Permissions using FrontQL

Introduction

In applications, the user needs to have certain permissions to access certain features or functionalities. FrontQL provides the ability to define and enforce these permissions using the permissions query parameter.

In FrontQL, permissions are a crucial component of user authentication and authorization. Permissions are used to determine whether a user has access to certain resources or actions.

Implementing Permissions

• Permissions are defined using the permissions query parameter.
• In the query we pass the session token through the session parameter.
• We define the required permissions and pass them through the permissions parameter.

Example

Here’s a simple example of implementing permissions using FrontQL:

API

async function getUsers() {
  const response = await Api.get("/users", {
    permissions: "{id}==1",
    session:
      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwibmFtZSI6IkpvaG4iLCJlbWFpbCI6ImFkbWluQGdtYWlsLmNvbSIsImlhdCI6MTY3MjMxNjMxN30.8q8Ks9yFVnQp9Y5Z5QI6pJcBbIjJpJlM",
  });

  return response;
}

Fetch

async function getUsers() {
  const url = `${BASE_URL}/users`; // Replace BASE_URL with the base URL of API server
  const response = await fetch(url, {
    method: "GET",
    headers: {
      "Content-Type": "application/json",
      permissions: "{id}==1",
      session: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwibmFtZSI6IkpvaG4iLCJlbWFpbCI6ImFkbWluQGdtYWlsLmNvbSIsImlhdCI6MTY3MjMxNjMxN30.8q8Ks9yFVnQp9Y5Z5QI6pJcBbIjJpJlM",
      app: DATABASE, // Replace DATABASE with the name of your database
      token: TOKEN, // Replace TOKEN with the token
      // OR
      // Authorization: `Bearer ${AUTH_TOKEN}`, // Replace AUTH_TOKEN with the authorization token,
    },
  });

  const data = await response.json();
  return data;
};

Output

In this example,

• If the user has the required permissions, it fetches all users from the server and returns:

  {
    "err": false,
    "count": 2,
    "result": [
      {
        "id": 1,
        "name": "John Doe",
        "email": "[email protected]",
        "created_at": "2022-01-01 00:00:00.000",
        "updated_at": "2022-01-01 00:00:00.000"
      },
      {
        "id": 2,
        "name": "Jane Doe",
        "email": "[email protected]",
        "created_at": "2022-01-01 00:00:00.000",
        "updated_at": "2022-01-01 00:00:00.000"
      }
    ]
  }

• Or if the user does not have the required permissions, it returns:

  {
    "err": true,
    "result": "Permission denied!"
  }