Hide parameter in Validators to hide Piccolo Admin table link from sidebar if the validators fail. #281
Comments
|
@AmazingAkai Since it's a Piccolo Admin issue, I think the best way to fix it is to raise an error and display that error in the admin UI. If, for example, we write a validator that only the superuser can access the table like this (user from piccolo_api.crud.endpoints import PiccoloCRUD
from piccolo_api.crud.validators import Validators
from piccolo_admin.endpoints import TableConfig
def validator_superuser(piccolo_crud: PiccoloCRUD, request: Request):
if not request.user.user.superuser:
raise HTTPException(
detail="Only a superuser can do this",
status_code=403,
)
director_config = TableConfig(
validators=Validators(every=[validator_superuser]),
)
APP = create_admin([director_config])This is how it could look like. validators.webm |
|
@sinisaos That would also be fine if we can customize the message. |
|
@sinisaos That's a smart solution. In terms of showing the error message, this is the bit of code which shows the error message: https://github.com/piccolo-orm/piccolo_admin/blob/master/admin_ui/src/store.ts#L186-L189 The problem we have though is knowing how to extract the error message from the response. For example, for forms we have all of this logic to try and extract the error message from the response: It gets pretty messy. We could look for a certain header in the response. raise HTTPException(
detail="Only a superuser can do this",
status_code=403,
headers={'Piccolo-Admin-Error': 'Only a superuser can do this'}
)Or if it's a text response, just show whatever the response body is as the error message. I'm not sure - what do you think? |
|
Alternatively, if it's just a matter of hiding certain tables from the sidebar based on whether the user is an admin or superuser, we could do this: TableConfig(MySecretTable, visible_to=['superuser', 'admin'])And then just hide tables from the Just hiding them isn't enough by itself though, because a user could still follow a URL to the table. So validators are required too. |
@dantownsend Thanks. I used that generic error message also in the
We could just return error message like this context.commit("updateApiResponseMessage", {
contents: `Problem fetching ${tableName} rows. ${error.message}.`,
type: "error"
})This would result in a pop-up message like this |
|
@dantownsend Or we can try something like this context.commit("updateApiResponseMessage", {
contents: `Problem fetching ${tableName} rows.
${JSON.parse(JSON.stringify(error.response?.data.detail))}.`,
type: "error"
})Result is |
|
@sinisaos What do you think of the header idea? raise HTTPException(
detail="Only a superuser can do this",
status_code=403,
headers={'Piccolo-Admin-Error': 'Only a superuser can do this'}
)It means we don't have to worry about parsing anything, or looking for specific error codes. |
|
@dantownsend The headers idea is good but that will solve only errors where we specify headers. With the approach I suggested we get more generic messages that would parse all other |
There should be a
hideparameter inValidatorswhich would hide Piccolo Admin table link from sidebar if the validator fails.For Example, the following table won't be shown if the validator fails:
The text was updated successfully, but these errors were encountered: