S
Supabase•3y ago
rchrdnsh

How to create auth for both admins and users for different parts of an app in sveltekit

Hi all, Working on an app which will support end users and site admins as well...I want to be able to have pages on the "front of the front" where end users can authenticate and do stuff, but I also have a "back of the front" (dashboard) where site admins will be able to authenticate and do stuff as well (more stuff and better stuff) ...not sure how to go about doing something like that...I'm working with SvelteKit on this project... Any info or advice is much appreciated 🙂
4 Replies
garyaustin
garyaustin•3y ago
This is a fairly ambitious undertaking and you say you don't know SQL or javascript very well. If you search in the search box up top you will see lots of hits on role admin or similar, many discussing the type of thing you are talking about. It will involve setting up roles, managing page access, managing RLS database access, managing roles etc. It will involve SQL functions, reasonable complex RLS, and client code, etc.
rchrdnsh
rchrdnshOP•3y ago
hmmmm...it seems that almost everything I try to do ends up being 'ambitious' aha...so "roles" is the thing that I am looking for...authentication based on a user role...
garyaustin
garyaustin•3y ago
roles or custom claims is sometimes used in the context of jwt tokens (with the auth info for each user)
rchrdnsh
rchrdnshOP•3y ago
I don’t know sql at all…started…3 days ago? …I might be too hard on myself in regards to js, tho…been learning and using it for a couple years…don’t know where I’m at, tbh…just started learning typescript 3 days ago as well… so, I'm thinking now that making two tables for users and admins might be a good idea? Something like this: 
-- inserts a row into public.users and assigns roles
create function public.handle_new_user() 
returns trigger as $$
declare is_admin boolean;
begin
  -- insert into public.users (id, username)
  -- values (new.id, new.email);
  
  select count(*) = 1 from auth.users into is_admin;
  
  if position('@arrowgtp.com' in new.email) > 0 then
    insert into public.team (id, full_name, avatar_url, role)
    values (new.id, new.raw_user_meta_data->>'full_name', new.raw_user_meta_data->>'avatar_url', 'team');
  else
    insert into public.profiles (id, full_name, avatar_url)
    values (new.id, new.raw_user_meta_data->>'full_name', new.raw_user_meta_data->>'avatar_url');
  end if;
  
  return new;
end;

$$ language plpgsql security definer;

-- trigger the function every time a user is created
create trigger on_auth_user_created
  after insert on auth.users
  for each row execute procedure public.handle_new_user();
-- inserts a row into public.users and assigns roles
create function public.handle_new_user() 
returns trigger as $$
declare is_admin boolean;
begin
  -- insert into public.users (id, username)
  -- values (new.id, new.email);
  
  select count(*) = 1 from auth.users into is_admin;
  
  if position('@arrowgtp.com' in new.email) > 0 then
    insert into public.team (id, full_name, avatar_url, role)
    values (new.id, new.raw_user_meta_data->>'full_name', new.raw_user_meta_data->>'avatar_url', 'team');
  else
    insert into public.profiles (id, full_name, avatar_url)
    values (new.id, new.raw_user_meta_data->>'full_name', new.raw_user_meta_data->>'avatar_url');
  end if;
  
  return new;
end;

$$ language plpgsql security definer;

-- trigger the function every time a user is created
create trigger on_auth_user_created
  after insert on auth.users
  for each row execute procedure public.handle_new_user();
...is this a good idea at all? And is this code...correct? Fresh to SQL, so this is mostly copy/paste and moving stuff around until it kinda makes sense in my head... The idea is new user signs up, and the conditional checks if their email address ends with the company email url...if so, they are put into the team table, and would be able to log in to the team dashboard, but if not, they are a user, and would have access to their own user profile only...

Did you find this page helpful?