Security
Since React client uses Generic REST API endpoints, the backend (CUBA) application should have properly configured Security Roles and Access groups. See the corresponding chapter in the REST API documentation.
Permissions and Access Control
Check CUBA Platform manual to learn more about how permissions work in CUBA. |
Access Control Components (CUBA React Core)
You may want to hide certain UI elements (or render them as disabled) when the user doesn’t have the necessary permissions. For example, you may want to hide the Create, Edit and Remove buttons in an entity list when the user doesn’t have the corresponding entity operation permissions, or hide a button launching a business method when the user doesn’t have a certain specific permission. This can be achieved with access control components which are part of CUBA React Core library. Use:
-
EntityPermAccessControl when condition involves a single entity operation permission,
-
AttrPermAccessControl when condition involves a single entity attribute permission,
-
SpecificPermAccessControl when condition involves one or more specific permissions,
-
AccessControl when you have a complex condition.
Security Service (CUBA React Core)
You can manually check the user runtime security permissions by using Security service in CUBA React Core library. It contains methods that return a boolean value indicating whether a given permission is granted:
-
isOperationPermissionGranted
for entity operation permissions. -
isAttributePermissionGranted
for entity attribute permissions. -
isSpecificPermissionGranted
for specific permissions.
CUBA REST JS Utility Methods
Alternatively you can use the corresponding methods in CUBA REST JS library:
-
getAttributePermission
checks an entity attribute permission and returnsDENY
,VIEW
orMODIFY
. -
isOperationAllowed
checks an entity operation permission and returnstrue
orfalse
. -
isSpecificPermissionGranted
checks a specific permission and returnstrue
offalse
.
Unlike Security service methods, these methods require an object containing current user permissions to be passed as argument. You can obtain the permissions object by using getEffectivePermissions method.