8000 User roles by benmerckx · Pull Request #417 · alineacms/alinea · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

User roles #417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

User roles #417

wants to merge 18 commits into from

Conversation

8000
benmerckx
Copy link
Member
@benmerckx benmerckx commented Jun 12, 2025
edited
Loading

How to test:

Install the preview

yarn add https://pkg.pr.new/alineacms/alinea@417

Create roles

const myRole = Config.role('My role', {
  async permissions(policy, graph) {
    // Allow access per resource type
    policy.set({
      workspace: primary,
      allow: {all: true}
    })

    // Allows are inherited by all children resources
    // But you can 'stop' inheritance by asking for an explicit grant
    policy.set({
      root: pages,
      // A specific allow must exist on child resources
      grant: 'explicit'
    })

    // At this point, the user can see the primary workspace and the pages root,
    // but not the entries themselves

    // We can grant access to entries of a specific type
    policy.set({
      type: Blog,
      allow: {read: true, update: true}
    })

    // We can query the graph at any point to determine further permissions
    const topEntries = await graph.query({
      root: pages,
      level: 0
    })

    for (const entry of topEntries) {
      const shouldAllow = entry.title.includes('something')
      if (shouldAllow) {
        // Allow the role to read this entry and its children
        policy.set({
          id: entry._id,
          allow: {read: true}
        })
      }
    }

    // We can also deny a certain access which was allowed by inheritance
    policy.set({
      id: 'entryid',
      deny: {read: true}
    })

    // Set overwrites previously set rights for this resource, in this case removing the deny rule
    policy.set({
      id: 'entryid',
      allow: {read: true}
    })
  }
})

Add roles to your config

const cms = createCMS({
  schema,
  workspaces,
  roles: {myRole}
})

Preview the role locally by selecting it in the sidebar:

Screenshot 2025-06-13 at 09 42 31

What is expected to work

  • create
  • read
  • update
  • delete
  • publish
  • archive
  • upload
  • move
  • reorder

Closes #114

@pkg-pr-new pkg.pr.new
Copy link
pkg-pr-new bot commented Jun 12, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/alineacms/alinea@417

commit: f52c73b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

User roles
1 participant
@benmerckx
0