Closed jphilung closed 1 month ago
erikpena
commented
1 month ago Hello @jphilung! Thank you for reaching out. Currently, this check is necessary because a good majority of our functionality is tied to RBAC (role based access control) for reading/writing type operations.
Could you share what your use case is to where you removing the core user-permissions plugin? I'd be curious to understand this to see if there is a way we can address it in future iterations.
Thank you!
jphilung
commented
1 month ago I think that the RBAC is for the admin users of Strapi unless I'm mistaken whereas the Users & Permissions plugin handles authentification from the front-end for the end users of the API.
In my use case, I want to deactivate the Users & Permissions plugin since I'm not using them end users as it creates confusion for my admin users. My app is relying on API keys to access the Strapi API.
erikpena
commented
1 month ago Hello @jphilung, Thank you for the details on your use case. You are correct that RBAC is used for the admin side of the plugin. However, there are set of client APIs that are configured to use the permissions (which is why the users-permissions plugin is necessary). I'll add this to our backlog to consider how we want to handle this particular use case and if there is a state in which we want to have an option to open the client APIs to everyone by default. I'm going to close this issue for now while we consider this and prioritize accordingly.
Thank you!
The plugin checks for whether the users-permissions plugin is present. Is the plugin actually necessary for this plugin? I would to be able to deactivate users-permissions while still using the mux-video-uploader plugin.