You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/security.md
+4-7Lines changed: 4 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,10 +28,7 @@ For a full list of security risks, check [OWASP](https://owasp.org/www-project-t
28
28
29
29
#### Handling user data
30
30
31
-
User info should be considered a global piece of state which should be available from anywhere in the application.
32
-
If you are already using `react-query`, you can use [react-query-auth](https://github.com/alan2207/react-query-auth) library for handling user state which will handle all the things for you after you provide it some configuration. Otherwise, you can use react context + hooks, or some 3rd party state management library.
33
-
34
-
User information should be treated as a central piece of data accessible throughout the application. If you are already using `react-query`, consider using it for storing user data as well. Alternatively, you can leverage React context with hooks or opt for a third-party state management library to efficiently manage user state across your application.
31
+
User info should be considered a global piece of state which should be available from anywhere in the application. If you are already using `react-query`, you can use [react-query-auth](https://github.com/alan2207/react-query-auth) library for handling user state which will handle all the things for you after you provide it some configuration. Otherwise, you can use react context + hooks, or some 3rd party state management library.
35
32
36
33
[Auth Configuration Example Code](../apps/react-vite/src/lib/auth.tsx)
37
34
@@ -45,14 +42,14 @@ Authorization is the process of verifying whether a user has permission to acces
45
42
46
43
[Authorization Configuration Example Code](../apps/react-vite/src/lib/authorization.tsx)
47
44
48
-
In a role-based authorization model, access to resources is determined by defining specific roles and associating them with permissions. For example, roles such as `USER` and `ADMIN` can be assigned different levels of access rights within the application. Users are then granted access based on their roles; for instance, restricting certain functionalities to regular users while permitting administrators to access all features and functionalities.
45
+
In a role-based authorization model, access to resources is determined by defining specific roles and associating them with permissions. For example, roles such as USER and ADMIN can be assigned different levels of access rights within the application. Users are then granted access based on their roles; for instance, restricting certain functionalities to regular users while permitting administrators to access all features and functionalities.
49
46
50
-
[RBAC Example Code](../apps/react-vite/src/features/discussions/components/create-discussion.tsx)
47
+
[RBAC Example Code](../apps/react-vite/src/features/discussions/components/delete-discussion.tsx)
51
48
52
49
#### PBAC (Permission based access control)
53
50
54
51
While Role-Based Access Control (RBAC) provides a structured methodology for authorization, there are instances where a more granular approach is necessary. Permission-Based Access Control (PBAC) offers a more flexible solution, particularly in scenarios where access permissions need to be finely tuned based on specific criteria, such as allowing only the owner of a resource to perform certain operations. For example, in the case of a user's comment, PBAC ensures that only the author of the comment has the privilege to delete it, adding a layer of precision and customization to access control mechanisms.
55
52
56
-
For RBAC protection, you can use the `RBAC` component by passing allowed roles to it. On the other hand, if you need more strict protection, you can pass policies check to it.
53
+
For RBAC protection, you can use the RBAC component by passing allowed roles to it. On the other hand, if you need more strict protection, you can pass policies check to it.
57
54
58
55
[PBAC Example Code](../apps/react-vite/src/features/comments/components/comments-list.tsx)
0 commit comments