Custom permissions for modules and more #3211
Replies: 10 comments 19 replies
-
I like it. It makes sense to have a place for extension permissions, we'll just need to look into how the values should be saved. KVPs seems easy enough, but it's important to maintain flexibility for extensions as well as their permissions. It might be best to allow extensions to import their own settings pane... which could be saved as key value pairs, JSON, or custom data (in custom collections). |
Beta Was this translation helpful? Give feedback.
-
Is there any progress on this? |
Beta Was this translation helpful? Give feedback.
-
This is an important aspect of custom module development. Often we don't want every user to have access to every module/functionality. Which also leads me in to something that has been discussed in some other issue/discussion; we still need a way to customize the module bar navigation for different roles - as it was before the setting was moved from roles & permissions to the general project settings. Any more thoughts or progress on this, @benhaynes ? |
Beta Was this translation helpful? Give feedback.
-
@benhaynes is there something we can do to bring back module and collection filtering per role? We use that extensively to dramatically simplify the Directus experience for non-admin users together with role-specific dashboards. |
Beta Was this translation helpful? Give feedback.
-
For anyone looking at this thread, this feature is |
Beta Was this translation helpful? Give feedback.
-
Hello @benhaynes, Since it's been a while, I'd be interested to know if you figured out if the user role selector is available or not. A custom CSS solution would be a good workaround for now while it seems the feature isn't yet live... |
Beta Was this translation helpful? Give feedback.
-
Heya! Thanks for opening this feature request! This feature request has received over 15 votes from the community. This means we'll move this feature request to the Under Review state! The Core team will schedule a meeting to review this request as soon as possible. The discussion will then be approved or denied. You may or may not be invited to join this meeting with the core team. For more information, see our Feature Request Process. |
Beta Was this translation helpful? Give feedback.
-
Hi, for anyone looking at this thread, the following helped me. module.exports = function registerHook({ filter }, { services }) {
filter('settings.read', async (items, meta, { database: knex, schema, accountability }) => {
if (accountability && !accountability.admin) {
const { ItemsService } = services;
const service = new ItemsService('directus_roles', { knex, schema, accountability });
const rol = accountability.role;
const rolFind = await service.knex.from('directus_roles').where({ id: rol }).first();
const rolName = rolFind?.name?.toLowerCase();
var settings = items[0];
settings.module_bar = items[0].module_bar.map(module => {
if (module.id === 'users') {
module.enabled = false;
}
if (module.id === 'reports' && rolName != 'reports') {
module.enabled = false;
}
return module;
});
}
return items;
});
}; |
Beta Was this translation helpful? Give feedback.
-
For anyone looking for the proper way to check permissions in a custom extension, you can add a Example:
|
Beta Was this translation helpful? Give feedback.
-
Any update of this request? This is a real important one hence most of the extensions at some point requires user authentication. |
Beta Was this translation helpful? Give feedback.
-
I was thinking that it would eventually be interesting to add a feature in which an Admin could add a custom permission to Directus to then control who has access to certain things or not, but I'm not talking about Collections;
I'm talking about custom permissions that could be added inside the "Roles & Permissions" page without being tied to any collection.
A custom name that the user could give his permission and a checkbox if ☑️ or ⬜.
What do I mean by that:
Let's say I want to expand Directus and thus I build a custom module.
Done that, I want only Admins with a certain exclusive permission to see and access this module that I've created.
Right now (at the time of writing) the only way to archieve this would be to create a dummy table with fields that each represent a custom module permission.
And in my module I would implement a check to see if the user has permission to that dummy field, and if yes, would load my custom module.
It probably works, however, it just doesn't look right, does it? 😅
What do you think?
Beta Was this translation helpful? Give feedback.
All reactions