Skip to content
FronQL Docs

Permission using FrontQL

Introduction

In applications, the user needs to have certain permissions to access certain features or functionalities. FrontQL provides the ability to define and enforce these permissions using the permission query parameter.

In FrontQL, permissions are a crucial component of user authentication and authorization. Permissions are used to determine whether a user has access to certain resources or actions.

Implementing Permission

  • Permissions are defined using the permission query parameter.
  • In the query we pass the session token through the session parameter.
  • We define the required permissions and pass them through the permission parameter.

Example

Here’s a simple example of implementing permission using FrontQL:

async function getUsers() {
  const response = await Api.get("/users", {
    permission: "{id}:1",
    session:
      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwibmFtZSI6IkpvaG4iLCJlbWFpbCI6ImFkbWluQGdtYWlsLmNvbSIsImlhdCI6MTY3MjMxNjMxN30.8q8Ks9yFVnQp9Y5Z5QI6pJcBbIjJpJlM",
  });


  return response;
}

Output

In this example,

  • If the user has the required permissions, it fetches all users from the server and returns:

    {
      "err": false,
      "count": 2,
      "result": [
        {
          "id": 1,
          "name": "John Doe",
          "email": "[email protected]",
          "created_at": "2022-01-01 00:00:00.000",
          "updated_at": "2022-01-01 00:00:00.000"
        },
        {
          "id": 2,
          "name": "Jane Doe",
          "email": "[email protected]",
          "created_at": "2022-01-01 00:00:00.000",
          "updated_at": "2022-01-01 00:00:00.000"
        }
      ]
    }

  • Or if the user does not have the required permissions, it returns:

    {
      "err": true,
      "result": "Permission denied!"
    }