update security (end)

Author: slax57

docs_headless/src/content/docs/security/AuthProviderList.md

@@ -6,6 +6,7 @@ title: "Supported Auth Provider Backends"
 It's very common that your auth logic is so specific that you'll need to write your own `authProvider`. However, the community has built a few open-source Auth Providers that may fit your need:
 
 <div class="providers-list" markdown="1">
+
 - ![Appwrite Logo](../img/backend-logos/appwrite.svg "Appwrite Logo")**[Appwrite](https://appwrite.io/)**: [marmelab/ra-appwrite](https://github.com/marmelab/ra-appwrite)
 - ![auth0 Logo](../img/backend-logos/auth0.svg "auth0 Logo")**[Auth0 by Okta](https://auth0.com/)**: [marmelab/ra-auth-auth0](https://github.com/marmelab/ra-auth-auth0/blob/main/packages/ra-auth-auth0/Readme.md)
 - ![amplify Logo](../img/backend-logos/amplify.svg "amplify Logo")**[AWS Amplify](https://docs.amplify.aws)**: [MrHertal/react-admin-amplify](https://github.com/MrHertal/react-admin-amplify)
@@ -18,13 +19,16 @@ It's very common that your auth logic is so specific that you'll need to write y
 - ![keycloak Logo](../img/backend-logos/keycloak.svg "keycloak Logo")**[Keycloak](https://www.keycloak.org/)**: [marmelab/ra-keycloak](https://github.com/marmelab/ra-keycloak/blob/main/packages/ra-keycloak/Readme.md)
 - ![supabase Logo](../img/backend-logos/supabase.svg "supabase Logo")**[Supabase](https://supabase.io/)**: [marmelab/ra-supabase](https://github.com/marmelab/ra-supabase/blob/main/packages/ra-supabase/README.md)
 - ![surrealdb Logo](../img/backend-logos/surrealdb.svg "surrealdb Logo")**[SurrealDB](https://surrealdb.com/)**: [djedi23/ra-surrealdb](https://github.com/djedi23/ra-surrealdb)
+
 </div>
 
 Beyond ready-to-use providers, you may find help in these third-party tutorials about integrating more authentication backends:
 
 <div class="providers-list" markdown="1">
+
 - ![loopback Logo](../img/backend-logos/loopback4.svg "loopback Logo")**[Loopback](https://loopback.io/doc/en/lb4/Authentication-overview.html)**: [appsmith dev.to tutorial](https://dev.to/appsmith/building-an-admin-dashboard-with-react-admin-86i#adding-authentication-to-reactadmin)
 - ![openid Logo](../img/backend-logos/openid.svg "openid Logo")**[OpenID Connect (OIDC)](https://openid.net/connect/)**: [marmelab/ra-example-oauth](https://github.com/marmelab/ra-example-oauth)
+
 </div>
 
 If you have released a reusable `authProvider`, or a tutorial for another auth backend, please open a PR to add it to this list!

docs_headless/src/content/docs/security/AuthProviderWriting.md

@@ -446,9 +446,6 @@ const authProvider = {
 
 Check the [Access Control documentation](./Permissions.md#access-control) for more information on how to use the `canAccess` method.
 
-**Tip**: [The Role-Based Access Control (RBAC) module](./AuthRBAC.md) allows fined-grained permissions in react-admin apps leveraging the `canAccess` method. Check [the RBAC documentation](./AuthRBAC.md) for more information.
-
-
 ### `getPermissions`
 
 As an alternative to `canAccess()`, `getPermissions()` lets you return an arbitrary permissions object. This object can be used by React components to enable or disable UI elements based on the user's role.
@@ -490,12 +487,12 @@ React-admin calls the `authProvider` methods with the following params:
 
 | Method           | Resolve if                          | Response format |
 | ---------------- | ----------------------------------- | --------------- |
-| `login`          | Login credentials were accepted     | `void           | { redirectTo?: string                         | boolean  }` route to redirect to after login                  |
+| `login`          | Login credentials were accepted     | `void           \| { redirectTo?: string                         \| boolean  }` route to redirect to after login                  |
 | `checkError`     | Error is not an auth error          | `void`          |
 | `checkAuth`      | User is authenticated               | `void`          |
-| `logout`         | Auth backend acknowledged logout    | `string         | false                                         | void` route to redirect to after logout, defaults to `/login` |
-| `getIdentity`    | Auth backend returned identity      | `{ id: string   | number, fullName?: string, avatar?: string }` |
-| `handleCallback` | User is authenticated               | `void           | { redirectTo?: string                         | boolean  }` route to redirect to after login                  |
+| `logout`         | Auth backend acknowledged logout    | `string         \| false                                         \| void` route to redirect to after logout, defaults to `/login` |
+| `getIdentity`    | Auth backend returned identity      | `{ id: string   \| number, fullName?: string, avatar?: string }` |
+| `handleCallback` | User is authenticated               | `void           \| { redirectTo?: string                         \| boolean  }` route to redirect to after login                  |
 | `canAccess`      | Auth backend returned authorization | `boolean`       |
 | `getPermissions` | Auth backend returned permissions   | Free format.    |
 
@@ -505,12 +502,12 @@ When the auth backend returns an error, the Auth Provider should return a reject
 
 | Method           | Reject if                                      | Error format                                                                                                           |
 | ---------------- | ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- |
-| `login`          | Login credentials weren't accepted             | `string                                                                                                                | { message?: string }` error message to display                                                           |
-| `checkError`     | Error is an auth error                         | `void                                                                                                                  | { redirectTo?: string, message?: string                                                                  | boolean  }` route to redirect to after logout, message to notify the user or `false` to disable notification |
-| `checkAuth`      | User is not authenticated                      | `void                                                                                                                  | { redirectTo?: string, message?: string }` route to redirect to after logout, message to notify the user |
+| `login`          | Login credentials weren't accepted             | `string                                                                                                                \| { message?: string }` error message to display                                                           |
+| `checkError`     | Error is an auth error                         | `void                                                                                                                  \| { redirectTo?: string, message?: string                                                                  \| boolean  }` route to redirect to after logout, message to notify the user or `false` to disable notification |
+| `checkAuth`      | User is not authenticated                      | `void                                                                                                                  \| { redirectTo?: string, message?: string }` route to redirect to after logout, message to notify the user |
 | `logout`         | Auth backend failed to log the user out        | `void`                                                                                                                 |
 | `getIdentity`    | Auth backend failed to return identity         | `Object` free format - returned as `error` when `useGetIdentity()` is called                                           |
-| `handleCallback` | Failed to authenticate users after redirection | `void                                                                                                                  | { redirectTo?: string, logoutOnFailure?: boolean, message?: string }`                                    |
+| `handleCallback` | Failed to authenticate users after redirection | `void                                                                                                                  \| { redirectTo?: string, logoutOnFailure?: boolean, message?: string }`                                    |
 | `canAccess`      | Auth backend failed to return authorization    | `Object` free format - returned as `error` when `useCanAccess()` is called.                                            |
 | `getPermissions` | Auth backend failed to return permissions      | `Object` free format - returned as `error` when `usePermissions()` is called. The error will be passed to `checkError` |
 

docs_headless/src/content/docs/security/Authentication.md

@@ -226,7 +226,7 @@ const App = () => (
 
 ## Adding A Login Page
 
-You can add a login page by setting the [`<CoreAdmin loginPage>`](./CoreAdmin.md#loginpage) prop.
+You can add a login page by setting the [`<CoreAdmin loginPage>`](../app-configuration/CoreAdmin.md#loginpage) prop.
 
 For headless applications, you should build custom login pages using the [`useLogin` hook](./useLogin.md) to handle the login form submission. Here's an example:
 
@@ -378,7 +378,7 @@ export const authProvider = {
 };
 ```
 
-You can choose when to redirect users to the third-party authentication service, such as directly in the `AuthProvider.checkAuth()` method or when they click a button on a [custom login page](#customizing-the-login-component).
+You can choose when to redirect users to the third-party authentication service, such as directly in the `AuthProvider.checkAuth()` method or when they click a button on a [custom login page](#adding-a-login-page).
 
 ## Handling Refresh Tokens
 

docs_headless/src/content/docs/security/useAuthProvider.md

@@ -1,19 +1,16 @@
 ---
-layout: default
 title: "useAuthProvider"
 ---
 
-# `useAuthProvider`
-
-React-admin stores the `authProvider` object in a React context, so it's available from anywhere in your application code. The `useAuthProvider` hook reads this context to let you call the `authProvider` directly.
+Ra-core stores the `authProvider` object in a React context, so it's available from anywhere in your application code. The `useAuthProvider` hook reads this context to let you call the `authProvider` directly.
 
 ## Usage
 
 For instance, here is how to call the Auth Provider to get the identity of the current logged-in user:
 
 ```jsx
 import { useState, useEffect } from 'react';
-import { useAuthProvider } from 'react-admin';
+import { useAuthProvider } from 'ra-core';
 
 import { Loading, Error } from './MyComponents';
 
@@ -46,7 +43,7 @@ But the recommended way to query the Data Provider is to use the authProvider me
 
 ```jsx
 import { useState, useEffect } from 'react';
-import { useGetIdentity } from 'react-admin';
+import { useGetIdentity } from 'ra-core';
 
 import { Loading, Error } from './MyComponents';
 
@@ -67,7 +64,7 @@ The `useAuthProvider` hook accepts a generic parameter for the `authProvider` ty
 
 ```tsx
 // In src/authProvider.ts
-import { AuthProvider } from 'react-admin';
+import { AuthProvider } from 'ra-core';
 
 export interface CustomAuthProviderMethods extends AuthProvider {
     refreshToken: () => Promise<any>
@@ -81,7 +78,7 @@ export const authProvider: CustomAuthProviderMethods = {
 }
 
 // In src/RefreshToken.tsx
-import { useAuthProvider } from 'react-admin';
+import { useAuthProvider } from 'ra-core';
 import { CustomAuthProviderMethods } from './src/authProvider';
 
 const THIRTY_MINUTES = 1000 * 60 * 30;

docs_headless/src/content/docs/security/useAuthState.md

@@ -1,10 +1,7 @@
 ---
-layout: default
 title: "useAuthState"
 ---
 
-# `useAuthState`
-
 If you want to check if the user is authenticated and decide what to render based on the result, use the `useAuthState` hook. It calls the `authProvider.checkAuth()` method on mount and returns a state object.
 
 - Loading: `{ isPending: true }`
@@ -19,7 +16,8 @@ Contrary to [`useAuthenticated()`](./useAuthenticated.md), `useAuthState` does n
 Use `useAuthState()` to render different content depending on the authenticated state.
 
 ```jsx
-import { useAuthState, Loading } from 'react-admin';
+import { useAuthState } from 'ra-core';
+import { Loading } from './Loading';
 
 const MyPage = () => {
     const { isPending, authenticated } = useAuthState();

docs_headless/src/content/docs/security/useAuthenticated.md

@@ -1,21 +1,18 @@
 ---
-layout: default
 title: "useAuthenticated"
 ---
 
-# `useAuthenticated`
-
 This hook checks if the current user is authenticated by calling the [`authProvider.checkAuth()`](./AuthProviderWriting.md#checkauth) method on mount, and redirects to login if the method throws an error.
 
-React-admin uses this hook in page components (e.g., the `<Edit>` component) to forbid access to unauthenticated users.
+Ra-core uses this hook in page components (e.g., the `<EditBase>` component) to forbid access to unauthenticated users.
 
 ## Usage
 
-If you add [custom pages](./Admin.md#adding-custom-pages), and you want to restrict access to authenticated users, use `useAuthenticated()` as follows:
+If you add [custom pages](../app-configuration/CoreAdmin.md#adding-custom-pages), and you want to restrict access to authenticated users, use `useAuthenticated()` as follows:
 
 ```tsx
 // in src/MyPage.js
-import { useAuthenticated } from 'react-admin';
+import { useAuthenticated } from 'ra-core';
 
 const MyPage = () => {
     const { isPending } = useAuthenticated(); // redirects to login if not authenticated
@@ -63,7 +60,7 @@ The [`<Authenticated>`](./Authenticated.md) component wraps the `useAuthenticate
 It is useful when you can't use hooks, for instance because of the rules of hooks.
 
 ```jsx
-import { Authenticated } from 'react-admin';
+import { Authenticated } from 'ra-core';
 
 const MyAuthenticatedPage = () => (
     <Authenticated>

docs_headless/src/content/docs/security/useCanAccess.md

@@ -1,21 +1,19 @@
 ---
-layout: default
 title: "useCanAccess"
 storybook_path: ra-core-auth-usecanaccess--basic
 ---
 
-# `useCanAccess`
-
 This hook controls access to a resource and action (and, optionally, a record). It calls the `authProvider.canAccess()` method on mount and returns an object containing a `canAccess` boolean set to `true` if users can access the resource and action.
 
-It is part of the [Access Control](./Permissions.md#access-control) mechanism in react-admin.
+It is part of the [Access Control](./Permissions.md#access-control) mechanism in ra-core.
 
 ## Usage
 
 `useCanAccess` takes an object `{ action, resource, record }` as argument. It returns an object describing the state of the request. As calls to the `authProvider` are asynchronous, the hook returns a `isPending` state in addition to the `canAccess` key.
 
 ```jsx
-import { useCanAccess, useRecordContext, DeleteButton } from 'react-admin';
+import { useCanAccess, useRecordContext } from 'ra-core';
+import { DeleteButton } from './DeleteButton';
 
 const DeleteUserButton = () => {
     const record = useRecordContext();
@@ -47,7 +45,8 @@ const DeleteUserButton = () => {
 The `checkAccess` function expects an argument with the shape `{ action, resource, record }`. This function resolves to a boolean indicating whether users can access the provided resource and action.
 
 ```jsx
-import { DataTable, List, useCanAccessCallback } from 'react-admin';
+import { useCanAccessCallback, ListBase } from 'ra-core';
+import { DataTable } from './DataTable';
 
 export const UserList = () => {
     const checkAccess = useCanAccessCallback();
@@ -60,13 +59,13 @@ export const UserList = () => {
         }
     };
     return (
-        <List>
+        <ListBase>
             <DataTable onClick={handleRowClick}>
                 <DataTable.Col source="id" />
                 <DataTable.Col source="name" />
                 <DataTable.Col source="email" />
             </DataTable>
-        </List>
+        </ListBase>
     );
 };
 ```
@@ -78,11 +77,12 @@ export const UserList = () => {
 It takes an object `{ action, resources, record }` as argument. The `resources` parameter is an array of resource names for which to check the access permission. In addition to react-query result properties, it returns a `canAccess` object with a property for each provided resource, determining whether the user can access it.
 
 ```jsx
-import { useCanAccessResources, SimpleList } from 'react-admin';
+import { useCanAccessResources } from 'ra-core';
+import { SimpleList } from './SimpleList';
 
 const UserList = () => {
     const { isPending, canAccess } = useCanAccessResources({
-        action: 'delete',
+        action: 'read',
         resources: ['users.id', 'users.name', 'users.email'],
     });
     if (isPending) {
@@ -102,10 +102,10 @@ const UserList = () => {
 
 `useRequireAccess` is an alternative to `useCanAccess` that logs out the user if the access check fails. It takes the same parameters as `useCanAccess`.
 
-For instance, here's how you can protect a [custom route](./CustomRoutes.md) for editing users settings:
+For instance, here's how you can protect a [custom route](../app-configuration/CustomRoutes.md) for editing users settings:
 
 ```tsx
-import { useRequireAccess } from 'react-admin';
+import { useRequireAccess } from 'ra-core';
 
 export export const SettingsPage = () => {
     const { isPending } = useRequireAccess({

docs_headless/src/content/docs/security/useGetIdentity.md

@@ -1,12 +1,9 @@
 ---
-layout: default
 title: "useGetIdentity"
 storybook_path: ra-core-auth-usegetidentity--basic
 ---
 
-# `useGetIdentity`
-
-React-admin calls `authProvider.getIdentity()` to retrieve and display the current logged-in username and avatar. The logic for calling this method is packaged into a custom hook, `useGetIdentity`, which you can use in your own code.
+Ra-core calls `authProvider.getIdentity()` to retrieve and display the current logged-in username and avatar. The logic for calling this method is packaged into a custom hook, `useGetIdentity`, which you can use in your own code.
 
 ![identity](../img/identity.png)
 
@@ -31,7 +28,7 @@ const { id, fullName, avatar } = data;
 Here is an example Edit component, which falls back to a Show component if the record is locked for edition by another user:
 
 ```jsx
-import { useGetIdentity, useGetOne } from 'react-admin';
+import { useGetIdentity, useGetOne } from 'ra-core';
 
 const PostDetail = ({ id }) => {
     const { data: post, isPending: isPendingPost } = useGetOne('posts', { id });

docs_headless/src/content/docs/security/useLogin.md

@@ -1,10 +1,7 @@
 ---
-layout: default
 title: "useLogin"
 ---
 
-# `useLogin`
-
 This hook returns a callback allowing to call `authProvider.login()`. It's used in Login forms.
 
 ## Usage
@@ -15,7 +12,7 @@ Here is how to build a custom Login page based on email rather than username:
 // in src/MyLoginPage.js
 import * as React from 'react';
 import { useState } from 'react';
-import { useLogin, useNotify, Notification } from 'react-admin';
+import { useLogin, useNotify } from 'ra-core';
 
 const MyLoginPage = ({ theme }) => {
     const [email, setEmail] = useState('');
@@ -52,18 +49,18 @@ const MyLoginPage = ({ theme }) => {
 export default MyLoginPage;
 ```
 
-Then pass the custom Login form to `<Admin>`, as follows:
+Then pass the custom Login form to `<CoreAdmin>`, as follows:
 
 ```jsx
 // in src/App.js
 import * as React from "react";
-import { Admin } from 'react-admin';
+import { CoreAdmin } from 'ra-core';
 
 import MyLoginPage from './MyLoginPage';
 
 const App = () => (
-    <Admin loginPage={MyLoginPage} authProvider={authProvider}>
+    <CoreAdmin loginPage={MyLoginPage} authProvider={authProvider}>
     ...
-    </Admin>
+    </CoreAdmin>
 );
 ```