- Home
- Skills
- Rubenpenap
- Epic Stack Agent Skills
- Epic Permissions
epic-permissions_skill
3
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill rubenpenap/epic-stack-agent-skills --skill epic-permissions- SKILL.md12.5 KB
Overview
This skill documents a clear, explicit RBAC (role-based access control) system for Epic Stack. It describes permission string conventions, Prisma models, server- and client-side helpers, and practical patterns for enforcing granular access (own vs any). Use it to make permission checks visible, type-safe, and consistent across your app.
How this skill works
Permissions use the format action:entity:access (for example, delete:note:own). Users get permissions via roles, and a user’s effective permissions are the union of their roles. The skill shows Prisma models for Permission, Role, and User, server helpers like requireUserWithPermission/requireUserWithRole, and client helpers like userHasPermission and userHasRole. It emphasizes explicit checks and type-safe PermissionString usage.
When to use it
- Implementing role-based access control for routes and actions
- Validating permissions on the server before performing sensitive operations
- Showing or hiding UI based on client-side permission checks
- Creating or seeding new permissions and assigning them to roles
- Implementing fine-grained access (own vs any) for resources
Best practices
- Always perform explicit permission checks at the call site using helpers (avoid implicit logic)
- Validate permissions on the server in loaders/actions; never rely solely on client checks
- Determine ownership explicitly (isOwner) and choose own vs any permission strings accordingly
- Keep permissions unique using a unique constraint on (action, entity, access) in the schema
- Use typed PermissionString and parsing helpers for type-safety and clarity
Example use cases
- Protecting an action that deletes a note by requiring delete:note:own or delete:note:any depending on ownership
- Rendering Edit/Delete buttons only when userHasPermission returns true for the current user
- Restricting an admin-only route using requireUserWithRole(request, 'admin') in a loader
- Seeding permissions and roles with Prisma to bootstrap user and admin capabilities
- Adding a new entity (post) with create/read permissions and assigning them to roles
FAQ
Explicitly determine ownership (compare resource.ownerId to userId) then require the corresponding permission string (own for owner actions, any for global actions).
Where should I validate permissions?
Always validate on the server in loaders and actions with requireUserWithPermission/requireUserWithRole. Use client checks only for conditional UI.