Reputation: 4074
Unexpected field access control behaviour in KeystoneJS
I am attempting to apply field level access logic in KeystoneJS, as per these instructions.
The following hides a field fieldName from the admin UI:
fieldName: {
type: Text,
access: {
read: false,
update: false,
create: false
},
},
But the field is not hidden from the admin UI if I use an imperative approach. See below, which I would expect to produce the same result as the static approach above:
fieldName: {
type: Text,
access: {
read: ({ authentication: { item, listKey } }) => {
return false;
},
update: ({ authentication: { item, listKey } }) => {
return false;
},
create: ({ authentication: { item, listKey } }) => {
return false;
}
},
},
Am I missing something or is this a bug?
Upvotes: 0
Views: 46
Answers (1)
Reputation: 1138
Imperative approach uses a function which can not be transferred to the client side.
Keystone uses maybe true false value for this. this means !!(() => {}) becomes true when generating admin ui metadata for fields in list.
there is a note in the section "Granular Imperative Boolean" which explains that these fields indeed gets included in graphql and ui but are excluded during execution.
Upvotes: 1
Related Questions
- Unpopulated fields between two Schemas keystone.js
- KeystoneJs virtual field cannot use a custom field type
- Block accessing data by using /keystone/api/ URLs - KeystoneJs
- KeystoneJS: add custom dynamic field to generated Admin UI
- KeystoneJS Relationship field not saving empty value
- Fields must be specified with a type function error - Keystone
- Mongoose/keystonejs: unique field except if field is empty
- Set 'dependsOn' for nested fields in keystoneJS
- Keystone.js / mongoose virtual fields lean record
- Validating fields that depend on each other in Keystone.js