What is the main goal of the Permissions skill?

It ensures that authorization checks are consistent and secure across both client-side actions and server-side functions in a multi-tenant environment.

How does it handle multi-tenancy?

It requires a teamId for every permission check, ensuring that users can only access or modify data belonging to their specific team.

What is the difference between hasTeamPermission and requireTeamPermission?

hasTeamPermission returns a boolean for manual logic in actions, while requireTeamPermission automatically throws an error if the user lacks access, making it ideal for server functions.

How do I fix a permission mismatch?

Identify the mismatch between the action and server function, determine the correct granular permission, and update the server function to match the action's requirements.

Team Authorization & RBAC

Name: Team Authorization & RBAC
Author: wodsmith

bywodsmith

Seguridad y Pruebas

Manages team-based permissions and role-based access control to ensure consistent authorization across client-side actions and server-side functions.

Acerca de

This skill provides comprehensive guidance for implementing and maintaining a robust multi-tenant authorization system within the WODsmith codebase. It streamlines the process of checking permissions for team members, aligning security logic between the frontend and backend, and managing granular access to resources like workout components, user roles, and billing. By utilizing standardized patterns and utility functions, it prevents authorization mismatches and ensures that every operation is correctly scoped to the appropriate team context, maintaining high security standards across the application.

Características Principales

Multi-tenant support via team-scoped permission checks
0 GitHub stars
Standardized RBAC implementation across client and server layers
Guidelines for synchronizing permission constants between actions and functions
Granular resource access management for workout components and settings
Pre-built utilities for checking and enforcing access rights

Casos de Uso

Synchronizing permission checks between a ZSA Server Action and a core server function
Implementing multi-tenant security logic when creating new team-based features
Auditing and fixing authorization mismatches in existing CRUD operations

Acerca de

Características Principales

Multi-tenant support via team-scoped permission checks
0 GitHub stars
Standardized RBAC implementation across client and server layers
Guidelines for synchronizing permission constants between actions and functions
Granular resource access management for workout components and settings
Pre-built utilities for checking and enforcing access rights

Casos de Uso

Synchronizing permission checks between a ZSA Server Action and a core server function
Implementing multi-tenant security logic when creating new team-based features
Auditing and fixing authorization mismatches in existing CRUD operations