[NEED HELP] Try to use permissions with roles

[fbonhomm]

Hello,

I have a problem with permissions with roles.
I would like to store the roles in a database.

I have entities like org and project, the roles are linked to these entities.

user -> 
        org1 (admin) ->
                        project1 (admin) 
                        project2 (limited)
        org2 (limited) ->
                        project1 (standard) 
                        project2 (standard)

The tables for the roles are:

• org_roles
• project_roles

I use JWT tokens as authentication.

1. My first solution, and the one I would like to implement.

The role verification will be done like this:

All users have the user role in the JWT.

The problem is that I would like to filter the fields returned according to the role, (for example, for the role limited, it returns only the fields name and description).

2. Second solution, use the roles in Hasura and in the database

If I declare roles in hasura, like org_owner, org_admin, ... ,project_owner, this is verbose and especially in the JWT, there is a default role and you have to put all roles allowed.

“x-hasura-default-role”: “?” (“standard”)
"x-hasura-allowed-roles": [
  “org_owner",
  “org_admin”,	
  …
  “project_owner",
  ...
],

And I send the role through the header:

Authorization: Bearer eyJhbGciOiJIUzI…,
x-hasura-role: “org_owner”,

And I check in database as well.

3. I store everything in the JWT (worse case)

projects: {
      “behfjefcedvc7e6767364737” (project id): {
             “role”: “standard”
       }
       ….
}

orgs: {
      “4h5gkj4h5jk4h5jhk4jh” (org id): {
             “role”: “admin”
       }
       ….
}

The JWT can do several megabytes.

Conclusion

Do you have better solutions or tips to solve my problems?


I prefer to use the first solution and filters the variables in the custom check.

Thank you.

[tirumaraiselvan]

I think second solution will be the way to go.