Hi there,
From Xano after I user logs in I fetch all the permissions a user has. For example:
- orders.read
- orders.create
- orders.update
- invoice.read
Permissions are alle handeled correctly in the back-end. With this data exposed to the fron-end I can show/hide or enable/disable elements conditionally. For example. The “generate invoice” button is not visible for the user with permission stated above.
I now was wondering if it should be better to make these permissions part of the xano auth “extras”. Just for the sake not to directly expose the permission set to the front-end.
But then I need a way to extract the persmissionset from the extras and check if the permission set contains the permission at hand. For example invoices.create. Is there already a way to do this, or do I need to use a formula like described here?
I could use that formula and put the permission into a variable, but then I wonder if it is just as exposed compared to expose it directly to the front-end using the auth/me endpoint in Xano?
Any thoughts on this?