W
Wasp•2w ago
fred-123

Is it possible to create custom user roles with the current wasp auth? Such as non-admin staff

is it possible to create custom user roles without circumventing wasp auth? For example, would it be possible to create staff accounts that aren't admin but can view pages that noraml users can't? Am I overcomplicating this?
4 Replies
kapa.ai
kapa.ai•2w ago
Hi @fred-123. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Yes, you can create custom user roles with Wasp's current auth system, but Wasp doesn't have built-in role-based access control (RBAC) yet. You'll need to implement this yourself. The simplest approach is to add a role field to your User entity and then check this value in your queries/actions to determine access permissions: 
// In your User entity definition
entity User {
  id: String @id @default(uuid())
  // ... other fields
  role: String // e.g., "admin", "staff", "user"
}

// In your queries/actions
const myProtectedAction = async (args, context) => {
  if (!context.user) {
    throw new HttpError(401, "Not authenticated");
  }
  
  // Check if user has staff or admin role
  if (context.user.role !== "staff" && context.user.role !== "admin") {
    throw new HttpError(403, "Not authorized");
  }
  
  // Continue with the action logic
}
// In your User entity definition
entity User {
  id: String @id @default(uuid())
  // ... other fields
  role: String // e.g., "admin", "staff", "user"
}

// In your queries/actions
const myProtectedAction = async (args, context) => {
  if (!context.user) {
    throw new HttpError(401, "Not authenticated");
  }
  
  // Check if user has staff or admin role
  if (context.user.role !== "staff" && context.user.role !== "admin") {
    throw new HttpError(403, "Not authorized");
  }
  
  // Continue with the action logic
}
For more complex scenarios, you could create separate entities for roles and groups: 1. For fixed roles: Add a role field to the User entity and check its value 2. For dynamic user groups: Create a UserGroup entity with an N-to-N relationship with User This is standard app/database design and not specific to Wasp. As mentioned by a Wasp team member in Discord: "this is completely left to you at the moment. We do have plans to add a default support for it in Wasp, something like RBAC (role based access control), but that will be in the future versions of Wasp, not super soon." Discord support thread If you need a working example, you can check out the open-saas template which already implements admin roles and an admin dashboard: <https://opensaas.sh/ You're not overcomplicating this - role-based access is a common requirement in many applications! ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @fred-123, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
fred-123
fred-123OP•2w ago
Makes sense. Just thought there might be a wasp way of doing it since its somewhat related to auth.
Vinny (@Wasp)
Vinny (@Wasp)•2w ago
Not at the moment, but we're thinking of implementing Multi-tenant and Role Based Auth in the future. Is that what youre looking for?
G35x
G35x•6d ago
That's what I'm looking for 😄 +1 :boi: from me to support this future plan I'm brooding over having to figure this out but would love to have "team" admins for my users & role based access within teams.

Did you find this page helpful?