Overview
Custom features (React code generated or edited through the AI code editor) can wrap any control with theAuthorization component to apply per-role permissions to it — hide a button for some roles, make a section read-only for others, and leave it fully enabled for the rest. This is UI-level authorization: it controls what a role sees or can interact with inside a feature, it does not replace backend data permissions (see Authorization).
When to use
Use component permissions when you need finer-grained control than hiding or showing the whole feature, for example:- Hide a “Delete” or “Approve” button for roles that shouldn’t perform that action.
- Show a “Finance” section only to roles that should see sensitive data.
- Make a control read-only (
disabled) for roles that can view but not edit it.
Configuration
Wrapping a control in code
ImportAuthorization (default export) from @codenull/common/lib/components/Authorization and wrap the control, passing a componentId:
| Prop | Type | Description |
|---|---|---|
componentId | string | Unique identifier for the wrapped control within the feature. Must be stable and descriptive — if you rename it later in the code, the saved permissions for the old id become orphaned and stop applying. |
children | ReactNode | (result) => ReactNode | The control(s) to protect, or a render function if you need custom handling (see below). |
Behavior
- No configuration saved for a
componentId— fail-open: the control renders normally for every role. - Once at least one role is configured for a
componentId:- Role set to Enabled — control renders normally.
- Role set to Read only — the control receives a
disabledprop. - Role not listed in the configuration — the control is not rendered (hidden).
- The Admin role always sees the control enabled, regardless of configuration.
Configuring permissions in the UI
While editing a custom feature (edit mode), every control wrapped inAuthorization shows a small floating settings button on top of it. Click it to open the permissions modal, which lists every role in the application with three states:
- Hidden (default) — the role does not see the control.
- Enabled
- Read only
Only Admin users or roles with Feature Designer access can save this configuration. The permissions button also does not appear while the feature is still being created — save the feature first, then reopen it in edit mode to configure component permissions.
Using the hook directly
For custom rendering logic, useuseAuthorization instead of (or together with) the Authorization wrapper:
Authorization also accepts a children-as-function to access the same result inline: