search

VirtusLab-Open-Source / strapi-plugin-navigation

A plugin for Strapi Headless CMS that provides navigation / menu builder feature with their possibility to control the audience and different output structure renderers like (flat, tree and RFR - ready for handling by Redux First Router)
MIT License
317 stars 58 forks source link

Unable to Apply RBAC Custom Conditions in Navigation Plugin #389

Open bobbylipps opened 1 year ago

bobbylipps commented 1 year ago

Description: I'm attempting to implement custom conditions within the Navigation plugin to restrict certain menus based on user roles. Specifically, I want to limit the menus an editor can access and modify.

I added the following custom condition in src/index.js:

const docsNavigation = {
  displayName: "Can only view docs navigation",
  name: "docs-nav-access",
  async handler(user) {
    const condition = { id: { $eq: 3 } };
    return condition;
  }
};

await strapi.admin.services.permission.conditionProvider.register(docsNavigation);

I tried applying the custom condition using various field names such as id, name, slug, etc. I navigated to the navigation editing page at /admin/plugins/navigation and can still see all menus. The custom condition is applied to the role in the Strapi admin.

Expected Behavior: The custom condition should limit the visibility and editability of menus based on the specified condition.

Actual Behavior: The custom condition doesn't seem to have any effect on the navigation editing page. No matter which field name I use, the condition doesn't seem to apply.

Additional Information:

Any guidance or clarification on whether the Navigation plugin supports such custom conditions would be greatly appreciated.

strapi - 4.15.0 strapi-plugin-navigation - latest

TasosBak commented 1 year ago

Could you share which strapi/plugin versions you are using?

bobbylipps commented 1 year ago

Thanks for the reply.

strapi - 4.14.2 strapi-plugin-navigation - latest

Do you need anything else?

TasosBak commented 1 year ago

I don't know if I will be able to help but the versions you are using is important info for anyone that will try to help.

cyp3rius commented 10 months ago

In regard to applying custom roles to the admin endpoints filtering - there is no built-in support. But your case looks interesting and I think we might consider to put it into the backlog.