stack icon indicating copy to clipboard operation
stack copied to clipboard
verified publisher icon stack-auth

[Feature Request] Programmatically create project and team permissions

Open sam-harri opened this issue 7 months ago • 2 comments

I have a use case where it would be nice to be able to programmatically create permissions rather than have to create them through the dashboard. I've looked through the dashboard source code, and I think it would be nice to add createProjectPermissionDefinition and createTeamPermissionDefinition methods to the stackServerApp rather than only having it available to the stackAdminApp. I understand this is most likely intentional, but having it as an opt in through the project config could be nice.

sam-harri avatar Jun 10 '25 01:06 sam-harri

How are you planning to use this feature? We didn't expose it because we want to keep as few endpoints public so we can change them without worrying backwards compatibility.

fomalhautb avatar Jun 10 '25 08:06 fomalhautb

I have an internal tooling dashboard template I'm deploying as a Vercel template, and on startup I need to create the necessary permissions.

Basically when the first ever user logs in they will trigger something along these lines

export async function setup() {
  const user = await stackServerApp.getUser({ or: 'redirect' });

  // user should be first ever user and not have admin permission yet
  const firstEverUser = (await stackServerApp.listUsers({ orderBy: 'signedUpAt', limit: 1 }))[0];
  console.log('firstEverUser', firstEverUser.id);
  if (firstEverUser.id !== user.id) {
    console.log('User is not the first ever user, skipping setup');
    redirect('/tools');
  }

  const hasAdminPermission = Boolean(await user.getPermission('admin'));
  if (hasAdminPermission) {
    console.log('User already has admin permission, skipping setup');
    redirect('/tools');
  }

  // I'd want to create a few permission types here
 await stackServerApp.createProjectPermissionDefinition("admin", [])

  // to then grant them here and have them available throughout the application without needing the user to go into the dashboard
  await user.grantPermission('admin');
  console.log('Admin permission granted');
  redirect('/tools');
}

It'd also be nice to create a permission per tool programmatically from within my application, such that I can manage these permissions within the stack auth framework without needing the dashboard. Otherwise, I'd need to manage authorization logic in both Stack and my own database instead of having Stack be the single source of truth.

sam-harri avatar Jun 11 '25 12:06 sam-harri