Limiting access of a custom plugin to admin users only

johnwick · April 17, 2023, 7:24am

System Information

Strapi Version: 4.4.7
Operating System: macOS
Database: mySQL
Node Version: 16
NPM Version: 8.6
Yarn Version:

I have created a custom plugin which I want to be accessible for the Admin users only and not everyone. How can this be done?

Any help is appreciated, thanks.

Boegie19 · April 17, 2023, 9:17pm

You can add permissions to plugins what would only allow for users with that specific permission to see it

in server/bootstrap.js


module.exports = async ({ strapi }) => {
  const actions = [
    {
      section: 'plugins',
      displayName: 'Read',
      uid: 'read',
      pluginName: 'protected-populate',
    },
  ];

  await strapi.admin.services.permission.actionProvider.registerMany(actions);
};

then in your admin you would need to add the following 3 things

admin/src/permissions.js

const pluginPermissions = {
  main: [{ action: 'plugin::protected-populate.read', subject: null }],
};
export default pluginPermissions;

admin/src/pages/app/index.js

import React from 'react';
import { Switch, Route } from 'react-router-dom';
import { NotFound, CheckPagePermissions } from '@strapi/helper-plugin';
import pluginId from '../../pluginId';
import pluginPermissions from '../../permissions';
import HomePage from '../HomePage';

const App = () => {
  return (
    <CheckPagePermissions permissions={pluginPermissions.main}>
      <Switch>
        <Route path={`/plugins/${pluginId}`} component={HomePage} exact />
        <Route component={NotFound} />
      </Switch>
    </CheckPagePermissions>
  );
};

export default App;

and in admin/src/index.js where you register your app to the menu

export default {
  register(app) {
    app.addMenuLink({
      to: `/plugins/${pluginId}`,
      icon: PluginIcon,
      intlLabel: {
        id: `${pluginId}.plugin.displayName`,
        defaultMessage: name,
      },
      permissions: pluginPermissions.main,
      Component: async () => {
        const component = await import(/* webpackChunkName: "[request]" */ './pages/App');

        return component;
      },
    });
    app.registerPlugin({
      id: pluginId,
      initializer: Initializer,
      isReady: false,
      name,
    });
  },

only thing you should care about is the permissions section

johnwick · April 24, 2023, 10:32am

Thanks for the detailed answer, I tried to replicate the same with my plugin, but it is not accessible by the super-admin either.
Is there anything wrong that I am doing?

Boegie19 · April 24, 2023, 10:54am

can’t answer that witout seeing the code\

johnwick · April 24, 2023, 11:14am

my bad, did some silly mistake in the bootstrap.js file. Able to restrict the plugin access to super-admins only.
Can i also, provide access of the plugin to other set of users as well (like authors or editors)?

Also, thanks a lot for your answer, really saved my day!

Eduardo_Miranda · September 26, 2023, 12:42pm

Hey bro, i have the same problem, how did you do?

Eduardo_Miranda · September 26, 2023, 12:43pm

Can you paste the code?