Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to implement Role based restrictions/permissions in react redux app?

Tags:

reactjs

react-redux

user-permissions

role-based-access-control

I have a React-Redux-KoaJs application with multiple components. I have few user roles as well. Now i want to display few buttons, tables and div to only specific roles and hide those from others. Please remember i dont want to hide the whole component, but just a part of the components. Can anyone help me? Thanks in advance.

like image 573
Harshit Agarwal Avatar asked May 06 '19 11:05

Harshit Agarwal

2 Answers

You can check the role or permission in every component as @Eudald Arranz proposed. Or you can write a component that will checks permissions for you. For example:

import PropTypes from 'prop-types';
import { connect } from 'react-redux';

const ShowForPermissionComponent = (props) => {
    const couldShow = props.userPermissions.includes(props.permission);
    return couldShow ? props.children : null;
};

ShowForPermissionComponent.propTypes = {
    permission: PropTypes.string.isRequired,
    userPermissions: PropTypes.array.isRequired
};


const mapStateToProps = state => ({
    userPermissions: state.user.permission //<--- here you will get permissions for your user from Redux store
});

export const ShowForPermission = connect(mapStateToProps)(ShowForPermissionComponent);

and then you can use this component like this:

import React from 'react';
import { ShowForPermission } from './ShowForPermission';

cons MyComponent = props => {
   return (
        <div>
            <ShowForPermission permission="DELETE">
                <button>Delete</button>
            </ShowForPermission>
        </div>
   );
}
like image 66
Andrii Golubenko Avatar answered Sep 18 '22 21:09

Andrii Golubenko

Be careful with that. If the actions of some roles are important you should always validate them at your backend. It's easy to change the values stored in redux at frontend allowing malicious use of the roles if there is no proper validation.

If you want to proceed on a possible approach is this:

  • Save the roles at your reducer
  • Bind the reducer to the component: 
function mapStateToProps(state) {
  const { user_roles } = state;
  return { user_roles };
}

export default connect(mapStateToProps)(YourComponent);
  • Then at your component, you can check the user_roles and render the actions accordingly:
render() {
    return (
      <div>
        {this.props.user_roles.role === "YOUR_ROLE_TO_CHECK" && <ActionsComponent />}
      </div>
    );
  }

This will render the ActionsComponent only when the role is equal to the desired one.

Again, always validate the roles at your backend!

like image 32
Eudald Arranz Avatar answered Sep 21 '22 21:09

Eudald Arranz
Sign in to Comment

Related questions

Does React.js support HTML5 datalist?
How to remove ESlint error no-unresolved from importing 'react'
react native createbottomtabnavigator hide tab bar label
ReactJS: net::ERR_HTTP2_PROTOCOL_ERROR 200 with .NetCore in HTTPS
How can I get the device's ip on React Native?
Fetch: set variable with fetch response and return from function [duplicate]
Cannot find module 'csstype'
How to use Material UI icons in React?
Most efficient way of rendering JSX elements when iterating on array of data in React
React Hooks render twice
What is `getOptionSelected` and `getOptionLabel` in Material UI with an example?
React Router Match Miss
can't get response status code with JavaScript fetch [duplicate]
How to disable underline to Material UI's datepicker in React?
React - Triggering click event on table row
React Native react-native-maps Mapview does not show up
ES6 filter - how to return an object instead of an array?
In create-react-app, adding Bootstrap 4?
A weird error occurring when trying to implement useEffect
Reset store after logout with Apollo client

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!