[fix] Allow undefined url in permission check

Thanks for your comment ! I made further investigations.

I had the problem on Archipelago when I wanted to convert to TS these files:

On show/edit views : https://github.com/assemblee-virtuelle/archipelago/blob/master/frontend/src/layout/show/ShowView.jsx#L9

In that case, the resourceId exists in context, but it is loaded only after resource fetch. So at the first render of the page, it is undefined. If the resource is not authorized, it returns a 403 which made the page to redirect. There is no content flash has react-admin seems to handle that internally until the resource is loaded.

So finally, this call to useCheckPermissions is useless, as it is handled directly by react-admin when fetching the resource.

On list/create views : https://github.com/assemblee-virtuelle/archipelago/blob/master/frontend/src/layout/create/CreateView.jsx#L9-L10

In that case, resourceId doesn't exist as it is a "container" page. We need to ask dataProvider to recreate the correct middleware url to check permissions. That line is here useful. In the same logic, at the first render, the url is not provided, so it is also undefined (until the dataProvider has fetched the void endpoint to retrieve middleware containers urls). I didn't detect any content flash here, but we can eventually wait for container url defined to display the page.

I also found that, contrary to what I thought, even if the url is undefined when calling useCheckPermissions, react-admin transforms it to a empty object in usePermissions hook (https://github.com/marmelab/react-admin/blob/v4.16.20/packages/ra-core/src/auth/usePermissions.ts#L39) !! So my updates in the authProvider.js file here is useless too 😅 Sorry to have missed that point!

I amend my commit to just update the useCheckPermissions types to allow undefined urls.

assemblee-virtuelle / semapps

[fix] Allow undefined url in permission check #1298