Permissions Utils

πŸ‘¨β€πŸ’Ό It would be great to have some nicer utilities for determining a user's access to perform actions on an entity. So Kellie πŸ§β€β™‚οΈ put some together in . I'll let Kellie explain how it works.
πŸ§β€β™‚οΈ Thanks Peter. Yeah, so there are now a few utilities you can use in the permissions module. Here's how you can use them:
// requireUserWithPermission
export async function loader({ request }: LoaderFunctionArgs) {
	const userId = await requireUserWithPermission(request, 'update:user:own')
	// it throws an error response if the user doesn't have this permission, so
	// if you make it this far, you know they have it.

	// ... do stuff
}

export async function action({ request }: ActionFunctionArgs) {
	const userId = await requireUserWithRole(request, 'admin')
	// it throws an error response if the user doesn't have this role, so
	// if you make it this far, you know they have it.

	// NOTE: use this sparingly. It's better to use requireUserWithPermission
	// because if we ever change permissions for a role they may no longer have
	// access to perform this action.

	// ... do stuff
}

function SomeRoute() {
	const user = useOptionalUser()
	const canCreateOwnNotes = userHasPermission(user, 'create:note:own')

	// ... do stuff
}

function SomeRoute() {
	const user = useOptionalUser()
	const isAdmin = userHasRole(user, 'admin')

	// ... do stuff
}
Also, you can set the access to comma-separated accesses if you need.
// if the user is the owner, then they need to have "own" access
// if they're not, they need to have "any" access
await requireUserWithPermission(request, `update:note:any,own`)
// πŸ¦‰ we'll not be using this feature of the util today though.
One thing is the userHasRole and userHasPermission functions rely on user data loaded in the root loader and I haven't done that yet, so you'll need to handle that before you can use these utilities.
πŸ‘¨β€πŸ’Ό Thanks for building those utilities Kellie!
🐨 Ok, so before you can actually start using these utilities, you need to add the permissions to the user query in .
🐨 While you're there, you may as well finish the user admin role work by updating the App component with a userIsAdmin variable and locking down the route.
🦺 If you want to, you can remove the ts-ignores in now that the root loader is loading the user's permissions.
🐨 With that done, now you need to update the route to use these utilities instead of what you did last time.
Login to get access to the exclusive discord channel.
  • general
    npm install everytime I setup a new playground
    Duki 🌌:
    Is it normal that I have to run `npm install` in my playground directory, everytime I setup the play...
    • βœ…1
    2 Β· 14 days ago
  • general
    Welcome to EpicWeb.dev! Say Hello πŸ‘‹
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    This is the first post of many hopefully!
    • 18
    80 Β· 6 days ago
  • πŸ”auth
    The latest web-auth workshop cannot be launch
    QzCurious 🌌:
    I've done: 1. Remove web-auth directory 2. Follow https://github.com/epicweb-dev/web-auth?tab=readme...
    • βœ…1
    7 Β· 2 months ago
  • general
    Migration to Vite: Server-only module referenced by client
    Fabian 🌌:
    Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
    • βœ…1
    1 Β· 3 months ago
  • πŸ”auth
    Github token added on refactor of connection model exercise
    abraham_aguilera 🌌:
    Where does the newly created `GITHUB_TOKEN` come from in the `resolveConnectionData` introduced in t...
    • βœ…1
    2 Β· 5 months ago
  • πŸ”auth
    Potential Security Concern with Empty Session Data in createCookieSessionStorage?
    QzCurious 🌌:
    Since session data can be an empty object, it seems possible that someone could guess when encrypted...
    • βœ…1
    6 Β· 2 months ago
  • general
    Remix Vite Plugin
    Binalfew πŸš€ 🌌:
    <@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
    • βœ…1
    3 Β· a year ago
  • general
    πŸ”­foundations
    Solutions video on localhost:5639 ?
    quang πŸš€ 🌌:
    Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
    • βœ…1
    9 Β· a year ago
  • πŸ”auth
    Where are we getting target_type from?
    Salym πŸš€ πŸ† 🌌:
    I don't see target_type in ur verification schema, how are we generating this?
    • βœ…1
    9 Β· 4 months ago
  • πŸ”auth
    Unknown file extension ".png" for ".../user.png"
    TraderDave79 🌌:
    I'm going through the `web-auth` module and in the "Require Authenticated" exercise, after making th...
    • βœ…1
    9 Β· 5 months ago
  • πŸ”auth
    github.com refuses to connect in workshop app
    TraderDave79 🌌:
    Web Authentication / OAuth / 02. GitHub Strategy / Problem & Solution apps, when clicking "Login wit...
    • βœ…1
    3 Β· 5 months ago
  • general
    Epicshop is now social and mobile friendly!
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
    • πŸŽ‰2
    0 Β· 5 months ago
  • πŸ’Ύdata
    general
    πŸ“forms
    πŸ”­foundations
    double underscore?
    trendaaang 🌌:
    What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
    • βœ…1
    2 Β· 6 months ago
  • πŸ”auth
    RBAC with Entity scoping
    abraham_aguilera 🌌:
    Hi all! I'm working on implementing access control but I want to be able to scope permissions per en...
    • βœ…1
    3 Β· 6 months ago
  • πŸ”auth
    πŸ’Ύdata
    08. ROLE-BASED ACCESS / 02. ROLES SEED - migration to local vs production
    Fabian 🌌:
    So I'm in a bit over my head with this one, in particular with how migration works in a local env vs...
    • βœ…1
    1 Β· 6 months ago
  • πŸ”auth
    Redirect Cookie > 03. Redirect missing ProgressToggle form
    RomΓ‘n πŸ† πŸš€ 🌌:
    This last exercises of the Auth module isn't showing the ProgressToggle form for some reason. I fork...
    • βœ…1
    5 Β· a year ago
  • πŸ’Ύdata
    πŸ”auth
    Prisma batching in the Require Authorized (07/03/solution)
    ajara 🌌 πŸš€:
    When I did the `requireUser` function in `auth.server.ts` I thought about using `requireUserId` func...
    • βœ…1
    4 Β· 7 months ago
  • πŸ”­foundations
    πŸ’Ύdata
    general
    πŸ“forms
    πŸ”auth
    Native Logging
    trendaaang 🌌:
    I was thinking that it could be useful to log every CRUD operation to help track down errors. Is tha...
    • βœ…1
    6 Β· 7 months ago
  • general
    The video play is pretty laggy currently
    QzCurious 🌌:
    I thought I should tag you for this <@105755735731781632>. Please take a look if something wrong.
    • βœ…2
    9 Β· 8 months ago
  • general
    New Workshop Scheduled
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    Hey Epic Web devs! I wanted to let you know before everyone else on here: https://www.epicweb.dev/ev...
    • 2
    0 Β· 8 months ago