Best practices for SaaS
Heyo!
Planning on making something new towards SaaS, but there's one thing that is kind of bothering me.
Users can register and subscribe, this will create a project for their company. A user however, can have multiple companies, each with isolated data. So that means a new project per company.
If a user logs into their account, how do I know which projects they have access to..?
Any ideas? 🙂
How would you allow a user in one Project to access a different Project?
exactly
I'd personally probably try to keep it all in one Project and use a separate Database for each company.
And then each user would get Labels for each company they have access to
Or Teams
I thought of that
but that sounds like a massacre to maintenance
I could make a "global" project with database, which contains all project id's and who created them? 🤔
Well, the other possible alternative is to take Auth out of Appwrite entirely and use your own OAuth system, which could manage which Projects users are able to sign into. But that sounds lie just as much - if not more - maintenance
How would that allow a user on one Project to access resources in another?
So the thing is, a user who pays can create a project, but the projects don't intersect, see it like 2 seperate mysql databases
When you say Project and User here, I'm assuming you're referring to the Appwrite concepts?
yes
When making changes to the SaaS things, I'd like to update all the databases, making them universal seems.. very handy
A User in Appwrite always exists within one Project. A single user can't have access to two Projects.
If I understand what you're saying here correctly, you'd have to be in one Project
Correct.. which is the hard part, I'd like a registered user who paid to be able to create "projects", each project being it's individual company so I guess you'd have to make a login in a login? 🤔
The only reasonable solution I can see here is moving Auth out of Appwrite and using an outside OAuth service
How would that work exactly?
All users would be created in the external system. There'd be a central Project to handle payment status of each user. The user would be able to sign into a management portal, I guess? Where they'd be signed into the central Project. In there, they can create a Project (which I supposed would call a Function).
The central Project would have a Permissions collection which would contain project IDs and whatever user identifier the OAuth system sends.
When the user enters a Project, they'd automatically be signed in via OAuth. If the user doesn't yet exist on that Project, a Function would be triggered which would check the Permissions in the central Project and assign the correct access to this new user.
How does that sound?
Why wouldn't appwrite be able to do this? Sounds almost identical to my idea 😃
How would you sign users in?
Through the normal appwrite sdk
