Promise.resolve(userInfo.data)
      }
      localStorage.removeItem(ACCESS_TOKEN)
      return Promise.reject({ redirectPath: '/login' })
    },
    getUserIdentity: async () => {
      const userInfo = await axiosInstance.get(`${apiUrl}/user`)
      if (userInfo?.data?.role === 'ADMIN') {
         return Promise.resolve(userInfo.data)
      }
      localStorage.removeItem(ACCESS_TOKEN)
      return Promise.reject({ redirectPath: '/login' })
    },
even if I simply return Promise.reject({ redirectPath: '' }) in getUserIdentity, it didn't redirect me to the login page. What I'm doing wrong? JFYI, refine core version : 3.86.2
2 Replies
ambitious-aqua
ambitious-aqua2y ago
Hey @chuck, getUserIdentity is used to get the user data rather than controlling the authorization. I think what you're looking for is the accessControlProvider which you can implement a simple function to handle the access control. Here's the docs for it https://refine.dev/docs/api-reference/core/providers/accessControl-provider
Access Control Provider | refine
Access control is a broad topic where there are lots of advanced solutions that provide different set of features. refine is deliberately agnostic for its own API to be able to integrate different methods (RBAC, ABAC, ACL, etc.) and different libraries (Casbin, CASL, Cerbos, AccessControl.js). can method would be the entry point for those soluti...
dependent-tan
dependent-tan2y ago
@aliemirs thank you for your super fast answer. i appreciate that a lot. i have one more question though.I'm still having a hard time to figure out where that Promise.reject() or Promise.resolve() returned from getUserIdentity is taken care of. Can you please point me out where i can find some reference about how the auth process works.
More Posts
and step formhow to access form.item values which are in stepform in antd formprops.onFinishuseCustomMutation doesn't lead into AuthProvider checkAuth and checkErrorwhen using useCustomMutation, it doesn't lead into checkError or even checkAuth. Is this normal? andReducing bundle sizeThe bundle size of my Refine app built with Next.js and Material UI is very high and the app is veryFinefoods Admin Dashboard ExampleI got a question regarding one of the examples. The finefoods Ant design admin panel. On the ordersclose sideris there any way to close sider programmatically?How to create a multi-select control for resources with Antd?I'm trying to build a select list which it can select multiple related resources (with Strapi v4 rel