#
Managing permissions for a roleWith the UserRoles recipe you can:
- Add permissions to a role
- Remove permissions from a role
- Get a list of all permissions assigned to a role
- Get a list of all roles that have a specific permission
#
Add permissionsThe createNewRoleOrAddPermissions
can be used to add new permissions to a role. This function only adds missing permissions to a role and will not have any effect on permissions that are already assigned to a role.
- NodeJS
- GoLang
- Python
- cURL
Important
For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.
import UserRoles from "supertokens-node/recipe/userroles";
async function addPermissionForRole() {
// Add the "write" permission to the "user" role
await UserRoles.createNewRoleOrAddPermissions("user", ["write"]);
}
import (
"github.com/supertokens/supertokens-golang/recipe/userroles"
)
func addPermissionForRole() {
// Add the write permission to the user role
_, err := userroles.CreateNewRoleOrAddPermissions("user", []string{"write"}, nil)
if err != nil {
// TODO: Handle error
return
}
}
- Asyncio
- Syncio
from supertokens_python.recipe.userroles.asyncio import create_new_role_or_add_permissions
async def add_permission_for_role():
await create_new_role_or_add_permissions("user", ["write"])
from supertokens_python.recipe.userroles.syncio import create_new_role_or_add_permissions
def add_permission_for_role():
create_new_role_or_add_permissions("user", ["write"])
- Single app setup
- Multi app setup
curl --location --request PUT '/recipe/role' \
--header 'api-key: ' \
--header 'Content-Type: application/json; charset=utf-8' \
--data-raw '{
"role": "user",
"permissions": [
"write"
]
}'
curl --location --request PUT '/recipe/role' \
--header 'api-key: ' \
--header 'Content-Type: application/json; charset=utf-8' \
--data-raw '{
"role": "user",
"permissions": [
"write"
]
}'
Multi Tenancy
In a multi tenant setup, roles and permissions are shared across all tenants. This means that you can create a role and add permissions to it once, and reuse that role across any tenant in your app.
#
Remove permissionsYou can remove one or more permissions from a role, the role must be created before using this function.
- NodeJS
- GoLang
- Python
- cURL
Important
For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.
import UserRoles from "supertokens-node/recipe/userroles";
async function removePermissionFromRole() {
// Remove the "write" permission to the "user" role
const response = await UserRoles.removePermissionsFromRole("user", ["write"]);
if (response.status === "UNKNOWN_ROLE_ERROR") {
// No such role exists
}
}
import (
"github.com/supertokens/supertokens-golang/recipe/userroles"
)
func removePermissionFromRole() {
// Remove the write permission to the user role
response, err := userroles.RemovePermissionsFromRole("user", []string{"write"}, nil)
if err != nil {
// TODO: Handle error
return
}
if response.UnknownRoleError != nil {
// No such role exists
}
}
- Asyncio
- Syncio
from supertokens_python.recipe.userroles.asyncio import remove_permissions_from_role
from supertokens_python.recipe.userroles.interfaces import UnknownRoleError
async def remove_permission_from_role_func():
res = await remove_permissions_from_role("user", ["write"])
if isinstance(res, UnknownRoleError):
# No such role exists
pass
from supertokens_python.recipe.userroles.syncio import remove_permissions_from_role
from supertokens_python.recipe.userroles.interfaces import UnknownRoleError
def remove_permission_from_role_func():
res = remove_permissions_from_role("user", ["write"])
if isinstance(res, UnknownRoleError):
# No such role exists
pass
- Single app setup
- Multi app setup
curl --location --request POST '/recipe/role/permissions/remove' \
--header 'api-key: ' \
--header 'Content-Type: application/json; charset=utf-8' \
--data-raw '{
"role": "user",
"permissions": [
"write"
]
}'
curl --location --request POST '/recipe/role/permissions/remove' \
--header 'api-key: ' \
--header 'Content-Type: application/json; charset=utf-8' \
--data-raw '{
"role": "user",
"permissions": [
"write"
]
}'
#
Get all permissions for a roleGet a list of all permissions assigned to a role
- NodeJS
- GoLang
- Python
- cURL
Important
For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.
import UserRoles from "supertokens-node/recipe/userroles";
async function getPermissionsForRole() {
const response = await UserRoles.getPermissionsForRole("user");
if (response.status === "UNKNOWN_ROLE_ERROR") {
// No such role exists
return;
}
const permissions: string[] = response.permissions;
}
import (
"github.com/supertokens/supertokens-golang/recipe/userroles"
)
func getPermissionsForRole() {
// const response = await UserRoles.getPermissionsForRole("user");
response, err := userroles.GetPermissionsForRole("user", nil)
if err != nil {
// TODO: Handle error
return
}
if response.UnknownRoleError != nil {
// No such role exists
return
}
_ = response.OK.Permissions
}
- Asyncio
- Syncio
from supertokens_python.recipe.userroles.asyncio import get_permissions_for_role
from supertokens_python.recipe.userroles.interfaces import UnknownRoleError
async def remove_permission_from_role():
res = await get_permissions_for_role("user")
if isinstance(res, UnknownRoleError):
# No such role exists
return
_ = res.permissions
from supertokens_python.recipe.userroles.syncio import get_permissions_for_role
from supertokens_python.recipe.userroles.interfaces import UnknownRoleError
def remove_permission_from_role():
res = get_permissions_for_role("user")
if isinstance(res, UnknownRoleError):
# No such role exists
return
_ = res.permissions
- Single app setup
- Multi app setup
curl --location --request GET '/recipe/role/permissions?role=user' \
--header 'api-key: '
curl --location --request GET '/recipe/role/permissions?role=user' \
--header 'api-key: '
#
Get all roles that have a permissionGet a list of all roles that have been assigned a specific permission
- NodeJS
- GoLang
- Python
- cURL
Important
For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.
import UserRoles from "supertokens-node/recipe/userroles";
async function getRolesWithPermission() {
const response = await UserRoles.getRolesThatHavePermission("write");
const roles: string[] = response.roles;
}
import (
"github.com/supertokens/supertokens-golang/recipe/userroles"
)
func getRolesWithPermission() {
response, err := userroles.GetRolesThatHavePermission("write", nil)
if err != nil {
// TODO: Handle error
return
}
_ = response.OK.Roles
}
- Asyncio
- Syncio
from supertokens_python.recipe.userroles.asyncio import get_roles_that_have_permission
async def get_roles_with_permission():
res = await get_roles_that_have_permission("write")
_ = res.roles
from supertokens_python.recipe.userroles.syncio import get_roles_that_have_permission
def get_roles_with_permission():
res = get_roles_that_have_permission("write")
_ = res.roles
- Single app setup
- Multi app setup
curl --location --request GET '/recipe/permission/roles?permission=write' \
--header 'api-key: '
curl --location --request GET '/recipe/permission/roles?permission=write' \
--header 'api-key: '