@backstage/plugin-permission-react 0.4.40 → 0.4.41

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @backstage/plugin-permission-react
 
+## 0.4.41
+
+### Patch Changes
+
+- 5fec07d: Permission checks made in the same tick are now batched into a single call to the permission backend.
+- Updated dependencies
+  - @backstage/core-plugin-api@1.12.4
+  - @backstage/plugin-permission-common@0.9.7
+
+## 0.4.41-next.0
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/config@1.3.6
+  - @backstage/core-plugin-api@1.12.4-next.0
+  - @backstage/plugin-permission-common@0.9.6
+
 ## 0.4.40
 
 ### Patch Changes

package/dist/apis/IdentityPermissionApi.esm.js

@@ -1,11 +1,18 @@
+import DataLoader from 'dataloader';
 import { PermissionClient } from '@backstage/plugin-permission-common';
 
 class IdentityPermissionApi {
-  permissionClient;
-  identityApi;
+  loader;
   constructor(permissionClient, identityApi) {
-    this.permissionClient = permissionClient;
-    this.identityApi = identityApi;
+    this.loader = new DataLoader(
+      async (requests) => {
+        const credentials = await identityApi.getCredentials();
+        return permissionClient.authorize([...requests], credentials);
+      },
+      {
+        cache: false
+      }
+    );
   }
   static create(options) {
     const { config, discovery, identity } = options;
@@ -13,11 +20,7 @@ class IdentityPermissionApi {
     return new IdentityPermissionApi(permissionClient, identity);
   }
   async authorize(request) {
-    const response = await this.permissionClient.authorize(
-      [request],
-      await this.identityApi.getCredentials()
-    );
-    return response[0];
+    return await this.loader.load(request);
   }
 }
 

package/dist/apis/IdentityPermissionApi.esm.js.map

@@ -1 +1 @@
-{"version":3,"file":"IdentityPermissionApi.esm.js","sources":["../../src/apis/IdentityPermissionApi.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { DiscoveryApi, IdentityApi } from '@backstage/core-plugin-api';\nimport { PermissionApi } from './PermissionApi';\nimport {\n  AuthorizePermissionRequest,\n  AuthorizePermissionResponse,\n  PermissionClient,\n} from '@backstage/plugin-permission-common';\nimport { Config } from '@backstage/config';\n\n/**\n * The default implementation of the PermissionApi, which simply calls the authorize method of the given\n * {@link @backstage/plugin-permission-common#PermissionClient}.\n * @public\n */\nexport class IdentityPermissionApi implements PermissionApi {\n  private readonly permissionClient: PermissionClient;\n  private readonly identityApi: IdentityApi;\n\n  private constructor(\n    permissionClient: PermissionClient,\n    identityApi: IdentityApi,\n  ) {\n    this.permissionClient = permissionClient;\n    this.identityApi = identityApi;\n  }\n\n  static create(options: {\n    config: Config;\n    discovery: DiscoveryApi;\n    identity: IdentityApi;\n  }) {\n    const { config, discovery, identity } = options;\n    const permissionClient = new PermissionClient({ discovery, config });\n    return new IdentityPermissionApi(permissionClient, identity);\n  }\n\n  async authorize(\n    request: AuthorizePermissionRequest,\n  ): Promise<AuthorizePermissionResponse> {\n    const response = await this.permissionClient.authorize(\n      [request],\n      await this.identityApi.getCredentials(),\n    );\n    return response[0];\n  }\n}\n"],"names":[],"mappings":";;AA8BO,MAAM,qBAAA,CAA+C;AAAA,EACzC,gBAAA;AAAA,EACA,WAAA;AAAA,EAET,WAAA,CACN,kBACA,WAAA,EACA;AACA,IAAA,IAAA,CAAK,gBAAA,GAAmB,gBAAA;AACxB,IAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AAAA,EACrB;AAAA,EAEA,OAAO,OAAO,OAAA,EAIX;AACD,IAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAW,QAAA,EAAS,GAAI,OAAA;AACxC,IAAA,MAAM,mBAAmB,IAAI,gBAAA,CAAiB,EAAE,SAAA,EAAW,QAAQ,CAAA;AACnE,IAAA,OAAO,IAAI,qBAAA,CAAsB,gBAAA,EAAkB,QAAQ,CAAA;AAAA,EAC7D;AAAA,EAEA,MAAM,UACJ,OAAA,EACsC;AACtC,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,gBAAA,CAAiB,SAAA;AAAA,MAC3C,CAAC,OAAO,CAAA;AAAA,MACR,MAAM,IAAA,CAAK,WAAA,CAAY,cAAA;AAAe,KACxC;AACA,IAAA,OAAO,SAAS,CAAC,CAAA;AAAA,EACnB;AACF;;;;"}
+{"version":3,"file":"IdentityPermissionApi.esm.js","sources":["../../src/apis/IdentityPermissionApi.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport DataLoader from 'dataloader';\nimport { DiscoveryApi, IdentityApi } from '@backstage/core-plugin-api';\nimport { PermissionApi } from './PermissionApi';\nimport {\n  AuthorizePermissionRequest,\n  AuthorizePermissionResponse,\n  PermissionClient,\n} from '@backstage/plugin-permission-common';\nimport { Config } from '@backstage/config';\n\n/**\n * The default implementation of the PermissionApi, which batches calls to\n * {@link @backstage/plugin-permission-common#PermissionClient} that are made\n * within the same microtask into a single HTTP request.\n * @public\n */\nexport class IdentityPermissionApi implements PermissionApi {\n  private readonly loader: DataLoader<\n    AuthorizePermissionRequest,\n    AuthorizePermissionResponse\n  >;\n\n  private constructor(\n    permissionClient: PermissionClient,\n    identityApi: IdentityApi,\n  ) {\n    this.loader = new DataLoader(\n      async (requests: readonly AuthorizePermissionRequest[]) => {\n        const credentials = await identityApi.getCredentials();\n        return permissionClient.authorize([...requests], credentials);\n      },\n      {\n        cache: false,\n      },\n    );\n  }\n\n  static create(options: {\n    config: Config;\n    discovery: DiscoveryApi;\n    identity: IdentityApi;\n  }) {\n    const { config, discovery, identity } = options;\n    const permissionClient = new PermissionClient({ discovery, config });\n    return new IdentityPermissionApi(permissionClient, identity);\n  }\n\n  async authorize(\n    request: AuthorizePermissionRequest,\n  ): Promise<AuthorizePermissionResponse>;\n  async authorize(\n    request: AuthorizePermissionRequest,\n  ): Promise<AuthorizePermissionResponse> {\n    return await this.loader.load(request);\n  }\n}\n"],"names":[],"mappings":";;;AAgCO,MAAM,qBAAA,CAA+C;AAAA,EACzC,MAAA;AAAA,EAKT,WAAA,CACN,kBACA,WAAA,EACA;AACA,IAAA,IAAA,CAAK,SAAS,IAAI,UAAA;AAAA,MAChB,OAAO,QAAA,KAAoD;AACzD,QAAA,MAAM,WAAA,GAAc,MAAM,WAAA,CAAY,cAAA,EAAe;AACrD,QAAA,OAAO,iBAAiB,SAAA,CAAU,CAAC,GAAG,QAAQ,GAAG,WAAW,CAAA;AAAA,MAC9D,CAAA;AAAA,MACA;AAAA,QACE,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA,EAEA,OAAO,OAAO,OAAA,EAIX;AACD,IAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAW,QAAA,EAAS,GAAI,OAAA;AACxC,IAAA,MAAM,mBAAmB,IAAI,gBAAA,CAAiB,EAAE,SAAA,EAAW,QAAQ,CAAA;AACnE,IAAA,OAAO,IAAI,qBAAA,CAAsB,gBAAA,EAAkB,QAAQ,CAAA;AAAA,EAC7D;AAAA,EAKA,MAAM,UACJ,OAAA,EACsC;AACtC,IAAA,OAAO,MAAM,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAAA,EACvC;AACF;;;;"}

package/dist/hooks/usePermission.esm.js

@@ -1,5 +1,6 @@
 import { useApi } from '@backstage/core-plugin-api';
 import { permissionApiRef } from '../apis/PermissionApi.esm.js';
+import 'dataloader';
 import { isResourcePermission, AuthorizeResult } from '@backstage/plugin-permission-common';
 import useSWR from 'swr';
 

package/dist/hooks/usePermission.esm.js.map

@@ -1 +1 @@
-{"version":3,"file":"usePermission.esm.js","sources":["../../src/hooks/usePermission.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { useApi } from '@backstage/core-plugin-api';\nimport { permissionApiRef } from '../apis';\nimport {\n  AuthorizeResult,\n  isResourcePermission,\n  Permission,\n  ResourcePermission,\n} from '@backstage/plugin-permission-common';\nimport useSWR from 'swr';\n\n/** @public */\nexport type AsyncPermissionResult = {\n  loading: boolean;\n  allowed: boolean;\n  error?: Error;\n};\n\n/**\n * React hook utility for authorization. Given either a non-resource\n * {@link @backstage/plugin-permission-common#Permission} or a\n * {@link @backstage/plugin-permission-common#ResourcePermission} and an\n * optional resourceRef, it will return whether or not access is allowed (for\n * the given resource, if resourceRef is provided). See\n * {@link @backstage/plugin-permission-common/PermissionClient#authorize} for\n * more details.\n *\n * The resourceRef field is optional to allow calling this hook with an\n * entity that might be loading asynchronously, but when resourceRef is not\n * supplied, the value of `allowed` will always be false.\n *\n * Note: This hook uses stale-while-revalidate to help avoid flicker in UI\n * elements that would be conditionally rendered based on the `allowed` result\n * of this hook.\n * @public\n */\nexport function usePermission(\n  input:\n    | {\n        permission: Exclude<Permission, ResourcePermission>;\n        resourceRef?: never;\n      }\n    | {\n        permission: ResourcePermission;\n        resourceRef: string | undefined;\n      },\n): AsyncPermissionResult {\n  const permissionApi = useApi(permissionApiRef);\n  const { data, error } = useSWR(input, async (args: typeof input) => {\n    // We could make the resourceRef parameter required to avoid this check, but\n    // it would make using this hook difficult in situations where the entity\n    // must be asynchronously loaded, so instead we short-circuit to a deny when\n    // no resourceRef is supplied, on the assumption that the resourceRef is\n    // still loading outside the hook.\n    if (isResourcePermission(args.permission) && !args.resourceRef) {\n      return AuthorizeResult.DENY;\n    }\n\n    const { result } = await permissionApi.authorize(args);\n    return result;\n  });\n\n  if (error) {\n    return { error, loading: false, allowed: false };\n  }\n  if (data === undefined) {\n    return { loading: true, allowed: false };\n  }\n  return { loading: false, allowed: data === AuthorizeResult.ALLOW };\n}\n"],"names":[],"mappings":";;;;;AAmDO,SAAS,cACd,KAAA,EASuB;AACvB,EAAA,MAAM,aAAA,GAAgB,OAAO,gBAAgB,CAAA;AAC7C,EAAA,MAAM,EAAE,IAAA,EAAM,KAAA,KAAU,MAAA,CAAO,KAAA,EAAO,OAAO,IAAA,KAAuB;AAMlE,IAAA,IAAI,qBAAqB,IAAA,CAAK,UAAU,CAAA,IAAK,CAAC,KAAK,WAAA,EAAa;AAC9D,MAAA,OAAO,eAAA,CAAgB,IAAA;AAAA,IACzB;AAEA,IAAA,MAAM,EAAE,MAAA,EAAO,GAAI,MAAM,aAAA,CAAc,UAAU,IAAI,CAAA;AACrD,IAAA,OAAO,MAAA;AAAA,EACT,CAAC,CAAA;AAED,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,OAAO,EAAE,KAAA,EAAO,OAAA,EAAS,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,EACjD;AACA,EAAA,IAAI,SAAS,MAAA,EAAW;AACtB,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,KAAA,EAAM;AAAA,EACzC;AACA,EAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,OAAA,EAAS,IAAA,KAAS,gBAAgB,KAAA,EAAM;AACnE;;;;"}
+{"version":3,"file":"usePermission.esm.js","sources":["../../src/hooks/usePermission.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { useApi } from '@backstage/core-plugin-api';\nimport { permissionApiRef } from '../apis';\nimport {\n  AuthorizeResult,\n  isResourcePermission,\n  Permission,\n  ResourcePermission,\n} from '@backstage/plugin-permission-common';\nimport useSWR from 'swr';\n\n/** @public */\nexport type AsyncPermissionResult = {\n  loading: boolean;\n  allowed: boolean;\n  error?: Error;\n};\n\n/**\n * React hook utility for authorization. Given either a non-resource\n * {@link @backstage/plugin-permission-common#Permission} or a\n * {@link @backstage/plugin-permission-common#ResourcePermission} and an\n * optional resourceRef, it will return whether or not access is allowed (for\n * the given resource, if resourceRef is provided). See\n * {@link @backstage/plugin-permission-common/PermissionClient#authorize} for\n * more details.\n *\n * The resourceRef field is optional to allow calling this hook with an\n * entity that might be loading asynchronously, but when resourceRef is not\n * supplied, the value of `allowed` will always be false.\n *\n * Note: This hook uses stale-while-revalidate to help avoid flicker in UI\n * elements that would be conditionally rendered based on the `allowed` result\n * of this hook.\n * @public\n */\nexport function usePermission(\n  input:\n    | {\n        permission: Exclude<Permission, ResourcePermission>;\n        resourceRef?: never;\n      }\n    | {\n        permission: ResourcePermission;\n        resourceRef: string | undefined;\n      },\n): AsyncPermissionResult {\n  const permissionApi = useApi(permissionApiRef);\n  const { data, error } = useSWR(input, async (args: typeof input) => {\n    // We could make the resourceRef parameter required to avoid this check, but\n    // it would make using this hook difficult in situations where the entity\n    // must be asynchronously loaded, so instead we short-circuit to a deny when\n    // no resourceRef is supplied, on the assumption that the resourceRef is\n    // still loading outside the hook.\n    if (isResourcePermission(args.permission) && !args.resourceRef) {\n      return AuthorizeResult.DENY;\n    }\n\n    const { result } = await permissionApi.authorize(args);\n    return result;\n  });\n\n  if (error) {\n    return { error, loading: false, allowed: false };\n  }\n  if (data === undefined) {\n    return { loading: true, allowed: false };\n  }\n  return { loading: false, allowed: data === AuthorizeResult.ALLOW };\n}\n"],"names":[],"mappings":";;;;;;AAmDO,SAAS,cACd,KAAA,EASuB;AACvB,EAAA,MAAM,aAAA,GAAgB,OAAO,gBAAgB,CAAA;AAC7C,EAAA,MAAM,EAAE,IAAA,EAAM,KAAA,KAAU,MAAA,CAAO,KAAA,EAAO,OAAO,IAAA,KAAuB;AAMlE,IAAA,IAAI,qBAAqB,IAAA,CAAK,UAAU,CAAA,IAAK,CAAC,KAAK,WAAA,EAAa;AAC9D,MAAA,OAAO,eAAA,CAAgB,IAAA;AAAA,IACzB;AAEA,IAAA,MAAM,EAAE,MAAA,EAAO,GAAI,MAAM,aAAA,CAAc,UAAU,IAAI,CAAA;AACrD,IAAA,OAAO,MAAA;AAAA,EACT,CAAC,CAAA;AAED,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,OAAO,EAAE,KAAA,EAAO,OAAA,EAAS,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,EACjD;AACA,EAAA,IAAI,SAAS,MAAA,EAAW;AACtB,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,KAAA,EAAM;AAAA,EACzC;AACA,EAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,OAAA,EAAS,IAAA,KAAS,gBAAgB,KAAA,EAAM;AACnE;;;;"}

package/dist/index.d.ts

@@ -105,13 +105,13 @@ type PermissionApi = {
 declare const permissionApiRef: ApiRef<PermissionApi>;
 
 /**
- * The default implementation of the PermissionApi, which simply calls the authorize method of the given
- * {@link @backstage/plugin-permission-common#PermissionClient}.
+ * The default implementation of the PermissionApi, which batches calls to
+ * {@link @backstage/plugin-permission-common#PermissionClient} that are made
+ * within the same microtask into a single HTTP request.
  * @public
  */
 declare class IdentityPermissionApi implements PermissionApi {
-    private readonly permissionClient;
-    private readonly identityApi;
+    private readonly loader;
     private constructor();
     static create(options: {
         config: Config;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-permission-react",
-  "version": "0.4.40",
+  "version": "0.4.41",
   "backstage": {
     "role": "web-library",
     "pluginId": "permission",
@@ -43,13 +43,14 @@
   },
   "dependencies": {
     "@backstage/config": "^1.3.6",
-    "@backstage/core-plugin-api": "^1.12.3",
-    "@backstage/plugin-permission-common": "^0.9.6",
+    "@backstage/core-plugin-api": "^1.12.4",
+    "@backstage/plugin-permission-common": "^0.9.7",
+    "dataloader": "^2.0.0",
     "swr": "^2.0.0"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.35.4",
-    "@backstage/test-utils": "^1.7.15",
+    "@backstage/cli": "^0.36.0",
+    "@backstage/test-utils": "^1.7.16",
     "@testing-library/jest-dom": "^6.0.0",
     "@testing-library/react": "^16.0.0",
     "@types/react": "^18.0.0",