I setup Stripe subscriptions using this very helpful WeWeb video. However, I can’t seem to get the final step to work: Restrict pages access in WeWeb based on the current user’s subscription status.
The User Role Configuration in the Xano Auth plugin isn’t restricting user access when I login. When I first started working with this setting, there were two fields: ‘Role key’ and ‘User role property type’. A few hours later and now the first field has changed in the WeWeb editor to ‘User role property’.
I can’t find any documentation that references a ‘User role property’. Perhaps this was a WeWeb update that doesn’t matter. However, I still can’t get it to work.
The column in my /User table is called ‘subscription_plan’ (in the video his column was just ‘Plan’). This column is included in the result of my /auth/me endpoint (same name, same text format). I can validate this by looking at the ‘user’ variable after logging in. I’m using the Stripe webhooks to update this column of the /User table.
I have three subscription plans: Annual, Monthly, Early Access. Each has a role name in the Xano Auth configuration, as follows:
I have added the three roles to a Paid Users user group and restricted access to paid pages using this Paid Users user group.
However, users with ‘subscription_plan’ not equal to any of the three paid user groups can access the pages that should only be available to the Paid User group.
Any help would be appreciated as I must be missing something. Thanks!
Hi! I think your issue is you want the user to match at least one of the roles from the Paid Users roles. But to match an user group the user has to have all the roles linked to the User Group.
So here you need to create three distinct User Groups, and add all of them inside your private page config. The user will only have to match at least one user group to enter the page.
TLDR=> Roles in user group are resolved with an AND condition, User Group in page are resolved with an OR condition. It allow you maximum flexibility, but the downside is you have to create one User Group for each role here.
Thanks for your reply Alexis. This is helpful and I have tried setting up the Roles and User Groups exactly as you have suggested.
However, I continue to have the problem that all Users can see all pages without restriction, regardless of their role. It’s as if the plugin isn’t using the role key to check the Subscripton Plan column for each user in the User table.
For example, if I change the Subscription Plan for a user to a role that isn’t even one of the Roles setup in the plugin, that user, once authenticated, can still access the private pages where access has been limited to only Authenticated Users and users belonging to one of the User Groups.
I presume that the Private Access setup for each page is Authenticated users AND the User Groups selected…not Authenticated users OR the User Groups selected (i.e. because the only options are Authenticated users or Everybody). Is this correct?
I think I figured out what the problem may be - the permissions and roles feature for the Xano Auth plugin isn’t available unless I’m on a Scale plan. Is that true?
I suppose the alternative is to create workflows on page load to restrict access.
Yes, because it would make no sense to have an OR there, if you’re not authenticated how can we know about the user groups ?
Ah yes you’re right, and yes you can do it yourself through workflow on app/page load, now that the authentication process is happening on the front side it make no difference to do it through our roles based system and through a custom workflow. I’m pretty sure our pricing will evolve so this can benefit to more people as a quality of life feature.
