feat: Custom Applications multiple permissions #2799
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🦋 Changeset detectedLatest commit: 86ff5a8 The changes in this PR will be included in the next version bump. This PR includes changesets to release 35 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Deploy preview for merchant-center-application-kit ready! ✅ Preview Built with commit 86ff5a8. |
kark
force-pushed
the
SHIELD-580-additionalOAuthScopes-field
branch
from
66c0e0f
to
3caad79
Compare
.changeset/cuddly-chefs-burn.md
Outdated
| '@commercetools-frontend/application-config': patch | ||
| --- | ||
|
|
||
| Define new field `additionalOAuthScopes` in the Custom Application config. |
There was a problem hiding this comment.
Should we describe what this new field should be use for?
Or maybe add a link to the updated documentation?
Rhotimee
approved these changes
Sep 12, 2022
|
|
||
| ## `additionalOAuthScopes.view` | ||
|
|
||
| A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated to the `View` permission. |
There was a problem hiding this comment.
Suggested change
| A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated to the `View` permission. | |
| A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the additionalOAuthScopes `View` permission. |
|
|
||
| ## `additionalOAuthScopes.manage` | ||
|
|
||
| A list of "manage-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the `Manage` permission. |
There was a problem hiding this comment.
Suggested change
| A list of "manage-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the `Manage` permission. | |
| A list of "manage-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the additionalOAuthScopes `Manage` permission. |
| @@ -30,6 +30,37 @@ Notice here how the OAuth Scopes are grouped by the two fields `view` and `manag | |||
|
|
|||
| This grouping determines the **mapping and relation between OAuth Scopes and user permissions**. | |||
|
|
|||
| # Additional OAuth Scopes | |||
|
|
|||
| Defining `oAuthScopes` in the Custom Application config allows to use permissions limited to 1 unique pair (view/manage) specific to the Custom Application. | |||
There was a problem hiding this comment.
Suggested change
| Defining `oAuthScopes` in the Custom Application config allows to use permissions limited to 1 unique pair (view/manage) specific to the Custom Application. | |
| Defining `oAuthScopes` in the Custom Application config allows using permissions limited to 1 unique pair (view/manage) specific to the Custom Application. |
|
|
||
| Defining `oAuthScopes` in the Custom Application config allows to use permissions limited to 1 unique pair (view/manage) specific to the Custom Application. | ||
|
|
||
| For more granular permissions, for example to allow team access to only certain parts or functionality of the Custom Application, [additional OAuth Scopes](https://docs.commercetools.com/api/scopes) can be requested as part of various permission groups. |
There was a problem hiding this comment.
Suggested change
| For more granular permissions, for example to allow team access to only certain parts or functionality of the Custom Application, [additional OAuth Scopes](https://docs.commercetools.com/api/scopes) can be requested as part of various permission groups. | |
| For more granular permissions, for example, to allow the team access to only certain parts or functionality of the Custom Application, [additional OAuth Scopes](https://docs.commercetools.com/api/scopes) can be requested as part of various permission groups. |
|
FYI: marking this PR as draft/blocked as we shouldn't merge this yet, only when it's time to release the feature. We can use this as the base branch I suppose. |
emmenko
reviewed
Sep 15, 2022
.changeset/cuddly-chefs-burn.md
Outdated
| @@ -0,0 +1,5 @@ | |||
| --- | |||
| '@commercetools-frontend/application-config': patch | |||
There was a problem hiding this comment.
Nit: new features usually should be considered a minor version
| @@ -327,7 +327,7 @@ You can have "view-only" or "manage-only" OAuth Scopes and leave the other list | |||
|
|
|||
| ## `oAuthScopes.view` | |||
|
|
|||
| A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated to the `View` permission. | |||
| A list of "view-only" [OAuth Scopes](https://docs.commercetools.com/api/scopes) required by the Custom Application and associated with the `View` permission. | |||
There was a problem hiding this comment.
I would prefer the documentation changes to be defined in a separate PR. Main reason being that merging this PR will publish the docs changes but the packages are not being released yet.
So the docs changes can be merged separately once the packages have been released.
Can you extract these docs changes into a separate PR? Thanks 🙂
kark
force-pushed
the
SHIELD-580-additionalOAuthScopes-field
branch
from
5e11208
to
564f59a
Compare
kark
changed the title
kark
force-pushed
the
SHIELD-580-additionalOAuthScopes-field
branch
2 times, most recently
from
2e06827
to
55b0790
Compare
* feat(config): include additional permissions when using config-sync * refactor(cli): validate additional oathScope * refactor(cli): implement getPermissions function, update tests * refactor(cli): move getPermission function to transformer.ts * refactor(cli): add validation for additional permission name * refactor(cli): show duplicated permission name in error thrown
emmenko
force-pushed
the
SHIELD-580-additionalOAuthScopes-field
branch
from
9a01d41
to
86ff5a8
Compare
ghost
mentioned this pull request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://jira.commercetools.com/browse/SHIELD-580
In preparation for the Custom Applications Multiple Permissions support.