Deepika Agrawal
12/02/2022, 12:37 PMAndrew Haines (Cerbos)
12/02/2022, 1:54 PMpermissions
field to each resource in your backend's API response, and populate that from the CheckResources
results.
So your API response might look something like this:
{
"blog_post": {
"title": "What is Cerbos?",
"author": "Bruce Wiggleston",
"permissions": {
"edit": true,
"delete": false
}
}
The permissions can be as fine-grained as you like, depending on what actions you need to expose in your UI.
The more general problem of "what resources is a given user allowed to perform a given action on" is a bit harder. For that, we have the `PlanResources` API, which produces a query plan that allows you to e.g. add WHERE
clauses an SQL query. We have adapters for Prisma and SQLAlchemy that integrate the query plan with those ORMs, but if you're using something else then you'd need to handle the translation from query plan to database query yourself.