Skip to content

feat: add page permissions#36

Draft
BatLeDev wants to merge 21 commits into
masterfrom
refactor-permissions
Draft

feat: add page permissions#36
BatLeDev wants to merge 21 commits into
masterfrom
refactor-permissions

Conversation

@BatLeDev
Copy link
Copy Markdown
Member

@BatLeDev BatLeDev commented Mar 17, 2026
edited
Loading

Summary

Adds fine-grained access control to pages, along with technical fixes.

Page permissions

Each page now has a public boolean flag and a permissions array that can grant read and/or write access to specific users, organization members, departments, or roles.

  • Uses access-ref from @data-fair/lib: matchAccessRef and mongoFilterAccessRef are imported from the shared lib for in-memory access checks and MongoDB filtering
  • API (api/src/pages/): helpers in operations.ts (canReadPage, canWritePage, getUserPermissions, buildPageAccessFilter, buildDefaultPermissions), new PATCH /pages/:type/:slug/permissions endpoint, all read endpoints now enforce permission checks
  • Portal server (portal/server/utils/page-permissions.ts): checkPageAccess and buildPortalPagePermissionQuery for Nuxt server routes
  • UI: new page-edit-permissions.vue component integrated into the publication panel, use-page-store.ts exposes patchPage
  • Migration (upgrade/2.20.0/add-page-permissions.ts): backfills public: true and permissions: [] on all existing pages

Technical fixes

  • Graceful shutdown of Elasticsearch and MongoDB connections
  • Force exit after nuxt build to work around esbuild zombie processes
  • 204 No Content instead of 201 for non-creation endpoints
  • Dockerfile fix: added types-portals to the Docker manager image to resolve a runtime import error
  • Cleanup of index.get.ts and index.head.ts

@github-actions github-actions Bot added feature and removed feature labels Mar 17, 2026
BatLeDev added 6 commits March 17, 2026 13:05
@BatLeDev
fix: uniformize operation filter and fix type in permissions utils
44943d2 
- Use { $in: ['read'] } in buildPageAccessFilter for consistency with portal utils
- Fix userFilter type to { $or: Record<string, any>[] }
- Remove incorrect default: true on public field in page schema
@BatLeDev
chore: use access-ref from lib
6699fd3
@BatLeDev
Merge remote-tracking branch 'origin/master' into refactor-permissions
488c519 
# Conflicts:
#	api/src/pages/router.ts
#	api/src/pages/service.ts
#	package-lock.json
#	ui/package.json
@BatLeDev
fix: force process exit after nuxt build to work around esbuild zombi…
d36f705 
…e process
@BatLeDev
fix: gracefully close elasticsearch and mongodb connections on shutdown
471a9de
@BatLeDev
fix: use 204 No Content instead of 201 for non-creation endpoints
6fd699f
@github-actions github-actions Bot added feature and removed feature labels Mar 18, 2026
@BatLeDev
fix: add types-portals to Docker manager image to resolve runtime import
ff0d6ba 
The @data-fair/types-portals workspace package was missing from the final
manager image, causing ERR_MODULE_NOT_FOUND in production.
@BatLeDev BatLeDev force-pushed the refactor-permissions branch from b1061e0 to ff0d6ba Compare March 18, 2026 15:22
@BatLeDev BatLeDev force-pushed the refactor-permissions branch from dccb53a to 2737dde Compare March 18, 2026 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BatLeDev