Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Control for Extensions #407

Open
tanaka-tri opened this issue Jul 22, 2024 · 4 comments
Open

Access Control for Extensions #407

tanaka-tri opened this issue Jul 22, 2024 · 4 comments

Comments

@tanaka-tri
Copy link

In reference to this GitHub issue(#400), is there a way to enable access control for extensions so that they are visible only to specific user groups rather than being public or accessible to everyone?

If this feature is not currently available, could it be considered for addition to the project roadmap?
@FlorianSchloesser
Copy link

What I did is disable the creation of extensions for all non-admin users. My company is in europe so GDPR applies to us, making the extensions a "risky" feature.

Idea is for now, that only admins can see them and that if we have something sensible, that does not violate GDPR - for example searching our own jira - we will create user groups and publish the extensions to certian users (done by an admin)

@tanaka-tri
Copy link
Author

@FlorianSchloesser
Thank you for your response.

Your idea sufficiently meets what we want to achieve. Could you please provide the steps to:
create user groups and publish the extensions to certian users (done by an admin)

Best regards,

@GTechnologiesHub
Copy link

What I did is disable the creation of extensions for all non-admin users. My company is in europe so GDPR applies to us, making the extensions a "risky" feature.

Idea is for now, that only admins can see them and that if we have something sensible, that does not violate GDPR - for example searching our own jira - we will create user groups and publish the extensions to certian users (done by an admin)

@FlorianSchloesser how did you achieve this?

@FlorianSchloesser
Copy link

FlorianSchloesser commented Sep 24, 2024
edited
Loading

@tanaka-tri
@GTechnologiesHub
I have no user groups as of now, only took out the Icon for the extensions, and added the following lines to the files.
Please forgive me not sharing full code files - since this does not comply with my work regulations.

  1. I have added the "/extensions" list in my filter for admins in the middleware.ts
    image

  2. I have added a check in the extension-service.ts so users cannot create extensions:
    image

  3. I have added an admin check in the main-menu.tsx file:
    image

Once I really do create user groups I will update you.

I think the approach here is using Microsoft Entra ID and create user groups via that. You could then store that in the session object and expand the Prompt, Persona and Extension entries in the DB, by booleans of groups who should be able to see them.

This can be made more sophisticated of course - but that would be my general approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FlorianSchloesser @tanaka-tri @GTechnologiesHub