-
Notifications
You must be signed in to change notification settings - Fork 246
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(nextjs,shared,backend,clerk-react): Introduce Protect for author…
…ization (#2170) * feat(nextjs,shared,backend,clerk-react): Support permissions in Gate * chore(types,backend,clerk-react): Create type for OrganizationCustomPermissions * chore(types,backend,clerk-react): Create type for custom roles * chore(types,backend,clerk-react): Add changeset * chore(types,backend,clerk-react): Add comments * chore(types,nextjs): Remove custom types * fix(clerk-react): Missing `some` support for has in useAuth * chore(types,clerk-react): Use OrganizationCustomPermission for permissions in ssr * chore(nextjs): Drop redirect from RSC `<Gate/>` * feat(types,nextjs,clerk-react,backend): Rename Gate to Protect - Drop `some` from the `has` utility and Protect. Protect now accepts a `condition` prop where a function is expected with the `has` being exposed as the param. - Protect can now be used without required props. In this chae behaves as `<SignedIn>` if no authorization props are passed. - `has` will throw an error if neither `permission` or `role` is passed. * feat(nextjs): Introduce `auth().protect()` for App Router Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated. When `auth().protect()` is called - inside a page or layout file it will render the nearest `not-found` component set by the developer - inside a route handler it will return empty response body with a 404 status code * chore(types): Add `Key` prefix to OrganizationCustomPermission * chore(nextjs): Remove duplicate types * chore(nextjs): Minor improvements in readability * chore(nextjs): Mark protect utility as experimental for Nextjs * chore(nextjs): Minor improvements * fix(nextjs,clerk-react,backend): Utility `has` is undefined when user is signed out * fix(clerk-react): Utility `has` returns false when user isLoaded is true and no user or org * chore(clerk-react,nextjs): Improve comments * fix(clerk-react): Eliminate flickering of fallback for CSR applications * feat(types): Allow overriding of types for custom roles and permissions * chore(repo): Update changeset file * fix(types): `MembershipRole` will include custom roles if applicable * chore(nextjs): Improve readability of conditionals * Revert "fix(nextjs,clerk-react,backend): Utility `has` is undefined when user is signed out" This reverts commit cf736cc * fix(clerk-js,types): Remove `experimental` from checkAuthorization
- Loading branch information
1 parent
0ff1ee7
commit 7ef0300
Showing
34 changed files
with
461 additions
and
222 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
'@clerk/chrome-extension': minor | ||
'@clerk/clerk-js': minor | ||
'@clerk/backend': minor | ||
'@clerk/nextjs': minor | ||
'@clerk/clerk-react': minor | ||
'@clerk/types': minor | ||
--- | ||
|
||
Introduce Protect for authorization. | ||
Changes in public APIs: | ||
- Rename Gate to Protect | ||
- Support for permission checks. (Previously only roles could be used) | ||
- Remove the `experimental` tags and prefixes | ||
- Drop `some` from the `has` utility and Protect. Protect now accepts a `condition` prop where a function is expected with the `has` being exposed as the param. | ||
- Protect can now be used without required props. In this case behaves as `<SignedIn>`, if no authorization props are passed. | ||
- `has` will throw an error if neither `permission` or `role` is passed. | ||
- `auth().protect()` for Nextjs App Router. Allow per page protection in app router. This utility will automatically throw a 404 error if user is not authorized or authenticated. | ||
- inside a page or layout file it will render the nearest `not-found` component set by the developer | ||
- inside a route handler it will return empty response body with a 404 status code |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.