App router authorization
Answered
Transvaal lion posted this in #help-forum
Transvaal lionOP
I'm using clerk for auth purposes and the provided authentication middleware to ensure all the routes require to be logged in.
Now my question is on where to implement authorization.
So I have different permissions setup in Clerk like: org:foo:read, org:foo:write, org:bar:read, org:bar:write and the routes /foo and /bar.
Authenticating in server actions is simple as I can just check the permissions directly in the actions.
However, what's the ideal authz setup for regular pages?
One way I'm not sure about is to do it in layouts:
So I just check for the org:inbox:read permission in /app/foo/layout.tsx.
What I am not sure about is whether this is secure as I dont know whether (and when) the layout rerenders.
So is it safe to do it in layouts?
Now my question is on where to implement authorization.
So I have different permissions setup in Clerk like: org:foo:read, org:foo:write, org:bar:read, org:bar:write and the routes /foo and /bar.
Authenticating in server actions is simple as I can just check the permissions directly in the actions.
However, what's the ideal authz setup for regular pages?
One way I'm not sure about is to do it in layouts:
So I just check for the org:inbox:read permission in /app/foo/layout.tsx.
What I am not sure about is whether this is secure as I dont know whether (and when) the layout rerenders.
So is it safe to do it in layouts?
Answered by James4u
@Transvaal lion as long as it's a server component, you can do that in your layout.tsx or page.tsx
5 Replies
@Transvaal lion as long as it's a server component, you can do that in your layout.tsx or page.tsx
Answer
as you check the permission in your server action, you can check it and redirect if it's not allowed
@James4u <@513000719238955018> as long as it's a server component, you can do that in your layout.tsx or page.tsx
Transvaal lionOP
but doing it in the layout will ensure that both /foo and also /foo/baz, etc. will be protected, right?
yeah
Transvaal lionOP
okay thank you