[SOLVED] How does one assign Admin rights to a user in KeystoneJS 5?

How does one assign Admin rights to a user in KeystoneJS 5?

How does on assign Admin status to a user in the Admin UI?

I have read the guide on authentication and the one on access control, but I don't understand the difference between "owner" and "admin" in KeystoneJS. When you create a User, how do you assign that User admin rights? How do you need to set up the User list to permit that? What is an "owner" then?

Solution

KeystoneJs access control is declarative, you have full control and keystone does not make any assumptions on this.

Admin: in simple words you might be thinking is Admin means that user can access Admin-UI app. but the Admin UI app is also restricted using some access control method.

By default all have access to admin ui, you can restrict that by using isAccessAllowed property in the Admin UI app constructor option. from above link example:

new AdminUIApp({
  /*...config */
  isAccessAllowed: ({ authentication: { item: user, listKey: list } }) => !!user && !!user.isAdmin,
}),

in above this list item is usually from "User" list as defined in Auth Strategy

const authStrategy = keystone.createAuthStrategy({
  type: PasswordAuthStrategy,
  list: 'User',
  config: {
    identityField: 'username', // default: 'email'
    secretField: 'password', // default: 'password'
  },
});

...

module.exports = {
  keystone: new Keystone(),
  apps: [
    new GraphQLApp(),
    new AdminUIApp({
        adminPath: '/admin',
        authStrategy,
        isAccessAllowed: ({ authentication: { item: user, listKey: list } }) => !!user && !!user.isAdmin,
    }),
  ],
};

Owner: there is no owner defined by keystone, all you do is to create ownership entitlement based on declaration like for blog post, an Author is owner, based on this distinction you can allow certain action by post author like editing and submitting for approval.

all this goes into access control api, when you create access control definition, they evaluate the function and decide if that action is allowed. You can see full example of how this works in https://github.com/MadeByMike/keystone-access-control-demo and more advanced one in their test suit here - https://github.com/keystonejs/keystone/blob/master/test-projects/access-control/index.js