Hi at my company is a ticketing company we have other apis and frontends we are thinking of using directus auth for access control.
Question:
Is it possible we can use the access control using the sdk or api calls to solely just to check a users permissions or we have to replicate some apis using directus to achieve this?
eg. we call and endpoint with the user token, resource, action and then get an object or boolean telling me if user is allowed
I can see from the api docs that we can use the permissions access sort of like feature flags for the frontend
I think you have a lot of options, but it just kinda depends on your existing setup and what you’re trying to achieve.
If you’re not accessing data through the Directus API, I’m not sure I’d call the Directus permissions endpoint before every single call to your existing Node backend - just because of the latency that might introduce for every request.
In that case, you want to log the user in via Directus and just use the token or session information that Directus provides.
But if you’re proxying calls to Directus through your existing backend though - it makes sense.
Your Options
You could use the existing permissions from the permissions/me endpoint if they line up for your authorization needs.
You can also use extend the system collections like directus_users to add new fields that you can use in other applications or on your frontend to restrict routes, do checks, etc.
A good example would be adding a flags field for users.
If you need more power or control, you can even create custom Directus endpoints via endpoint or hooks extensions.
