tRPC•3y ago•

4 replies

Advanced Permissioning In Middleware

I need to handle somewhat complicated permissioning logic, for example:

User A can read (but not write) tasks from Facility B

User A can read (but not write) tasks from Facility B

Is there a good pattern for applying this sort of logic in middlewares? Currently, I can create a verbose permission set in

Context

Context

for that user, but I'm not sure how best to handle a facility-specific route, for example trying to

read tasks from Facility B

read tasks from Facility B

.

The

Context

Context

will contain all of that user's permissions, but I'm not sure how to check those permissions against a route-specific ID (for example

facilityID

facilityID

) in a middleware.

I don't think I'd want to set that

facilityID

facilityID

in context (since a lot of procedures won't have a

facilityID

facilityID

at all) and it doesn't look like there's a way to pass dynamic values into middleware using

Meta

Meta

.

Any thoughts?