Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Authorization and rights

  • 0
  • Auth
  • Web
View on Discord
Patra0o
9 Apr, 2024, 18:34

Hi guys. I'm creating a job board web app. I have employers and job seekers.

I want employers to be able to create a company.

But how can I setup in a way that an employer can set managers that can also create jobs. So that if the manager that created the job is not around, others can manage the company.

I'm using Vue js for the frontend. Any guidance would be highly appreciated.

TL;DR
Developers discuss the impact on user experience of authorization and rights processes, analogizing it to scenarios on a bank website. They address verifying users, restricting access based on role, and the flow for recovering accounts. They mention issues with impersonation and seek a solution to ensure immediate verification before saving to the database. Appwrite documentation on permissions, particularly teams, could be helpful for this case.
Steven
9 Apr, 2024, 21:46

Maybe use teams. See https://appwrite.io/docs/advanced/platform/permissions

Patra0o
26 Apr, 2024, 17:17

Thanks a lot mate. Checked out the feature and it looks sweet! Supabase gave me headaches around this.

Another security feature I'd like to solve:

Say when registering an account, it must immediately be verified before it is saved to the db.

This prevents a legit user's email being locked out by an impersonator. Does Appwrite have something like that baked in?

Steven
26 Apr, 2024, 18:34

the flow for verifying users is to restrict access to resources based on the users/verified role.

legit user's email being locked out by an impersonator

A legit user can get into the account by doing password recovery

Steven
26 Apr, 2024, 18:34

the user needs to be inserted into the database so that things like the verification are associated with the user

Patra0o
26 Apr, 2024, 19:00

Won't this impact UX though. Imagine it's like a bank website. I hop on to create an account and I'm told nope, that email is already in use. Initially, I'll be shocked because my thought is "My identity has been stolen" instead of "Must be a tiny mix up, I'll recover my account".

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more