Making content only accessible for certain roles

pooliefw · August 13, 2021, 8:57am

System Information

Strapi Version: 3.6.5 (Enterprise)
Operating System: strapi/strapi Docker Image
Database: MySQL
Node Version: 12.20.1
NPM Version:
Yarn Version:

Hi!
I want to make certain content within the Strapi admin only accessible to certain Roles.

At the moment, there are 2 entities in our strapi: “brand” (which is basically our business partners) and “page”. Each page is linked to exactly one brand and one brand can have many pages.

Now, according to Configurations - Strapi Developer Documentation , I have created a new condition in the config/function/bootstrap.js file:

module.exports = () => {
  strapi.admin.services.permission.conditionProvider.register({
    displayName: 'Belongs to brand Nomos',
    name: 'belongs-to-brand-nomos',
    plugin: 'admin',
    handler: user => ({ 'brand.elibBrand': 'nomos' }),
  });
};

This (almost) works as intended, but only for the “page” entities. Here i only see the pages associated to the “nomos” brand.
But when i navigate to the “brands” overview, Strapi shows me an error (because a brand does not have the attributes brand.elibBrand but only elibBrand).
How can i accomplish this to work for the brand entity as well?

And further: even in a “page” entry, i can still set the brand relation to any other brand (see screenshot). Is there any way to change this?
Bildschirmfoto 2021-08-13 um 08.49.25

Richard_Nsama · August 13, 2021, 12:05pm

Hi @pooliefw, could you share with me what your model/Content-Type configuration looks like so I can understand your data structure better?

pooliefw · August 16, 2021, 7:14am

Hi Richard!
Here are the settings.json files with the data structures. Is that what you needed?

Brand:

{
  "kind": "collectionType",
  "collectionName": "brands",
  "info": {
    "name": "Brand",
    "description": ""
  },
  "options": {
    "increments": true,
    "timestamps": true,
    "draftAndPublish": true
  },
  "pluginOptions": {},
  "attributes": {
    "name": {
      "type": "string"
    },
    "favicon": {
      "model": "file",
      "via": "related",
      "allowedTypes": [
        "images"
      ],
      "plugin": "upload",
      "required": false,
      "pluginOptions": {}
    },
    "ogImage": {
      "model": "file",
      "via": "related",
      "allowedTypes": [
        "images"
      ],
      "plugin": "upload",
      "required": false,
      "pluginOptions": {}
    },
    "elibBrand": {
      "type": "enumeration",
      "enum": [
        "beck",
        "nomos",
        "tectum",
        "vahlen",
        "vdiverlag"
      ],
      "required": true,
      "unique": true
    },
    "pages": {
      "via": "brand",
      "collection": "page"
    }
  }
}

Page:

{
  "kind": "collectionType",
  "collectionName": "pages",
  "info": {
    "name": "Page",
    "description": ""
  },
  "options": {
    "increments": true,
    "timestamps": true,
    "draftAndPublish": true
  },
  "pluginOptions": {
    "i18n": {
      "localized": true
    }
  },
  "attributes": {
    "title": {
      "type": "string",
      "pluginOptions": {
        "i18n": {
          "localized": true
        }
      }
    },
    "content": {
      "type": "richtext",
      "pluginOptions": {
        "i18n": {
          "localized": true
        }
      }
    },
    "elibPageType": {
      "pluginOptions": {
        "i18n": {
          "localized": false
        }
      },
      "type": "enumeration",
      "enum": [
        "home",
        "imprint",
        "agb",
        "contact",
        "about",
        "openaccess",
        "faq"
      ],
      "required": true
    },
    "metaDescription": {
      "pluginOptions": {
        "i18n": {
          "localized": true
        }
      },
      "type": "text",
      "maxLength": 150
    },
    "brand": {
      "via": "pages",
      "model": "brand"
    },
    "metaTitle": {
      "pluginOptions": {
        "i18n": {
          "localized": true
        }
      },
      "type": "string",
      "maxLength": 65
    }
  }
}

Richard_Nsama · August 16, 2021, 2:16pm

Hi @pooliefw this was exactly what I was looking for but I should say, I wasn’t able to replicate what you are experiencing. I actually don’t think the RBAC condition I copied from you was working. Could you share a bit more information regarding the Model fields that are relevant to this condition working, why you chose them and the subsequent condition you wrote and the full steps to reproduce this issue? Even something like a loom video snippet showing the error in action as an addition would be pretty useful for debugging this.

pooliefw · August 16, 2021, 3:21pm

Hi @Richard_Nsama
Well, the pages are linked to the brands. Each brand has one “elibBrand” (internal identifier) attached to it.
I want to only show the pages that belong to the brand with the elibBrand value “nomos” (works!)
I want that each of these pages or a new page can only be assigned to the same brand (doesnt work, all brands can be chosen)
I want to only show this one brand in the brands overview (doesnt work).

Here is short video how this works on my machine: Loom | Free Screen & Video Recording Software

My biggest question is how to write the correct condition for that. Since i’m not a Javascript professiona, i cannot figure it out myself.