Permissions Utils

πŸ‘¨β€πŸ’Ό Great work. There are lots of different ways to accomplish this, but it's important that we have a standard way to handle permissions in our own application.
As mentioned, there is definitely opportunity to improve this with a custom Prisma client extension. If you figure out a good solution for that, let us know!
πŸ¦‰ It should be mentioned that our approach works because we allow admins to also be users (we added both roles to the Kody user). However, if you wanted to not add the user role to the admin, you would need to do one of two things:
  1. Make sure the admin role also gets permissions to modify their own entities
  2. Adjust the application code to use own OR any permissions. Like so:
await requireUserWithPermission(
	request,
	isOwner ? `update:note:any,own` : `update:note:any`,
)
If you ask me, you should probably just make admins users as well. But, making the admin role also get permissions to modify their own entities makes sense as well.

Access Denied

You must login or register for the workshop to view the diff.

Check out this video to see how the diff tab works.