You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The `<Create>` component requires authentication and will redirect anonymous users to the login page. If you want to allow anonymous access, use the [`disableAuthentication`](#disableauthentication) prop.
707
707
708
+
```jsx
709
+
constPostCreate= () => (
710
+
<Create disableAuthentication>
711
+
...
712
+
</Create>
713
+
);
714
+
```
715
+
716
+
## Access Control
717
+
708
718
If your `authProvider` implements [Access Control](./Permissions.md#access-control), `<Create>` will only render if the user has the "create" access to the related resource.
{/** These two columns are not visible to the user **/}
1152
-
<NumberFieldsource="stock" />
1153
-
<NumberFieldsource="sales" />
1154
-
</Datagrid>
1155
-
</List>
1156
-
);
1157
-
```
1158
-
1159
-
**Tip**: Adding the 'read' permission on the resource itself doesn't grant the 'read' permission on the columns. If you want a user to see all possible columns, add the 'read' permission on columns using a wildcard:
1160
-
1161
-
```jsx
1162
-
{ action:"read", resource:"products.*" }.
1163
-
```
1164
-
1165
-
Fow simple cases, you can also use [the `useCanAccess` hook](./useCanAccess.md) to check whether users have access to a field:
{/** These two columns are not visible to the user **/}
1423
+
<NumberFieldsource="stock" />
1424
+
<NumberFieldsource="sales" />
1425
+
</Datagrid>
1426
+
</List>
1427
+
);
1428
+
```
1429
+
1430
+
**Tip**: Adding the 'read' permission on the resource itself doesn't grant the 'read' permission on the columns. If you want a user to see all possible columns, add the 'read' permission on columns using a wildcard:
1431
+
1432
+
```jsx
1433
+
{ action:"read", resource:"products.*" }.
1434
+
```
1435
+
1436
+
Fow simple cases, you can also use [the `useCanAccess` hook](./useCanAccess.md) to check whether users have access to a field:
The `<Edit>` component requires authentication and will redirect anonymous users to the login page. If you want to allow anonymous access, use the [`disableAuthentication`](#disableauthentication) prop.
987
987
988
+
```jsx
989
+
constPostEdit= () => (
990
+
<Edit disableAuthentication>
991
+
...
992
+
</Edit>
993
+
);
994
+
```
995
+
996
+
## Access Control
997
+
988
998
If your `authProvider` implements [Access Control](./Permissions.md#access-control), `<Edit>` will only render if the user has the "edit" access to the related resource.
989
999
990
1000
For instance, for the `<PostEdit>`page below:
@@ -1012,4 +1022,4 @@ const PostEdit = () => (
1012
1022
1013
1023
Users without access will be redirected to the [Access Denied page](./Admin.md#accessdenied).
1014
1024
1015
-
**Note**: Access control is disabled when you use [the `disableAuthentication` prop](#disableauthentication).
1025
+
**Note**: Access control is disabled when you use [the `disableAuthentication` prop](#disableauthentication).
Copy file name to clipboardExpand all lines: docs/Resource.md
+26-19Lines changed: 26 additions & 19 deletions
Original file line number
Diff line number
Diff line change
@@ -321,25 +321,6 @@ const MyComponent = () => (
321
321
);
322
322
```
323
323
324
-
## Security
325
-
326
-
The usual components for the `<Resource>` routes ( `<List>`, `<Create>`, `<Edit>`, `<Show>`) require authentication and will redirect anonymous users to the login page. If you want to allow anonymous access, use the [`disableAuthentication`](./List.md#disableauthentication) prop on the component.
327
-
328
-
In addition, if your `authProvider` implements [Access Control](./Permissions.md#access-control), these components will only render if the user has the right permission (e.g., `{ action: 'list', resource: 'posts' }` for the `list` page of the `posts` resource).
React-admin will call the `authProvider.canAccess` method when users try to access the pages with the following parameters:
337
-
338
-
- For the list page: `{ action: "list", resource: "posts" }`
339
-
- For the create page: `{ action: "create", resource: "posts" }`
340
-
- For the edit page: `{ action: "edit", resource: "posts" }`
341
-
- For the show page: `{ action: "show", resource: "posts" }`
342
-
343
324
## Nested Resources
344
325
345
326
React-admin doesn't support nested resources, but you can use [the `children` prop](#children) to render a custom component for a given sub-route. For instance, to display a list of songs for a given artist:
@@ -464,3 +445,29 @@ When users navigate to the `/posts` route, react-admin will display a loading in
464
445
465
446

466
447
448
+
## Anonymous Access
449
+
450
+
The usual components for the `<Resource>`routes ( `<List>`, `<Create>`, `<Edit>`, `<Show>`) require authentication and will redirect anonymous users to the login page. If you want to allow anonymous access, use the [`disableAuthentication`](./List.md#disableauthentication) prop on the component.
451
+
452
+
## Access Control
453
+
454
+
In addition, if your `authProvider`implements [Access Control](./Permissions.md#access-control), these components will only render if the user has the right permission (e.g., `{ action: 'list', resource: 'posts' }`for the `list` page of the `posts` resource).
455
+
456
+
For instance, given the following resource:
457
+
458
+
```tsx
459
+
<Resource
460
+
name="posts"
461
+
list={PostList}
462
+
create={PostCreate}
463
+
edit={PostEdit}
464
+
show={PostShow}
465
+
/>
466
+
```
467
+
468
+
React-admin will call the `authProvider.canAccess` method when users try to access the pages with the following parameters:
469
+
470
+
- For the list page:`{ action: "list", resource: "posts" }`
471
+
- For the create page:`{ action: "create", resource: "posts" }`
472
+
- For the edit page:`{ action: "edit", resource: "posts" }`
473
+
- For the show page:`{ action: "show", resource: "posts" }`
The `<Show>` component requires authentication and will redirect anonymous users to the login page. If you want to allow anonymous access, use the [`disableAuthentication`](#disableauthentication) prop.
707
707
708
+
```jsx
709
+
constPostShow= () => (
710
+
<Show disableAuthentication>
711
+
...
712
+
</Show>
713
+
);
714
+
```
715
+
716
+
## Access Control
717
+
708
718
If your `authProvider` implements [Access Control](./Permissions.md#access-control), `<Show>` will only render if the user has the "show" access to the related resource.
0 commit comments