Gentics Mesh

After playing around with Strapi for a while, I found out that per model / column detailed Role Based Access Control (RBAC) is not available in community edition. Control over what data is available for specific user is an important aspect of what we are building, we started to look for other options, and found an interesting project called Gentics Mesh.

Docker demo

We could test Gentics Mesh on official docker image.

However, what we needed was to check its RBAC features. Here is admin control panel for permissions:

Gentics Mesh – Admin control panel

Here we disabled all access to nodes (data) for “anonymous” role users, but the demo application still displays the data.

There was a discussion in github issue:

https://github.com/gentics/mesh/issues/881

An old issue but it sounds the case with the demo.

So, we tried the API access using ARC:

Gentics Mesh – API call for nodes by anonymous user with no permissions.

No data available.

Now we allow some data to anonymous user to see the results change.

On the left, “Yacht” node is available, and on the right, “Aircraft”: