Nesting Permissions

Q: Can I nest permissions inside one permission?


A: You can use . or : as part of each permission to further scope them:

admin:billing
admin.users
admin:users:readonly
admin:users:readwrite

And so on.

If you want admin to actually represent several separate things, then there are a couple ways to do it:

  1. Have your UI say admin but behind the scenes add multiple permissions to AuthRocket like billing, team_manager, or project_manager.

  2. Use a fixed role definition inside your app. Write a simple helper method/function to retrieve permissions and have it automatically expand them. They can be stored in a simple hash/associative array:

    roles = { ‘admin’ => [‘billing’,’team_manager’,’project_manager’] }

    Then just check each permission to see if it exists in roles and add those permissions if so.

There are more ways to do it than just the above. If one of those doesn’t quite fit, hopefully it’ll still stir up your creative juices! It just depends on what your end goal is.

Tagged with: permissions

Questions? Find a Typo? Get in touch.