Hide sensitive fields for anonymous only

Created on 26 February 2023, over 1 year ago

I wasn't able to find a way to hide sensitive fields / data for anonymous users only.

Background:

We have a NextJS frontend which makes requests for entities. The site has a member area and also a public section. These entities contain information that should not be exposed - ok so I can turn off the field via JsonApi Extras - which is cool. However the authenticated (OAUTH) Service logic of the Node server of course needs all the information not just the non removed from Jsonapi Extras).

Is the only way to totally lock away the JSON API for anonymous users and let Node deal with authenticated connections only? This is very slow and not really necessary in 50% of cases.

I wish I could create a Symfony event or a hook that decides if a field is included or not included - dependent on the user role.

At the moment we create custom modules that return hardcoded Symfony route endpoints to have the ability to fetch a second time to collect user details like address, payment details, telephone number, and so on. I guess there must be another more robust way.

Thanks for letting me know

✨ Feature request

Status

Fixed

Version

3.0

Component

Code

Created by

mogio_hh

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @mogio_hh
Comment over 1 year ago →
mogio_hh
Status changed to Fixed over 1 year ago8:05pm 26 February 2023
Comment over 1 year ago →
e0ipso Can Picafort
JSON:API will respect field access in all your fields. This sounds like the best solution to your problem, implement access checks for your fields (or use existing modules like Field Permissions) and JSON:API will follow.
Comment over 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024