Q: Can I nest permissions inside one permission?
A: You can use . or : as part of each permission to further scope them:
`admin:billing`
`admin.users`
`admin:users:readonly`
`admin:users:readwrite`
And so on.
If you want admin
to actually represent several separate things, then there are a couple ways to do it:
Have your UI say admin
but behind the scenes add multiple permissions to AuthRocket like billing
, team_manager
, or project_manager
.
Use a fixed role definition inside your app. Write a simple helper method/function to retrieve permissions and have it automatically expand them. They can be stored in a simple hash/associative array:
roles = { ‘admin’ => [‘billing’,’team_manager’,’project_manager’] }
Then just check each permission to see if it exists in roles and add those permissions if so.
There are more ways to do it than just the above. If one of those doesn’t quite fit, hopefully it’ll still stir up your creative juices! It just depends on what your end goal is.
Tagged with: permissions
Questions? Find a Typo? Get in touch.
Related articles:
Connecting Existing User Data
Limits on Simultaneous User Sessions
User Impersonation
Returning a JWT with Updated User and Org Data
Using AuthRocket with a Static Website
Getting Memberships when Authenticating a User
Making User Login Easier and Faster
Super Users and Support Agents
Create a Session without User Intervention
What is Inside a Login Token?
User Management Permissions
Testing API Calls
Retrieving Permissions
Encoding Extended Information into a JWT
Nesting Permissions