From 8ca7cbc5edcf57228858039914dbc6e03adaa24e Mon Sep 17 00:00:00 2001
From: lrnspprs <laurens.piepers@ritense.com>
Date: Fri, 20 Sep 2024 10:50:33 +0200
Subject: [PATCH] Added page for configuring dashboards access-control

---
 extending-valtimo/dashboard/access-control.md | 73 +++++++++++++++++++
 extending-valtimo/dashboard/dashboard.md      |  1 +
 2 files changed, 74 insertions(+)
 create mode 100644 extending-valtimo/dashboard/access-control.md

diff --git a/extending-valtimo/dashboard/access-control.md b/extending-valtimo/dashboard/access-control.md
new file mode 100644
index 00000000..d6069793
--- /dev/null
+++ b/extending-valtimo/dashboard/access-control.md
@@ -0,0 +1,73 @@
+# Configuring access control
+
+
+Before you can use access control with dashboards you need to enable the feature toggle in your `application.yml`.
+```
+valtimo:
+    authorization:
+            dashboard:
+                enabled: true
+```
+Without this enabled access control will not work for your dashboards.
+
+
+
+## Expanding your existing PBAC autodeployment
+
+For your new dashboards you will need to set up som permissions. For example, you want someone with the role of Admin to be able to see all dashboards. 
+Then you would expand their role permissions with the following:
+
+```
+[
+    {
+        "resourceType": "com.ritense.dashboard.domain.Dashboard",
+        "action": "view",
+        "roleKey": "ROLE_ADMIN",
+        "conditions": []
+    },
+    {
+        "resourceType": "com.ritense.dashboard.domain.Dashboard",
+        "action": "view_list",
+        "roleKey": "ROLE_ADMIN",
+        "conditions": []
+    }
+]
+```
+
+
+### Adding conditions
+
+Say for instance that you want someone with a user role to only see 1 of the dashboards you have created, then it would look like the following:
+
+```
+[
+    {
+        "resourceType": "com.ritense.dashboard.domain.Dashboard",
+        "action": "view",
+        "roleKey": "ROLE_USER",
+        "conditions": [
+            {
+                "type": "field",
+                "field": "key",
+                "operator": "==",
+                "value": "loans-dashboard"
+            }
+        ]
+    },
+    {
+        "resourceType": "com.ritense.dashboard.domain.Dashboard",
+        "action": "view_list",
+        "roleKey": "ROLE_USER",
+        "conditions": [
+            {
+                "type": "field",
+                "field": "key",
+                "operator": "==",
+                "value": "loans-dashboard"
+            }
+        ]
+    }
+]
+```
+
+We make sure the value matches the key of the dashboard you've created.
diff --git a/extending-valtimo/dashboard/dashboard.md b/extending-valtimo/dashboard/dashboard.md
index e794b1a6..b8f887b8 100644
--- a/extending-valtimo/dashboard/dashboard.md
+++ b/extending-valtimo/dashboard/dashboard.md
@@ -7,3 +7,4 @@ This section contains instructions and examples on how to extend functionality r
 - [Custom data sources](custom-data-source.md)
 - [Custom display types](custom-display-type.md)
 - [Widget translations](widget-translations.md)
+- [Configuring access control](access-control.md)