Access Control Casbin for nulled menu item (Parents)
I have this:
import { newModel, StringAdapter } from "casbin";
export const model = newModel(
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
);
export const adapter = new StringAdapter(
p, admin, users, (list)|(delete)
p, admin, canvases, (list)|(edit)|(delete)
p, editor, users, list
p, editor, canvases, (list)|(edit)
);
and:
import { newEnforcer } from "casbin";
import { CanParams, CanReturnType } from "@refinedev/core";
import { adapter, model } from "../casbin/accessControl";
import { authProvider } from "./authProvider";
export const accessControlProvider = {
can: async ({ resource, action }: CanParams): Promise<CanReturnType> => {
const role = await authProvider.getPermissions?.();
const enforcer = await newEnforcer(model, adapter);
const can = await enforcer.enforce(role, resource, action);
return Promise.resolve({
can,
});
},
};
and
import type { IResourceItem } from "@refinedev/core";
import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
import { faCoffee, faCalendar } from "@fortawesome/free-solid-svg-icons";
export const resources: IResourceItem[] = [
{
name: "hello",
meta: {
icon: <FontAwesomeIcon icon={faCalendar} />,
},
}
]
I just want hello to be a parent menu item that doesn't route to anything. But it's not showing, if I change the name to "users" then it shows up in Sider.
Why, and how to implement this?2 Replies
Hi @lukevo.. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Based on the information provided in the extracts, it seems like you're trying to create a parent menu item that doesn't route to anything. In Refine, you can create a parent resource and nest other resources under it. However, the parent resource itself must also be defined as a resource.
In your case, you have defined "hello" as a resource, but it seems like it's not recognized as a valid resource by your access control provider. This could be because your access control provider is checking if the resource is included in the permission list provided by your API. If "hello" is not included in this list, it will not be displayed in the sidebar.
One way to solve this issue is to modify your access control provider to always return
true for the "hello" resource. This way, it will always be displayed in the sidebar, regardless of the permissions provided by your API.
Here's an example of how you can do this:
In this example, the can function first checks if the resource is "hello". If it is, it immediately returns true, allowing the "hello" resource to be displayed in the sidebar. If the resource is not "hello", it continues with the usual permission check.
Please note that this is a workaround and might not be the best solution depending on your specific use case. Always make sure to properly secure your application and only display resources to users who are authorized to access them.
For more information on how to use resources in Refine, you can check out the official documentation (https://refine.dev/docs/api-reference/core/interfaceReferences/#resourceitemprops).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@582491401715974144> kapa.ai is still learning and improving, please let us know how it did by reacting below