Permix

Checking

Learn how to check permissions in your application

Overview

Permix provides two methods for checking permissions: check and checkAsync. Both methods return a boolean indicating whether the action is allowed.

check

The check method allows you to verify if certain actions are permitted. It returns a boolean indicating whether the action is allowed:

permix.check('post', 'create') // returns true/false

Array

You can check multiple actions at once by passing an array of actions. All actions must be permitted for the check to return true:

// Check if both create and read are allowed
permix.check('post', ['create', 'read']) // returns true if both are allowed

All

Use the special 'all' keyword to verify if all possible actions for an entity are permitted:

// Check if all actions are allowed for posts
permix.check('post', 'all') // returns true only if all actions are permitted

checkAsync

When you need to ensure permissions are ready before checking, use checkAsync. This is useful when permissions might be set up asynchronously:

setTimeout(() => {
  permix.setup({
    post: { create: true }
  })
}, 1000)
 
await permix.checkAsync('post', 'create') // waits for setup

In most cases you should use check instead of checkAsync. checkAsync is useful when you need to ensure permissions are ready before checking, for example in route middleware.

Data-Based

You can define permissions that depend on the data being accessed:

permix.setup({
  post: {
    // Only allow updates if user is the author
    update: post => post.authorId === currentUserId,
    // Static permission
    read: true
  }
})
 
// Check with data
const post = { id: '1', authorId: 'user1' }
 
permix.check('post', 'update', post) // true if currentUserId === 'user1'

You still can check permissions without providing the data, but it will return false in this case.

Type Safety

Permix provides full type safety for your permissions:

import {  } from 'permix'
 
const  = <{
  : {
    : 'create' | 'update'
  }
}>()
 
// This will cause a TypeScript error but will return false
.('post', 'invalid-action')
Argument of type '"invalid-action"' is not assignable to parameter of type '"create" | "update" | "all" | ("create" | "update")[]'.
 
.('invalid-entity', 'create')
Argument of type '"invalid-entity"' is not assignable to parameter of type '"post"'.

Previous

Setup

Next

Template

On this page