S
SolidJS•2w ago
sh1man

Can anyone show code examples of how the permissions work?

I couldn't find a single example. In discord. Perhaps you have any ideas on this. I have never done permissions
67 Replies
sh03
sh03•2w ago
Are you referring to some specific parts of the framework? Doesn't sound like solid specific.
sh1man
sh1manOP•2w ago
I mean how to check the user's rights, for example, to create/edit/delete
sh03
sh03•2w ago
What have you tried, where are you blocked?
TaQuanMinhLong
TaQuanMinhLong•2w ago
you basically need either serialized information (which you need to decode it) from cookie or Authorization Header of the user's request to determine their authorization and authentication
sh1man
sh1manOP•2w ago
you don't know what user rights are??
sh1man
sh1manOP•2w ago
Frontegg
User Role and Permission Management | Frontegg
User role and permission management is one of the biggest challenges SaaS businesses are facing today. Here's how to get things done smoothly.
TaQuanMinhLong
TaQuanMinhLong•2w ago
you mean row level security in database or user session that contains information about their role and permission?
sh1man
sh1manOP•2w ago
contains information about their role and permission
TaQuanMinhLong
TaQuanMinhLong•2w ago
so i was talking about where the session is stored
sh1man
sh1manOP•2w ago
I have an api endpoint how to check the role and permissions correctly
TaQuanMinhLong
TaQuanMinhLong•2w ago
role can either be a string or a sequence of bit flipping (1 and 0 for permission either on or off, the bit position determine which kind of permission it is) then what's your problem that you need help? is it how to implement the same thing in solid start?
sh1man
sh1manOP•2w ago
I need an example of how role and permissions checking is implemented maybe there is a project where you can see an example
sh1man
sh1manOP•2w ago
I don't understand what cookies and a session have to do with it.
TaQuanMinhLong
TaQuanMinhLong•2w ago
but how does this work?
sh1man
sh1manOP•2w ago
This has nothing to do with role verification and permission
sh1man
sh1manOP•2w ago
Maybe that makes more sense
sh1man
sh1manOP•2w ago
Loftware Cloud
YouTube
Managing Access Roles and Permissions
Learn about the relationships between users, access roles, and role permissions. You’ll see how to create new access roles and how to set new role permissions. You’ll also learn how to assign access roles you create to your new and existing users. 00:00 Managing access roles and permissions 00:34 Users, access roles, and role permissions 00:52...
TaQuanMinhLong
TaQuanMinhLong•2w ago
so you mean the permission model? @Atila hope you can help :Worry_DontKnow:
Atila
Atila•2w ago
I think what @TaQuanMinhLong means is that in order to Authorize/Block a user you must have them Authenticated. That's where the session cookie comes in hand. You authenticate and store that information in a HTTP-only cookie (http only because it's safer from MITM attacks). With that done, it's all about your db architecture and relationships to define what resource a user has or doesn't have access to. SolidStart doesn't have any affordances for that part... what we do is making storing and handling the authentication and, once you figured out what you want to do with the user you can use SolidStart to redirect or deliver the resource to them. we do some degree of Row-Level Security to protect routes or not, thus redirecting the user or not. In this video I rolled auth from scratch, but I didn't get into details about Row-Level Security (permissions) because from a SolidStart perspective there's nothing to be done in that sense, I was just showing the Application layer and not the Database layer https://www.youtube.com/watch?v=IXvLskm6pxg&t=1s
sh1man
sh1manOP•2w ago
How you check access to specific components or widgets based on user role
Atila
Atila•2w ago
once you have the user authenticated, it's just about either delivering the resource or sending them somewhere else. Solid-Router makes it easy that you can just throw a redirect at any point
sh1man
sh1manOP•2w ago
@Atila you must know what a role and permissions user are. I didn't write a word about authorization here I was asking about the role and permissions user
sh1man
sh1manOP•2w ago
I mean
No description
Atila
Atila•2w ago
you didn't write the word, but you must understand that you can't have or designate roles to a user without knowing who the user is (that's called authentication), so once you bring "roles" and "permissions" up, the fact that you must have authentication is, in fact, implied. As I wrote in my very first message in this thread:
in order to Authorize/Block a user you must have them Authenticated
and again, on my first message on this thread:
it's all about your db architecture and relationships to define what resource a user has or doesn't have access to.
the quote above is about "permissions", though I don't write the word. The abstraction you have in that screenshot with <AllowedAccess> is not something we SolidStart has built-in. I already told you how to implement that:
what we do is making storing and handling the authentication and, once you figured out what you want to do with the user you can use SolidStart to redirect or deliver the resource to them.
the logic for labelling the role and granting/removing permissions needs to be done on your end.
sh1man
sh1manOP•2w ago
In this thread I asked for examples of projects, not a description of what authorization is. I understand what authorization is, but I haven't seen any examples of how to work with role and permissions user
Atila
Atila•2w ago
you didn't ask anything. we had to imply.
I couldn't find a single example. In discord. Perhaps you have any ideas on this. I have never done permissions
But ok, I also sent you a link for a tutorial with the timestamp where I implemented authorization access to a url... 🤷
sh1man
sh1manOP•2w ago
Your answers focus on authentication (determining user identity) and session management, whereas me are clearly interested in role and permission management after authentication.
sh1man
sh1manOP•2w ago
await accessRoles([Role.ADMIN]); I think it is wrong and not convenient to write such code everywhere
No description
TaQuanMinhLong
TaQuanMinhLong•2w ago
Does a middleware work for this case? You mean authorization? Then you still need to know who the user is (where session and identity come in) and then get the permission scope they have Then you can determine what they can or cannot do If you're asking about organizing and managing permission, it's a whole different story and out of solidjs
sh1man
sh1manOP•2w ago
Yes, solidstart is responsible for that. I about organizing and managing permission
TaQuanMinhLong
TaQuanMinhLong•2w ago
:confusednick: I'm afraid it isn't It's your choice to shape your architecture There are many ways to achieve the thing
sh1man
sh1manOP•2w ago
But I'm using solidstart to handle this endpoint
TaQuanMinhLong
TaQuanMinhLong•2w ago
Yes, and here are the steps
sh1man
sh1manOP•2w ago
yes I can get the user's role if he is authorized
TaQuanMinhLong
TaQuanMinhLong•2w ago
Then what data did you store in the user's role
sh1man
sh1manOP•2w ago
But this code with the role check looks terrible
No description
TaQuanMinhLong
TaQuanMinhLong•2w ago
Solidstart or any other framework is just the tool to achieve your goal
sh1man
sh1manOP•2w ago
yes
TaQuanMinhLong
TaQuanMinhLong•2w ago
You might want to check middleware
TaQuanMinhLong
TaQuanMinhLong•2w ago
Server Routes - Nitro
Nitro supports filesystem routing to automatically map files to h3 routes.
TaQuanMinhLong
TaQuanMinhLong•2w ago
:Worry_DontKnow:
sh1man
sh1manOP•2w ago
do they usually check the role through middleware?
TaQuanMinhLong
TaQuanMinhLong•2w ago
Make a role checker and process for every request If you see something keep repeating on every request, then use middleware Not just role authentication is also the same
sh1man
sh1manOP•2w ago
Is there an example?
TaQuanMinhLong
TaQuanMinhLong•2w ago
The docs is not enough? :confusednick: @Atila I think you have an example of middleware :hehehe:
sh1man
sh1manOP•2w ago
How to check role or permissions in middleware How to make it convenient
TaQuanMinhLong
TaQuanMinhLong•2w ago
:_Cheems_Jztroi:
sh1man
sh1manOP•2w ago
so the code doesn't look like a piece of crap.
TaQuanMinhLong
TaQuanMinhLong•2w ago
There's only one way, follow what the framework tells you to do, cuz it's the framework :Worry_CoffeeHMM: It's already convenient
sh1man
sh1manOP•2w ago
I haven't seen any examples with role or permissions checking ) so I don't know what the framework follows.
TaQuanMinhLong
TaQuanMinhLong•2w ago
Have you done the middleware part?
sh1man
sh1manOP•2w ago
there's too little information and I'm trying to learn something.
TaQuanMinhLong
TaQuanMinhLong•2w ago
Use middleware to get user's role
sh1man
sh1manOP•2w ago
yes
TaQuanMinhLong
TaQuanMinhLong•2w ago
Then when you have the role, what would you do next
sh1man
sh1manOP•2w ago
how to find out where the user is referring to and what method he is using
TaQuanMinhLong
TaQuanMinhLong•2w ago
If your middleware is at route level, then it should have the information about what method and API route did the user call to Like if user make PUT /api/user/<user_id> then you know what handler would be called to handle this request It's also your implementation of how middleware is placed before one or more route handlers
sh1man
sh1manOP•2w ago
I get that.
TaQuanMinhLong
TaQuanMinhLong•2w ago
Ok then is it solved?
sh1man
sh1manOP•2w ago
I need to look at some good code, need an example.
TaQuanMinhLong
TaQuanMinhLong•2w ago
:ferrisCluelesser: Man, just make it work first Then you can organize later
sh1man
sh1manOP•2w ago
I'll try. I'll write it up later
TaQuanMinhLong
TaQuanMinhLong•2w ago
Good luck :_Worry_Gone:
TaQuanMinhLong
TaQuanMinhLong•2w ago
:worryThumbs:
Want results from more Discord servers?
Add your server