Control user access to models in Keystone.js
// Place this in routes/middleware.js | |
/** | |
Sets navigation and enforces permissions specified in the user models | |
*/ | |
exports.enforcePermissions = function (req, res, next) { | |
var nav = { | |
blog: ['blog', 'tag'], | |
about: ['page', 'category'], | |
access: 'users', | |
}; | |
keystone.set('nav', nav); | |
if (req.user) { | |
// This assumes users have a set of boolean fields, "permBlog", "permAbout", etc. | |
// which control access to these sets of navigation items. | |
var hideLists = (name, hidden) => keystone.list(name).set('hidden', hidden); | |
['Blog', 'Tag'].map(list => hideLists(list, !req.user.permBlog)); | |
['Page', 'Category'].map(list => hideLists(list, !req.user.permAbout)); | |
['User'].map(list => hideLists(list, !req.user.permAdmin)); | |
!req.user.permBlog && delete nav.blog; | |
!req.user.permAbout && delete nav.about; | |
!req.user.permAccess && delete nav.access; | |
keystone.nav = keystone.initNav(nav); | |
} | |
next(); | |
} |
This comment has been minimized.
This comment has been minimized.
fwiw, If you want to turn off an individual field, rather than an entire list, this seems to be working
|
This comment has been minimized.
This comment has been minimized.
this solution is just for navbar of admin ui ... i did this and i still can access other models via main page : ( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
This helps a lot. Thank you.