DEV Community

prasanna malla
prasanna malla

Posted on

2

Adding permissions for Vendure plugins

#opensource #webdev #vendure #tutorial

Adding permissions for your custom functionality is important for improving the security, compliance, customization, and control of an application. By adding custom permissions, you can create a more personalized and flexible experience for your users and helps you control access to specific features or functionality within your application. Manage user roles, delegating tasks, and ensure that only authorized individuals have access to sensitive data and specified functionality.

In Vendure we can create PermissionDefinitions to create new permissions and require them to specific queries /mutations. Let's create a permission for setting an API key

// apikey-permission.ts

import { PermissionDefinition } from '@vendure/core';

export const apiKey = new PermissionDefinition({
    name: 'SetApiKey',
    description: 'Allows setting API key',
});
Enter fullscreen mode Exit fullscreen mode

Now, we can use @Allow() decorator to limit access to the mutation

// apikey.resolver.ts

import { Allow } from '@vendure/core';
import { Mutation, Resolver } from '@nestjs/graphql';
import { apiKey } from './apikey-permission';

@Resolver()
export class ApiKeyResolver {

  @Allow(apiKey.Permission)
  @Query()
  apiKey() {
    // ...
  }

  @Allow(apiKey.Permission)
  @Mutation()
  setApiKey() {
    // ...
  }
}
Enter fullscreen mode Exit fullscreen mode

And to register apiKey permission in Vendure we pass it to VendureConfig

// apikey.plugin.ts

import gql from 'graphql-tag';
import { VendurePlugin } from '@vendure/core';
import { ApiKeyResolver } from './apikey.resolver'
import { apiKey } from './apiKey-permission';

@VendurePlugin({
  adminApiExtensions: {
    schema: gql`
      type ApiKey {
        id: ID!
        apiKey: String!
      }

      input ApiKeyInput {
        apiKey: String
      }

      extend type Query {
          apiKey: ApiKey
      }

      extend type Mutation {
        setApiKey(input: ApiKeyInput!): ApiKey!
      }
    `,
    resolvers: [ApiKeyResolver]
  },
  configuration: config => {
    config.authOptions.customPermissions.push(apiKey);
    return config;
  },
})
export class ApiKeyPlugin {}
Enter fullscreen mode Exit fullscreen mode

Finally, apiKey permission can be found in the Role detail view of the Admin UI for superadmin, and can be assigned to other Roles as required.

When requiring separate permissions for create, read, update and delete we can use CrudPermissionDefinition which simplifies the creation of the set of 4 CRUD permissions.๐Ÿ‘Œ

profile
AWS
 Promoted

AWS GenAI LIVE image

Real challenges. Real solutions. Real talk.

From technical discussions to philosophical debates, AWS and AWS Partners examine the impact and evolution of gen AI.

Learn more

Top comments (0)

profile
Sentry
 Promoted

The best way to debug slow web pages cover image

The best way to debug slow web pages

Tools like Page Speed Insights and Google Lighthouse are great for providing advice for front end performance issues. But what these tools canโ€™t do, is evaluate performance across your entire stack of distributed services and applications.

Watch video

Read next

dpc profile image

Daily JavaScript Challenge #JS-70: Find Missing Letter in Alphabet Sequence

DPC -

dpc profile image

Daily JavaScript Challenge #JS-72: Count the Frequency of Every Unique Element in an Array

DPC -

midhunkrishnan profile image

Installing your react.js local package registry to your project

Midhun Krishnan R -

dpc profile image

Daily JavaScript Challenge #JS-73: Validate Palindrome Permutation

DPC -

๐Ÿ‘‹ Kindness is contagious

Please leave a โค๏ธ or a friendly comment on this post if you found it helpful!

Okay