Security

Since React client uses Generic REST API endpoints, the backend (CUBA) application should have properly configured Security Roles and Access groups. See the corresponding chapter in the REST API documentation.

Permissions and Access Control

Check CUBA Platform manual to learn more about how permissions work in CUBA.

Access Control Components (CUBA React Core)

You may want to hide certain UI elements (or render them as disabled) when the user doesn’t have the necessary permissions. For example, you may want to hide the Create, Edit and Remove buttons in an entity list when the user doesn’t have the corresponding entity operation permissions, or hide a button launching a business method when the user doesn’t have a certain specific permission. This can be achieved with access control components which are part of CUBA React Core library. Use:

Security Service (CUBA React Core)

You can manually check the user runtime security permissions by using Security service in CUBA React Core library. It contains methods that return a boolean value indicating whether a given permission is granted:

  • isOperationPermissionGranted for entity operation permissions.

  • isAttributePermissionGranted for entity attribute permissions.

  • isSpecificPermissionGranted for specific permissions.

CUBA REST JS Utility Methods

Alternatively you can use the corresponding methods in CUBA REST JS library:

  • getAttributePermission checks an entity attribute permission and returns DENY, VIEW or MODIFY.

  • isOperationAllowed checks an entity operation permission and returns true or false.

  • isSpecificPermissionGranted checks a specific permission and returns true of false.

Unlike Security service methods, these methods require an object containing current user permissions to be passed as argument. You can obtain the permissions object by using getEffectivePermissions method.