Global Permissions
Global permissions are permissions that are applied to all users in the app, this is useful for setting permissions as the developer, you can set permissions for any 'user' in the app depending on their role and permissions set.
Where are global permissions defined?
By default, you get the following permissions/roles set:
| Role | Permissions |
|---|---|
| Admin | user:read user:write user:delete user:manage-roles role:read role:write role:delete role:manage-permissions permission:read permission:write permission:delete admin:impersonate admin:system content:read content:write |
| Editor | user:read content:read content:write |
| User | content:read |
You can completely omit these permissions/roles if you don't want to use a global level role system.
How to create a global role and permissions
For this we've created in the dashboard a Permissions page in which you can create update and delete roles & permissions.
How to consume global permissions
We've created multiple services and hooks around the permissions system, you can find them in the server/services/permissionService.ts file for database related permissions.
You also get a composable in the composables/usePermissions.ts & composables/useRoles.ts file that you can use to manage permissions in your application.
List of permissions services and description
You can find the services in the server/services/permissionService.ts file. These are directly tied to the Drizzle ORM and completely abstracted from the application.
| Service | Description |
|---|---|
createRole | Creates a new role |
updateRole | Updates an existing role |
deleteRole | Deletes a role |
getRoleById | Gets a role by ID |
getAllRoles | Gets all roles |
createPermission | Creates a new permission |
updatePermission | Updates an existing permission |
deletePermission | Deletes a permission |
getPermissionById | Gets a permission by ID |
assignRoleToUser | Assigns a role to a user |
removeRoleFromUser | Removes a role from a user |
assignPermissionToRole | Assigns a permission to a role |
removePermissionFromRole | Removes a permission from a role |
getUserRoles | Gets the roles of a user |
getRolePermissions | Gets the permissions of a role |
getRoleWithPermissions | Gets a role with its permissions |
getAllPermissions | Gets all permissions |
userHasPermission | Checks if a user has a permission |
userHasRole | Checks if a user has a role |
getAllRoles | Gets all roles |
getAllPermissions | Gets all permissions |