wasp Access control / permissions in Wasp

Access control / permissions in Wasp

Open Martinsos opened this issue 3 years ago • 5 comments

Ideas:

On Page/Route level (for UX purposes really, not security)
On Operation level
On Entity level
On Entity field level

Mar 06 '22 12:03 Martinsos

Related to #263

Jul 25 '24 11:07 infomiho

Bumping this because it's a popular request.

Related: #2396 and #1133

Feb 17 '25 18:02 sodic

Related https://github.com/wasp-lang/wasp/issues/584

Apr 22 '25 11:04 cprecioso

More users requesting this: https://discord.com/channels/686873244791210014/1353781474456768714/1353781474456768714

Jun 03 '25 21:06 sodic

More users requesting this: https://discord.com/channels/686873244791210014/1353781474456768714/1353781474456768714

Some quotes:

would it be possible to create staff accounts that aren't admin but can view pages that noraml users can't?

would love to have "team" admins for my users & role based access within teams.

I'm super reluctant to be adding a separate db query for every page just to get organisation data for a user. Are we not simply able to change the context.user to join our "organisation" entity so we have all the information here. Basically I want an organisation to hold the subscription details not the user. And only certain actions or pages can be performed based on your subscription. Also you can only load data that is linked to your organisation.

In terms of restricting data I can do this pretty easily, just using queries, views, filters etc, but the crux is getting access within context.user or context.Org so that you don't have to do a db query everytime a page loads or a query/action is required

Jun 04 '25 09:06 Martinsos

wasp wasp copied to clipboard

Access control / permissions in Wasp

wasp
wasp copied to clipboard