Skip to content

AuthZ for Payment Tiers #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 28 commits into from
Apr 24, 2025
Merged

AuthZ for Payment Tiers #43

merged 28 commits into from
Apr 24, 2025

Conversation

hobbescodes
Copy link
Contributor

@hobbescodes hobbescodes commented Apr 15, 2025
edited
Loading

Description

Task link: https://linear.app/omnidev/issue/OMNI-192/implement-authz-based-on-payment-tier

Added tier to the graphql context through the currentUser object. Updated the RBAC plugins for organizations and projects to include restrictions based on the current user's subscription.

Important

Test with this App repo PR.

Test Steps

  1. Validate that a user without a subscription can not perform any mutations for organizations or projects
  2. Validate that a user with a basic tier subscription can only create up to 1 organization and up to 3 projects
  3. Validate that a user with a team tier subscription or higher has no payment tier restrictions
  4. Verify / validate that tier column is not available for user mutations through the API

@hobbescodes hobbescodes marked this pull request as ready for review April 16, 2025 18:31
@hobbescodes hobbescodes requested a review from coopbri April 22, 2025 19:58
coopbri
coopbri reviewed Apr 23, 2025
View reviewed changes
Twonarly1
Twonarly1 reviewed Apr 24, 2025
View reviewed changes
src/server.ts
await db.update(users).set({ tier }).where(eq(users.hidraId, hidraId));

console.log(
`${tier.toUpperCase()} Subscription Tier set for User: ${hidraId}`,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bunch of console logs in this file that may leak Id's. If this isn't a problem, disregard.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, this is all on the server, so doesn't leak to the public. But ofc can always remove logging! hidraId I feel like is fine to display in logs here. Going to move forward and get this merged as is, but will tag @coopbri here for visibility to get his thoughts as well! Happy to push a hotfix later if we want to remove the logs

@hobbescodes hobbescodes merged commit 7334dff into master Apr 24, 2025
@hobbescodes hobbescodes deleted the feature/payment-tier-authz branch April 24, 2025 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coopbri coopbri coopbri approved these changes

@Twonarly1 Twonarly1 Twonarly1 approved these changes

+1 more reviewer

@benjamin-parks benjamin-parks benjamin-parks approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hobbescodes @coopbri @benjamin-parks @Twonarly1