TTC
Theo's Typesafe Cult15mo ago
JulieCezar

How do you all handle Role based access?

I'm creating a new Next app which will require RBA. So let's say I have 2 routes for my user roles: /student/* and /teacher/* Is it better to handle Authorization to those pages in getServerSideProps and then redirect if the role isn't correct. Or should I lazy load the main content and then display if the role is right? E.g. I have a page for showing all tasks. Teachers are supposed to see the tasks only they have created, while students should see all the created tasks. Since both pages show mostly the same components only with some different data, should I make that into 2 routes /students/tasks and /teachers/tasks, and use getSSP like I explained or is it better to just query content depending on role and then when it arrives display it? Or if they aren't logged in at all, show login component.
9 Replies
Neto
Neto15mo ago
you can use a middleware to block any unauthorised access or redirect to the correct page
no user? redirect to sign in page teacher using student page? redirect to teacher student using teacher page? redirect to student
the fetching side of things, can be handled on its own at api level
JulieCezar
JulieCezar15mo ago
This only works with JWT strategy tho...
Neto
Neto15mo ago
if you can fetch the user before rendering the page, the same applies to middleware/gssp
JulieCezar
JulieCezar15mo ago
JulieCezar
JulieCezar15mo ago
So yes I can use it in middleware... the only thing I was worried about was the loading state, but it seems I was worried for nothing... xD
Neto
Neto15mo ago
Usually fetching the data is cheap as long it's a fine query
jingleberry
jingleberry15mo ago
You can add redirects and such at the routing layer, but might be worth adding something closer to the persistence/service layer too (in case someone does manage to sneak past your route guards)
arete
arete15mo ago
https://next-auth.js.org/getting-started/client#custom-client-session-handling
Client API | NextAuth.js
The NextAuth.js client library makes it easy to interact with sessions from React applications.
arete
arete15mo ago
might give you some insight 👍
Want results from more Discord servers?
Add your server
More Posts
I am trying to understand the necessity of KafkaSuppose I have a dashboard where we will show the user about the stock changes over a span of time (Nextjs | Set cookies headerHi, I want to make a call to an API (which I don't have access to) that returns headers with cookiesinfer parameters of function passed as prop on a react componentis there any way to infer the parameters values of a function passed with props? I am trying to crDoes cache control header work out of the box on self hosted NextJS APIs?Does the ``` "Cache-Control": "s-maxage=123123123" ``` work out of the box with self hosted NextJLooking for advice on how to fetch/load an onboarding bannerI'm using T3 inside a monorepo (turbo repo). For new users, I have a Get Started page that has a hanStack for Discord Bot + WebinterfaceHello! I am new to the t3-app stack and was wondering how to properly implement a service like discStripe webhook errorNext 12: I've followed Next official guide for integrating stripe into my published site on vercel, `onSuccess` is typed correctly as `data: ReturnItem` for one mutation but as `data: any` for another`onSuccess` is typed correctly as `data: ReturnItem` for one mutation but as `data: any` for anotherGoogle Provider when deployingI'm trying to deploy my project on vercel with a custom domain, but I'm getting an error that says sA Complex Union TypeHow to get this union type: ```js type MyType = "x:a" | "x:b" | "x:c" | "y:d" | "y:f" | "y:g"; ```