feat(core): Refactor how permissions get serialized for sessions into using a new strategy #3222
Conversation
… using a new strategy
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
packages/core/src/config/auth/channel-role-permission-resolver-strategy.ts
Outdated
Show resolved
Hide resolved
…stand the overlap
| import { UserChannelPermissions } from '../../service/helpers/utils/get-user-channels-permissions'; | ||
|
|
||
| /** | ||
| * @description TODO |
There was a problem hiding this comment.
/**
* @description
* A RolePermissionResolverStrategy defines how role-based permissions for a user should be resolved.
* This strategy is used to determine the permissions assigned to a user based on their roles per channel.
*
* By default {@link DefaultRolePermissionResolverStrategy} is used. However, for more complex environments using
* multiple channels and roles {@link ChannelRolePermissionResolverStrategy} is recommended.
*
* :::info
*
* This is configured via the `authOptions.rolePermissionResolverStrategy` properties of your VendureConfig.
*
* :::
*
* @docsCategory auth
* @since 3.3.0
*/There was a problem hiding this comment.
I like it, thanks. 👍 Will add comments once we finalize the PR and everything is set.
…ResolverStrategy` We need UI for the selection of channels but for the POC it will simply assign the default channel. Also moved emitting of events to the end of admin-update function so that a failure from updating custom field relations doesnt lead to wrong behavior of event handlers.
|
| @@ -14,6 +14,7 @@ export interface UserChannelPermissions { | |||
|
|
|||
| /** | |||
| * Returns an array of Channels and permissions on those Channels for the given User. | |||
| * @deprecated See `RolePermissionResolverStrategy` | |||
There was a problem hiding this comment.
Do we really need to deprecate this first? This helper isn't exported, so I would say it's ok to just mention in the changelog that you should use configService.authOptions.rolePermissionResolverStrategy.resolvePermissions from now on.
| /** | ||
| * @param user User for which you want to retrieve permissions | ||
| */ | ||
| resolvePermissions(user: User): Promise<UserChannelPermissions[]>; |
There was a problem hiding this comment.
Maybe a bit nitpicky, but more consistent with the rest of the codebase: saveUserRoles and getPermissionsForUser, instead of resolve/persists?
There was a problem hiding this comment.
Also, the channelIds: ID[] seems pretty crucial for this PoC to work? But the PR is still in draft, right?
|
I like it already. One question, to mess everything up: Is there any functional benefit of useing I know it makes this PR less complex and less breaking, but if there is no functional benefit over the |
|
This is a proof of concept for #3095
Description
Since this is WIP and theres no UI updates, you gotta update your DB manually to use the new
ChannelRoleEntity by inserting rows.Breaking changes
Nothing should change with the default strategy but once you use the new strategy there is a breaking change. This makes this feature opt-in for people that are interested in multi-vendor setups.
Screenshots
You can add screenshots here if applicable.
ToDo
Checklist
📌 Always:
👍 Most of the time: