Support for RBAC plugin from Spotify bundle #256
Comments
|
Their suggestion was to implement the export const isAnswerAuthor = createAnswerPermissionRule({
name: 'IS_AUTHOR',
description: 'Should allow only if the answer is created by the user',
resourceType: ANSWER_RESOURCE_TYPE,
paramsSchema: z.object({
userRef: z.string().describe('User ID to match on the author'),
claims: z.array(z.string()).optional().describe('List of claims to match at least one on within ownedBy'),
}),
apply: (resource: Answer, {
userRef,
claims = []
}) => {
return resource.author === userRef || claims.includes(resource.author);
},
toQuery: ({
userRef,
claims = []
}) => {
return { property: 'answers.author', values: [...claims, userRef], };
},
}); |
|
That might work if the userRef and claims are both optional. Otherwise it's a breaking change and don't want to do that if possible. Other option is to introduce a new rule but that doesn't feel right either. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As already discussed on Discord I've been trying to integrate this plugin into our Backstage instance. I would like to setup the authorization through the RBAC plugin from the Spotify bundle. Unfortunately I ran into an issue with allowing a user to delete their own posts, but not others. I've been in touch with the Spotify team about this issue and they are saying that the permission rule
IS_AUTHORneeds to have a parameter of type string array in order for this to work.The text was updated successfully, but these errors were encountered: