Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How do I associate automatically generated permissions with the Public role? #2274

Open
yamen321 opened this issue Oct 7, 2024 · 1 comment
Open

How do I associate automatically generated permissions with the Public role? #2274

yamen321 opened this issue Oct 7, 2024 · 1 comment

Comments

@yamen321
Copy link

yamen321 commented Oct 7, 2024

Hello,

I have a question regarding permissions associated with the "Public" role.

I've spent a lot of time digging through the documentation as well as the source code, but I couldn't figure out the simplest method to add a CRUD permission like "can list on view" without using the security roles/list UI on the actual web app.

For example, I have a view named "HomepageView" and I would like to add the automatically generated permissions "can list on HomepageView" and "can show on HomepageView" to the Public role so that users can view data displayed on that view without having to log in.

I was able to accomplish this using the built-in security UI as shown below:
image

However, I wasn't able to do this using the FAB_ROLES setting in the config file as explained in the documentation:
image

Is it even possible to use the config file to accomplish this?
@Yoyasp
Copy link
Contributor

Yoyasp commented Oct 29, 2024

Hi there,

By default there are only two roles (Admin and Public). These are defined in the options AUTH_ROLE_ADMIN and AUTH_ROLE_PUBLIC. If you have roles defined in the FAB_ROLES definition Appbuilder will create a new role in the database on startup that has those permissions listed. However new users will not automatically have this role assigned.
In your case the role: ReadOnly will be created but users that are not logged in will still only have the role: Public assigned.

You could set the AUTH_ROLE_PUBLIC to this new ReadOnly role, but that would mean that every visitor can show the data of all your models (including User info). So that would not be the way to go....

Im assuming the View you want everybody to see is a ModelView.

You could create a new FAB_ROLES mapping for the Public role:

FAB_ROLES = {
    "Public": [
        ["HomepageView", "can_list"],
        ["HomepageView", "can_show"],
        ["HomepageView", "menu_access"],
        ["HomepageView", "can_get"],
        ["HomepageView", "can_info"]
    ]
}

Another way is to create your own custom PublicModelView that has all the code of the ModelView except the @has_access decorator and let your HomePageView inherit from there.

One more side note: Your view is named HomePageView, i assume that this is your index/landing page when people visit your site.
Have you looked at the IndexView?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Yoyasp @yamen321