Security

Since React client uses Generic REST API endpoints, the backend (Jmix) application should have properly configured Security Roles. See the corresponding chapter in the Jmix documentation.

Permissions and Access Control

Check Jmix Platform manual to learn more about how permissions work in Jmix.

Access Control Components (Jmix React Core)

You may want to hide certain UI elements (or render them as disabled) when the user doesn’t have the necessary permissions. For example, you may want to hide the Create, Edit and Remove buttons in an entity list when the user doesn’t have the corresponding entity operation permissions, or hide a button launching a business method when the user doesn’t have a certain specific permission. This can be achieved with access control components which are part of Jmix React Core library. Use:

Security Service (Jmix React Core)

You can manually check the user runtime security permissions by using Security service in Jmix React Core library. It contains methods that return a boolean value indicating whether a given permission is granted:

  • isOperationPermissionGranted for entity operation permissions.

  • isAttributePermissionGranted for entity attribute permissions.

  • isSpecificPermissionGranted for specific permissions.

Jmix REST Utility Methods

Alternatively you can use the corresponding methods in Jmix REST library:

  • getAttributePermission checks an entity attribute permission and returns DENY, VIEW or MODIFY.

  • isOperationAllowed checks an entity operation permission and returns true or false.

  • isSpecificPermissionGranted checks a specific permission and returns true of false.

Unlike Security service methods, these methods require an object containing current user permissions to be passed as argument. You can obtain the permissions object by using getEffectivePermissions method.