probable-pink
probable-pink2y ago

user authorization within getUserIdentity

I'd like to check user's role before I let him use ADMIN page. My API returns accessToken only when a user logged in. So, I thought getUserIdentity is a right place to perform authorization. the following is what I have in my authProvider;
getUserIdentity: async () => {
const userInfo = await axiosInstance.get(`${apiUrl}/user`)
if (userInfo?.data?.role === 'ADMIN') {
return Promise.resolve(userInfo.data)
}
localStorage.removeItem(ACCESS_TOKEN)
return Promise.reject({ redirectPath: '/login' })
},
getUserIdentity: async () => {
const userInfo = await axiosInstance.get(`${apiUrl}/user`)
if (userInfo?.data?.role === 'ADMIN') {
return Promise.resolve(userInfo.data)
}
localStorage.removeItem(ACCESS_TOKEN)
return Promise.reject({ redirectPath: '/login' })
},
even if I simply return Promise.reject({ redirectPath: '' }) in getUserIdentity, it didn't redirect me to the login page. What I'm doing wrong? JFYI, refine core version : 3.86.2
2 Replies
adverse-sapphire
adverse-sapphire2y ago
Hey @chuck, getUserIdentity is used to get the user data rather than controlling the authorization. I think what you're looking for is the accessControlProvider which you can implement a simple function to handle the access control. Here's the docs for it https://refine.dev/docs/api-reference/core/providers/accessControl-provider
Access Control Provider | refine
Access control is a broad topic where there are lots of advanced solutions that provide different set of features. refine is deliberately agnostic for its own API to be able to integrate different methods (RBAC, ABAC, ACL, etc.) and different libraries (Casbin, CASL, Cerbos, AccessControl.js). can method would be the entry point for those soluti...
probable-pink
probable-pink2y ago
@aliemirs thank you for your super fast answer. i appreciate that a lot. i have one more question though.I'm still having a hard time to figure out where that Promise.reject() or Promise.resolve() returned from getUserIdentity is taken care of. Can you please point me out where i can find some reference about how the auth process works.