Skip to content

feat(myopencre): implement MyOpenCRE frontend functionality behind backend capability flag#704

Open
PRAteek-singHWY wants to merge 26 commits intoOWASP:mainfrom
PRAteek-singHWY:feat/myopencre-frontend-capability
Open

feat(myopencre): implement MyOpenCRE frontend functionality behind backend capability flag#704
PRAteek-singHWY wants to merge 26 commits intoOWASP:mainfrom
PRAteek-singHWY:feat/myopencre-frontend-capability

Conversation

@PRAteek-singHWY
Copy link
Contributor

@PRAteek-singHWY PRAteek-singHWY commented Jan 10, 2026

Summary

This PR introduces the MyOpenCRE frontend functionality, enabling the MyOpenCRE feature to be conditionally displayed based on the ENABLE_MYOPENCRE runtime flag. This feature ensures that MyOpenCRE functionality is only available when the flag is enabled, in alignment with the backend capability gating.

This PR depends on #700, which implements the backend for MyOpenCRE. With this PR, we have connected the frontend to the backend, allowing MyOpenCRE UI elements to appear and function only when the backend provides the capability signal.

Files Modified

The following files were modified as part of this PR:

  • application/frontend/src/hooks/index.ts
  • application/frontend/src/hooks/useCapabilities.ts (New file)
  • application/frontend/src/hooks/useLocationFromOutsideRoute.tsx
  • application/frontend/src/routes.tsx
  • application/frontend/src/scaffolding/Header/Header.tsx
  • application/frontend/src/scaffolding/MainContentArea/MainContentArea.tsx
  • application/frontend/src/scaffolding/Router/Router.tsx

Other changes are incidental (formatting, imports) and do not affect the logical behavior of the application.

What Changed

  • Frontend capability hook: The useCapabilities hook was added to fetch the myopencre capability from the backend and conditionally render the MyOpenCRE UI.
  • Dynamic MyOpenCRE display: The MyOpenCRE UI elements (like CSV import/export buttons) are now shown only if the ENABLE_MYOPENCRE flag is enabled (i.e., if myopencre is true).
  • Integration with backend capability signal: The frontend is now connected to the /api/capabilities endpoint, which informs whether MyOpenCRE should be displayed based on the current deployment configuration.

Why This Change Was Introduced

The MyOpenCRE feature requires administrative control for self-hosted deployments. By gating the feature behind a runtime flag, it prevents accidental exposure on public platforms and ensures that it’s only accessible when explicitly enabled. This PR ensures that the frontend only shows the MyOpenCRE features when they are actually available, preventing user confusion.

This change:

  • Ensures that MyOpenCRE UI elements are hidden unless ENABLE_MYOPENCRE=true is set.
  • Provides the necessary frontend changes to work with the backend capability signal.
  • Lays the groundwork for future user role-based gating once user authentication and roles are implemented.

Testing

  • ENABLE_MYOPENCRE=false (default):

    • The MyOpenCRE UI elements are not displayed.

  • ENABLE_MYOPENCRE=true:

    • The MyOpenCRE UI elements appear and are fully functional.

Stacking / Follow-ups

This PR depends on #700 for the backend functionality (capability gating).

Next Steps

  • A follow-up PR will integrate feature flagging for user roles (once Add support for users #586 is completed), allowing us to expose or hide MyOpenCRE based on the user’s role (e.g., admin vs non-admin).

Conclusion

This PR provides the frontend functionality for MyOpenCRE based on the backend ENABLE_MYOPENCRE flag. It ensures that MyOpenCRE is only available when the backend allows it and is ready to be used in self-hosted deployments. Future work will refine user role-based controls and feature flagging for even finer control.

PRAteek-singHWY and others added 25 commits December 15, 2025 12:06
@PRAteek-singHWY
feat(myopencre): add initial MyOpenCRE page and CSV template download
944ca22
@PRAteek-singHWY
Merge branch 'main' into myopencre-csv-download
c3a747e
@PRAteek-singHWY
feat(myopencre): add initial MyOpenCRE page and CSV template download
54235ad
@PRAteek-singHWY
Merge branch 'main' into myopencre-csv-download
64c8b44
@PRAteek-singHWY
Resolve nav conflicts and standardize MyOpenCRE links
a5f56ef
@PRAteek-singHWY
chore: resolve merge conflicts with upstream main
a4f988f
@PRAteek-singHWY
chore: resolve header merge conflict
35d5a0f
@PRAteek-singHWY
fix(header): restore sr-only utility for accessibility
b285409
@PRAteek-singHWY
Merge branch 'main' into myopencre-csv-download
8c929ce
@PRAteek-singHWY
Merge branch 'main' into myopencre-csv-download
3ddf7af
@PRAteek-singHWY
chore(osib): update OWASP name to Open Worldwide Application Security…
a83b918 
… Project
@PRAteek-singHWY
feat(myopencre): enable CSV download of all CREs
735eb7b
@PRAteek-singHWY
feat(myopencre): add CSV upload UI and wire to existing import endpoint
57118a0
@PRAteek-singHWY
fix: correct SCSS block after merge conflict
fcd3dbd
@PRAteek-singHWY
feat(myopencre): add export-compatible CSV import validation
197653b 
- Validate file type, encoding, and required headers
- Accept CSVs generated from CRE catalogue export
- Skip empty and padding rows present in exported templates
- Validate CRE format only when CRE references exist
- Guard against misaligned rows with extra columns
- Return structured validation errors before import

This keeps the importer aligned with the exporter while
preventing malformed inputs from causing server errors.
@PRAteek-singHWY
Merge branch 'main' into myopencre-csv-import-validation
2bba24d
@PRAteek-singHWY
refactor(csv-import): move CSV validation into spreadsheet parser
d3e1ab4
@PRAteek-singHWY
feat(myopencre): surface CSV import errors in UI
1f90183
@PRAteek-singHWY
refactor(csv-import): move validation into spreadsheet parser and fix…
1704449 
… header error handling
@PRAteek-singHWY
style(myopencre): move container spacing to SCSS
5f19150
@PRAteek-singHWY
refactor(myopencre): move CSV validation to parser and add noop impor…
a819f1c 
…t handling
@PRAteek-singHWY
refactor(csv): move import validation to spreadsheet parser entry point
6db5f2d
@PRAteek-singHWY
style(csv): format files with black
6df5296
@PRAteek-singHWY
feat(myopencre): gate MyOpenCRE behind deployment capability flag
746c994
@PRAteek-singHWY
Implement MyOpenCRE frontend functionality
e6afa63
@PRAteek-singHWY
Copy link
Contributor Author

PRAteek-singHWY commented Jan 10, 2026

Hey @northdpole , Sir Thanks for the feedback earlier ! I've implemented runtime flag gating for MyOpenCRE to ensure it’s only available on self-hosted/admin-controlled OpenCRE instances. This prevents accidental exposure on platforms like opencre.org.

With this setup, MyOpenCRE will only be active when enabled via the ENABLE_MYOPENCRE flag on self-hosted instances. For opencre.org, the feature remains inactive.

Looking ahead, once user scoping (#586) is in place, we’ll implement feature flagging at the user level to control visibility based on roles (e.g., admin vs non-admin), offering finer access control.

Appreciate your guidance, and I look forward to continuing the work! Would love to hear your thoughts on this!

This was referenced Jan 20, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PRAteek-singHWY