How to add roles such as Super Admin, Admin, Manager & User
There are two ways to create user defined roles for your app:
- Method 1: The easy way
- Method 2: Using table relations
In this article we will cover Method 1.
The first, and easiest method, is to add a “Role” column to your users table. This column should be of type “single line text”. You can then store the user’s roles as text next to each of the user names inside the users table. For example, your users table could look like the following. Notice the column “Role” that has been added. In this case, the user roles are either Super Admin, Admin, Manager or Client.
Now, let’s suppose that we have another table that stores deals, like the one below.
If we want to enable only Managers to be able to see these deals, we can set up an endpoint that will fetch the data if and only if the user role is set equal to Manager.
To do this, head over to the endpoints tab & create an endpoint with the following configuration. Notice, we require that the endpoint is authenticated by setting the Authentication Profile.
Next, create a corresponding Action called “Get Deals Data” and link this to your Get Deals Endpoint.
You can then click
and create a new text variable that will store the role "Admin", as shown below.
to finish creating the variable.
Next, add the return event (under flow control) to the action, and configure this to “Return if currentUser.Role is not equal to admin” as shown below. Notice that the currentUser is a global variable in our example. This variable is included by default with the Authentication template app.
Next add a Status Code variable to say what code should be returned if the user is unauthorised to access the data in the deals table. For example, below we set this equal to 401.
You can also add an unauthorized response as a text variable. In the expression you can say what value you would like to display to your users here. For example, “Not an admin!”.
Your actions variables should look like the below.
Next, add these variables to your event as shown below.
After this, save your return event down by clicking
at the bottom of the event.
The final step is to create a collection variable that will get a list of deals out of your database. You can do this by adding a new variable to your action called Deals, of type variable, as shown below.
to finish creating this variable and add it as a response variable to your action, as shown below.
Now, if you run this action with a logged in user who has a role "Admin" assigned to the user, this will return the list of Deals. If however a user does not have "Admin" assigned to the user, this will return the Error code, as shown below.