08. Role-Based Access/04. Permissions Utils (💪 problem)

Permissions Utils

Loading "Securing Admin Pages with User Permissions"

Securing Admin Pages with User Permissions

👨‍💼 It would be great to have some nicer utilities for determining a user's access to perform actions on an entity. So Kellie 🧝‍♂️ put some together in

app/utils/permissions.ts

. I'll let Kellie explain how it works.

🧝‍♂️ Thanks Peter. Yeah, so there are now a few utilities you can use in the permissions module. Here's how you can use them:

// requireUserWithPermission
export async function loader({ request }: LoaderFunctionArgs) {
	const userId = await requireUserWithPermission(request, 'update:user:own')
	// it throws an error response if the user doesn't have this permission, so
	// if you make it this far, you know they have it.

	// ... do stuff
}

export async function action({ request }: ActionFunctionArgs) {
	const userId = await requireUserWithRole(request, 'admin')
	// it throws an error response if the user doesn't have this role, so
	// if you make it this far, you know they have it.

	// NOTE: use this sparingly. It's better to use requireUserWithPermission
	// because if we ever change permissions for a role they may no longer have
	// access to perform this action.

	// ... do stuff
}

function SomeRoute() {
	const user = useOptionalUser()
	const canCreateOwnNotes = userHasPermission(user, 'create:note:own')

	// ... do stuff
}

function SomeRoute() {
	const user = useOptionalUser()
	const isAdmin = userHasRole(user, 'admin')

	// ... do stuff
}

Also, you can set the access to comma-separated accesses if you need.

// if the user is the owner, then they need to have "own" access
// if they're not, they need to have "any" access
await requireUserWithPermission(request, `update:note:any,own`)
// 🦉 we'll not be using this feature of the util today though.

One thing is the userHasRole and userHasPermission functions rely on user data loaded in the root loader and I haven't done that yet, so you'll need to handle that before you can use these utilities.

👨‍💼 Thanks for building those utilities Kellie!

🐨 Ok, so before you can actually start using these utilities, you need to add the permissions to the user query in

app/root.tsx

🐨 While you're there, you may as well finish the user admin role work by updating the App component with a userIsAdmin variable and locking down the

app/routes/admin.tsx

route.

🦺 If you want to, you can remove the ts-ignores in

app/utils/permissions.ts

now that the root loader is loading the user's permissions.

🐨 With that done, now you need to update the

app/routes/users+/$username_+/notes.$noteId.tsx

route to use these utilities instead of what you did last time.

Previous Next

Edit

problem solution diff chat

Please set the playground first

Loading "Permissions Utils"

general
Welcome to EpicWeb.dev! Say Hello 👋
Kent C. Dodds ◆ 🚀🏆🌌:
This is the first post of many hopefully!
18
86 · 2 years ago
general
Modals / Dialogs
Lucas Wargha 🚀 🌌:
It seems like modals and dialogs are becoming a hot topic on my team lately. I haven’t found a solid...
3 · 2 months ago
general
epic stack website initial load at home page is unstyled (sometimes)
osmancakir 🚀 🌌:
Sometimes (especially when it is loaded first time on a new browser etc.) I see this unstyled versio...
✅1
10 · 5 months ago
🔐auth
Fetching verification from DB in the Verification section of Authentication module
Real 🚀 🏆:
```const verification = await prisma.verification.findUnique({ where: { target_t...
✅1
5 · 3 months ago
general
Resource / Api endpoints on epic stack / RR7
Lucas Wargha 🚀 🌌:
Hi everyone! Quick question for those using the Epic Stack: How are you handling resource routes ...
✅1
2 · 4 months ago
general
Epic stack using tanstack form
Lucas Wargha 🚀 🌌:
https://github.com/epicweb-dev/epic-stack/compare/epicweb-dev:main...wargha:feature/tanstack-form-ex...
✅1
3 · 4 months ago
general
Init command outdated on the EpicWeb website
Virgile 🏆 🌌:
Hi everyone. I've initialized a new epic-stack project yesterday. Following instructions from http...
✅1
3 · 4 months ago
🔐auth
Roles seed
Baghira 🌌:
I haven't understood why we do the manual migration in for patch the permissions and roles into the ...
✅1
2 · 4 months ago
general
Mark as complete, resets the first time you click it.
Daniel V.C 🚀 🌌:
Not sure if anyone else has had this issue, as i've not seen anyone else talk about it, but I find ...
✅1
8 · 4 months ago
💾data
general
📝forms
🔭foundations
double underscore?
trendaaang 🌌:
What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
✅1
2 · a year ago
general
Keeping Epic Stack Projects Free on Fly – Any Tips?
Lucas Wargha 🚀 🌌:
I’ve been experimenting with the Epic Stack and deploying some dummy projects on Fly. I noticed that...
✅1
0 · 5 months ago
💾data
general
📝forms
🔭foundations
Creating Notes
Scott 🌌 🏆:
Does anybody know in what workshop we create notes? I would like to see the routing structure. So fa...
✅1
2 · 7 months ago
🔭foundations
💾data
general
📝forms
🔐auth
Thank you for the inspiration
Binalfew 🚀 🌌:
<@105755735731781632> I wanted to thank you for the incredible knowledge I gained from your Epic Web...
❤️1
1 · 7 months ago
general
npm install everytime I setup a new playground
Duki 🌌:
Is it normal that I have to run `npm install` in my playground directory, everytime I setup the play...
✅1
2 · 9 months ago
🔐auth
The latest web-auth workshop cannot be launch
QzCurious 🌌 🚀:
I've done: 1. Remove web-auth directory 2. Follow https://github.com/epicweb-dev/web-auth?tab=readme...
✅1
7 · a year ago
general
Migration to Vite: Server-only module referenced by client
Fabian 🌌:
Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
✅1
1 · a year ago
🔐auth
Github token added on refactor of connection model exercise
abraham_aguilera 🌌:
Where does the newly created `GITHUB_TOKEN` come from in the `resolveConnectionData` introduced in t...
✅1
2 · a year ago
🔐auth
Potential Security Concern with Empty Session Data in createCookieSessionStorage?
QzCurious 🌌 🚀:
Since session data can be an empty object, it seems possible that someone could guess when encrypted...
✅1
6 · a year ago
general
Remix Vite Plugin
Binalfew 🚀 🌌:
<@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
✅1
3 · 2 years ago
general
🔭foundations
Solutions video on localhost:5639 ?
quang 🚀 🌌:
Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
✅1
9 · 2 years ago
🔐auth
Where are we getting target_type from?
Salym 🚀 🏆 🌌:
I don't see target_type in ur verification schema, how are we generating this?
✅1
9 · a year ago
🔐auth
Unknown file extension ".png" for ".../user.png"
TraderDave79 🌌:
I'm going through the `web-auth` module and in the "Require Authenticated" exercise, after making th...
✅1
9 · a year ago
🔐auth
github.com refuses to connect in workshop app
TraderDave79 🌌:
Web Authentication / OAuth / 02. GitHub Strategy / Problem & Solution apps, when clicking "Login wit...
✅1
3 · a year ago
general
Epicshop is now social and mobile friendly!
Kent C. Dodds ◆ 🚀🏆🌌:
I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
🎉2
0 · a year ago

Create Post