Limiting access of a custom plugin to admin users only

Questions and Answers Strapi Admin
,
1
System Information
  • Strapi Version: 4.4.7
  • Operating System: macOS
  • Database: mySQL
  • Node Version: 16
  • NPM Version: 8.6
  • Yarn Version:

I have created a custom plugin which I want to be accessible for the Admin users only and not everyone. How can this be done?

Any help is appreciated, thanks.

1 Like
2

You can add permissions to plugins what would only allow for users with that specific permission to see it

in server/bootstrap.js


module.exports = async ({ strapi }) => {
  const actions = [
    {
      section: 'plugins',
      displayName: 'Read',
      uid: 'read',
      pluginName: 'protected-populate',
    },
  ];

  await strapi.admin.services.permission.actionProvider.registerMany(actions);
};

then in your admin you would need to add the following 3 things

admin/src/permissions.js

const pluginPermissions = {
  main: [{ action: 'plugin::protected-populate.read', subject: null }],
};
export default pluginPermissions;

admin/src/pages/app/index.js

import React from 'react';
import { Switch, Route } from 'react-router-dom';
import { NotFound, CheckPagePermissions } from '@strapi/helper-plugin';
import pluginId from '../../pluginId';
import pluginPermissions from '../../permissions';
import HomePage from '../HomePage';

const App = () => {
  return (
    <CheckPagePermissions permissions={pluginPermissions.main}>
      <Switch>
        <Route path={`/plugins/${pluginId}`} component={HomePage} exact />
        <Route component={NotFound} />
      </Switch>
    </CheckPagePermissions>
  );
};

export default App;

and in admin/src/index.js where you register your app to the menu

export default {
  register(app) {
    app.addMenuLink({
      to: `/plugins/${pluginId}`,
      icon: PluginIcon,
      intlLabel: {
        id: `${pluginId}.plugin.displayName`,
        defaultMessage: name,
      },
      permissions: pluginPermissions.main,
      Component: async () => {
        const component = await import(/* webpackChunkName: "[request]" */ './pages/App');

        return component;
      },
    });
    app.registerPlugin({
      id: pluginId,
      initializer: Initializer,
      isReady: false,
      name,
    });
  },

only thing you should care about is the permissions section

1 Like
3

Thanks for the detailed answer, I tried to replicate the same with my plugin, but it is not accessible by the super-admin either.
Is there anything wrong that I am doing?

4

can’t answer that witout seeing the code\

5

my bad, did some silly mistake in the bootstrap.js file. Able to restrict the plugin access to super-admins only.
Can i also, provide access of the plugin to other set of users as well (like authors or editors)?

Also, thanks a lot for your answer, really saved my day!

6

Hey bro, i have the same problem, how did you do?

7

Can you paste the code?

8

Thanks for providing this very useful guide! There is a documentation for those who are interested here: https://contributor.strapi.io/permissions

I’d like to set default permissions for the “Editor” and “Author” in my plugin. However I couldn’t find out how to do that. @Boegie19 is there a way to do that?

9

@Boegie19 @johnwick
I have followed your instructions which seems to work for localhost/dev environment. The plugin permissions shows under Settings > Roles > Super Admin > Plugins in the admin dashboard. It has READ checked.

However, when I deploy to production this is unchecked, and all boxes are disabled for super admin. Do you know why it works in Localhost but not in production?

Localhost:

image
image682Ă—508 21.5 KB

Production

image
image855Ă—507 24 KB