Hi, how do you add authorization ?
After authentication it should be checked if e.g. a user has admin role to access an admin dashboard.
1 Reply
Hey @networkinssch , this is completely left to you at the moment. We do have plans to add a default support for it in Wasp, something like RBAC (role based access control), but that will be in the future versions of Wasp, not super soon.
But it should be quite easy to do it on your own also. You can add
role field to User entity, and you can then in your queries/actions check the value of that role and based on that make a decision if they should be able to execute that query/action or not. If they are not allowed, you can throw HttpError 403 or something like that.
You can check our open-saas template, it already comes in with the concept of admins and even has admin dashboard in it: https://opensaas.sh/ .