-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add docs for user permissions #2128
base: main
Are you sure you want to change the base?
Conversation
User-permissions have basically the same topic as the content-scope docs. If you want to move parts into user-permissions you should at least add a link. Or - maybe the whole content-scope topic should be integrated into user-permissions |
Actually, there is one: https://github.com/vivid-planet/comet/pull/2128/files#diff-6de07fe72c2ca99e1f939c8c7fb83a75b8cc2d3461488b02eddfaacc471de65cR22
I thought about this but decided to leave the general explanation as is and move the permission specific parts. |
not the other way where you removed @ScopedEntity and @AffectedEntity (https://github.com/vivid-planet/comet/pull/2128/files#diff-05e86dd9dbc3fa6137f21d6a53defee69158651691820542b313fd9f925a2a3fL59) |
|
Use this option only when you are sure that checking the scope is not necessary (e.g. the current entity does not have a scope). Do not add it just because it seems cumbersome at the moment to add the correct `AffectedEntity`/`ScopedEntity` decorators. | ||
::: | ||
|
||
:::note |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This note doesn't seem right here. Was this intentional?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, because in many cases skipScopeCheck is disabled only for this reason. But we could think about a more prominent location for this advice since it covers a fairly extensive design guideline.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, maybe add a sentence that skipScopeCheck shouldn't be used in combination with @GetCurrentUser()
?
But we could think about a more prominent location for this advice since it covers a fairly extensive design guideline.
This could be something for a follow-up PR regarding general API design.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Co-authored-by: Johannes Obermair <48853629+johnnyomair@users.noreply.github.com>
Co-authored-by: Johannes Obermair <48853629+johnnyomair@users.noreply.github.com>
Co-authored-by: Johannes Obermair <48853629+johnnyomair@users.noreply.github.com>
Co-authored-by: Johannes Obermair <48853629+johnnyomair@users.noreply.github.com>
Co-authored-by: Johannes Obermair <48853629+johnnyomair@users.noreply.github.com>
@fraxachun this PR still has some open concerns (to be fair, they are hidden by GitHub's UI) |
## Scope check | ||
|
||
:::caution | ||
COMET DXP validates the data relevant for the operation, but cannot check if the validated data is finally used. You are responsible for applying the validated data in your operations. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This sounds confusing to me. I guess what it should tell me is "Be careful which data you use and how you use it in your operation to not accidentally bypass the scope check".
What do you think about:
COMET DXP validates the data relevant for the operation, but cannot check if the validated data is finally used. You are responsible for applying the validated data in your operations. | |
COMET DXP validates the scope of the data relevant for the operation, but it cannot check how you use the data / what you do with the data within the operation. It's your job to use the data in a responsible way and without bypassing the scope check in your code. This means, for example: | |
- configuring the scope check for all data used in your operation (not just for one entity) | |
- not loading additional data from the DB without considering the scope |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand these examples.
// Note: you can trust "dealerId" being in a valid scope, but you need to make sure that your business code restricts this query to the given dealer | ||
} | ||
``` | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd also mention that you can have multiple AffectedEntity decorators:
It's possible to add multiple `@AffectedEntity` decorators to one operation if multiple entities are affected: | |
\```ts | |
@Query(Product) | |
@AffectedEntity(Product) | |
@AffectedEntity(Dealer, { idArg: "dealerId" }) | |
async product(@Args("id", { type: () => ID }) id: string, @Args("dealerId", { type: () => ID }) dealerId: string): Promise<Product> { | |
//... | |
} | |
\``` | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:::info | ||
You might have to load multiple relations for nested data. | ||
::: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For documents that get their scope from a `PageTreeNode`, you can pass the helper service `PageTreeNodeDocumentEntityScopeService` provided by the library: | |
\```ts | |
@ScopedEntity(PageTreeNodeDocumentEntityScopeService) | |
export class PredefinedPage extends BaseEntity<PredefinedPage, "id"> implements DocumentInterface { | |
\``` | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+ @AffectedEntity(User) | ||
- async myProducts(@GetCurrentUser() currentUser: CurrentUser): Promise<Product[]> { | ||
+ async productsForUser(@Args("userId", { type: () => ID }) userId: string): Promise<Product[]> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This won't work, I suppose. We either need
+ @AffectedEntity(User) | |
- async myProducts(@GetCurrentUser() currentUser: CurrentUser): Promise<Product[]> { | |
+ async productsForUser(@Args("userId", { type: () => ID }) userId: string): Promise<Product[]> { | |
+ @AffectedEntity(User) | |
- async myProducts(@GetCurrentUser() currentUser: CurrentUser): Promise<Product[]> { | |
+ async productsForUser(@Args("id", { type: () => ID }) id: string): Promise<Product[]> { |
or
+ @AffectedEntity(User) | |
- async myProducts(@GetCurrentUser() currentUser: CurrentUser): Promise<Product[]> { | |
+ async productsForUser(@Args("userId", { type: () => ID }) userId: string): Promise<Product[]> { | |
+ @AffectedEntity(User, { idArg: "userId" }) | |
- async myProducts(@GetCurrentUser() currentUser: CurrentUser): Promise<Product[]> { | |
+ async productsForUser(@Args("userId", { type: () => ID }) userId: string): Promise<Product[]> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fraxachun what's the status here? IMO it would be good to have docs for user permissions asap. |
@johnnyomair @thomasdax98 I updated this PR to merge in v7 main and tried to resolve all concerns (except #2128 (comment)). |
https://vivid-planet.atlassian.net/browse/COM-705
https://deploy-preview-2128--comet-dxp-docs.netlify.app/
COM-667