• Make authentication check pessimistic
  • Disable data provider calls in CRUD controllers while the auth check is pending (#10238) (djhi)
  • Disable rendering of CRUD views while the auth check is pending (#10258) (djhi)
  • Make <Authenticated> component blocking (#10251) (fzaninotto)
• Add Access Control
  • Introduce useCanAccess, useCanAccessResources, and useCanAccessCallback hooks (#10222) (djhi)
  • Introduce <CanAccess> and <AccessDenied> components (#10222) (djhi)
  • Add access control check in page controllers (list, show, edit, create) (#10247) (djhi)
  • Add access control to views and action buttons (#10225) (djhi)
  • Add access control to <Datagrid rowClick> (#10227) (djhi)
  • Add access control to <DeleteButton> (#10226) (djhi)
  • Add access control to the / route and introduce <NavigateToFirstResource> (#10255) (djhi)
  • Avoid unnecessary rerenders with canAccess hooks when there is no authProvider (#10200) (djhi)
  • Make authProvider.getPermissions optional (#10257) (djhi)
  • Update Simple example to leverage access control (#10278) (slax57)
• Add support for embedding and prefetching data to reduce API queries (#10270) (fzaninotto)
• Add per-resource success notifications ("3 posts deleted" instead of "3 elements deleted") (#10203) (fzaninotto)
• Add support for <Edit emptyWhileLoading> (#10230) (erwanMarmelab)
• Fix redirection to first route prevents going back in history (#10267) (aqeebpathan)
• Fix useAuthState may logout even though logoutOfFailure is false (#10280) (fzaninotto)
• [TypeScript] Make records paths inferred from type compatible with react-hook-form (#10279) (djhi)
• [Doc] Warn about <AutoSave> incompatibility with warnWhenUnsavedChanges (#10277) (djhi)
• [Doc] Update mentions of Azure Active Directory to Microsoft Entra ID (#10276) (djhi)
• [Doc] Rewrite access control documentation (#10250) (fzaninotto)