You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been looking at different use cases for Sanity and one that I thought of recently was a kind of "multi-tenant" setup whereby many vendors could log into a single Sanity project and manage their own products in a dataset via a shared studio.
This sounds appealing to me as a developer looking to create small online "marketplaces" for specific niches as:
You would only have to manage one project, dataset and deployment
You don't need to build a custom back office for vendors to manage their products
Sanity already handles project user invitations and authentication
Sanity allows you to create roles and permissions for individual users
Problem
I started to explore the idea and got as far as looking at how I would go about restricting vendors read/write ability to a subset of documents in the dataset. Generally how I would go about this for a small handful of users is to:
Create a custom role for each vendor with a content resource filter like vendor == "[email protected]"
Filter out documents of a given type in the studio by getting the logged in user and applying the above filter
Use initial template values to ensure vendors can create and publish documents that respects the above filter
Which I think would work in theory (haven't actually tried hooking it all up) but it doesn't scale particularly well as it would require a custom role and content resource filter be created for each vendor.
Proposed Solution
One way that this could be made more scalable would be to allow for reserved parameters to be used within content resource filters. Assuming that the API has access to the current studio user's access token, it could extract a unique identifier for the user and pass that as a parameter to the content resource filter, this would allow for a content resource configuration like:
Given my understanding of how roles, permissions and content resources filters work currently, I don't think this would be a significant technological lift from what already exists today (of course, I could be way off the mark here!) but it would unlock some more interesting use cases for Sanity and the Studio.
Alternatives
Given that the proposed solution does not exist currently, the only real way I can see of achieve this multi-tenant setup at scale is to "eject" from the studio and build my own UI and API layers to allow authenticated vendors to create and manage products on the platform (essentially forgoing all the benefits and capabilities of the studio).
Thanks for reading and please do let me know if there is something I have missed that exists already to solve this problem 🤞
The text was updated successfully, but these errors were encountered:
lukejacksonn
changed the title
Reserved parameters content resource filters
Allow reserved parameters in content resource filters
Jan 7, 2025
Goal
I've been looking at different use cases for Sanity and one that I thought of recently was a kind of "multi-tenant" setup whereby many vendors could log into a single Sanity project and manage their own products in a dataset via a shared studio.
This sounds appealing to me as a developer looking to create small online "marketplaces" for specific niches as:
Problem
I started to explore the idea and got as far as looking at how I would go about restricting vendors read/write ability to a subset of documents in the dataset. Generally how I would go about this for a small handful of users is to:
vendor == "[email protected]"
Which I think would work in theory (haven't actually tried hooking it all up) but it doesn't scale particularly well as it would require a custom role and content resource filter be created for each vendor.
Proposed Solution
One way that this could be made more scalable would be to allow for reserved parameters to be used within content resource filters. Assuming that the API has access to the current studio user's access token, it could extract a unique identifier for the user and pass that as a parameter to the content resource filter, this would allow for a content resource configuration like:
Given my understanding of how roles, permissions and content resources filters work currently, I don't think this would be a significant technological lift from what already exists today (of course, I could be way off the mark here!) but it would unlock some more interesting use cases for Sanity and the Studio.
Alternatives
Given that the proposed solution does not exist currently, the only real way I can see of achieve this multi-tenant setup at scale is to "eject" from the studio and build my own UI and API layers to allow authenticated vendors to create and manage products on the platform (essentially forgoing all the benefits and capabilities of the studio).
Thanks for reading and please do let me know if there is something I have missed that exists already to solve this problem 🤞
The text was updated successfully, but these errors were encountered: