Jeff's Permissions
Use authorization checks consistently across routes and actions.
Apply when
- •Adding create/update/delete/view actions.
- •Showing/hiding route-level primary actions and menus.
- •Building protected UI sections.
Rules
- •Use
useCan(action, subject)from@/lib/permissions. - •Gate both prominent and secondary actions.
- •Match subject names to backend module names.
- •Avoid exposing action affordances that user cannot execute.
Common actions:
- •
create - •
read(viewalias where applicable) - •
update - •
delete
Validation checklist
- • Unauthorized users do not see blocked actions.
- • Permission checks are applied before rendering destructive actions.
- • Subject/action pairs are consistent with backend permissions.