epic-permissions_skill

This skill helps you implement and validate RBAC permissions in Epic Stack with explicit checks and owner versus any access.

3

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill rubenpenap/epic-stack-agent-skills --skill epic-permissions

  • SKILL.md12.5 KB

Overview

This skill documents a clear, explicit RBAC (role-based access control) system for Epic Stack. It describes permission string conventions, Prisma models, server- and client-side helpers, and practical patterns for enforcing granular access (own vs any). Use it to make permission checks visible, type-safe, and consistent across your app.

How this skill works

Permissions use the format action:entity:access (for example, delete:note:own). Users get permissions via roles, and a user’s effective permissions are the union of their roles. The skill shows Prisma models for Permission, Role, and User, server helpers like requireUserWithPermission/requireUserWithRole, and client helpers like userHasPermission and userHasRole. It emphasizes explicit checks and type-safe PermissionString usage.

When to use it

  • Implementing role-based access control for routes and actions
  • Validating permissions on the server before performing sensitive operations
  • Showing or hiding UI based on client-side permission checks
  • Creating or seeding new permissions and assigning them to roles
  • Implementing fine-grained access (own vs any) for resources

Best practices

  • Always perform explicit permission checks at the call site using helpers (avoid implicit logic)
  • Validate permissions on the server in loaders/actions; never rely solely on client checks
  • Determine ownership explicitly (isOwner) and choose own vs any permission strings accordingly
  • Keep permissions unique using a unique constraint on (action, entity, access) in the schema
  • Use typed PermissionString and parsing helpers for type-safety and clarity

Example use cases

  • Protecting an action that deletes a note by requiring delete:note:own or delete:note:any depending on ownership
  • Rendering Edit/Delete buttons only when userHasPermission returns true for the current user
  • Restricting an admin-only route using requireUserWithRole(request, 'admin') in a loader
  • Seeding permissions and roles with Prisma to bootstrap user and admin capabilities
  • Adding a new entity (post) with create/read permissions and assigning them to roles

FAQ

Explicitly determine ownership (compare resource.ownerId to userId) then require the corresponding permission string (own for owner actions, any for global actions).

Where should I validate permissions?

Always validate on the server in loaders and actions with requireUserWithPermission/requireUserWithRole. Use client checks only for conditional UI.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational