refine resources authorize
Unauthorized users have restricted category listings. In _app.tsx, customergroups should not be exposed unless you have permission to do so. However, I can see this part of the communication happening briefly in the Chrome developer tools, so how can I not expose it?
3 Replies
Hi @florent. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
In refine, the
accessControlProvider
is responsible for managing access to resources based on user permissions. It uses the can
method to determine if a user can perform a certain action on a resource.
In your case, you want to restrict access to the customergroups
resource. You can do this by modifying the can
method in your accessControlProvider
to check if the resource is customergroups
and then return { can: false }
if the user does not have the necessary permissions.
Here's how you can modify your accessControlProvider
:
In this code, we're checking if the resource is customergroups
and if the user's permissions do not include customergroups
. If both conditions are true, we return { can: false }
, which restricts access to the customergroups
resource.
Remember to replace 'customergroups'
with the actual permission that should grant access to the customergroups
resource.
For more information on how to use the accessControlProvider
, you can refer to the refine documentation (https://refine.dev/docs/advanced-tutorials/access-control#adding-accesscontrolprovider).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@1184365192482652173> kapa.ai is still learning and improving, please let us know how it did by reacting below
vicious-gold•12mo ago
Hello @florent , If the useList hook with resource "customergroups" is mounting, it will throw a request. If you provide us a reproducible example we will be happy to debug it