This kit is no longer maintained.

Subscription Permissions

Learn how to gate access to certain features or pagess based on the organization's subscription

Makerkit provides some utilities to retrieve the current organization's subscription: you can use these utilities to allow or gate access to specific features, pages, or to perform certain actions.

  1. On the client side, we can use the hook useIsSubscriptionActive
  2. On the server-side, we can use the functions isOrganizationSubscriptionActive and getOrganizationSubscription

Client Side Gating

Let's assume we want to allow only users who belong to paying organizations to perform a certain action:

src/lib/organizations/permissions.ts
function isAdmin(
role: MembershipRole
) {
return role === MembershipRole.Admin;
}

Now, combine this function with other conditions:

src/lib/organizations/permissions.ts
export function useCreateNewThing(
userRole: MembershipRole,
) {
const isPayingUser = useIsSubscriptionActive();
return isPayingUser && isAdmin(userRole);
}

As you may know, I recommend adding all the permissions logic to the file permissions.ts (or similar files), and never inline it: this makes it easy to store logic in one single place rather than scattered across the application.

Inlining logic in our code will make it hard to track logic down and debugging it.

Once defined out logic functions in permissions.ts, we can then use these in our components to hide the sections that users do not have access to:

function Feature() {
const userRole = useCurrentUserRole();
const canCreateThing = useCreateNewThing(userRole);
if (!canCreateThing) {
return <div>Sorry, you do not have access to this feature. Subscribe?</div>
}
return <FeatureContainer />;
}

Firestore Rules

Another essential thing to take into account is securing our Firestore rules using the organization's subscription.

For example, let's assume your application requires organizations to be paying customers to write to a certain collection:

function getOrganizationSubscription() {
let organization = getOrganization(organizationId);
return organization.subscription;
}
function isPayingOrganization(subscription) {
return subscription != null && (subscription.status == 'paid' || subscription.status == 'trialing');
}
function isProPlan(subscription) {
let organization = getOrganization(organizationId);
return subscription.stripePriceId == 'pro-plan-id';
}
function canWriteToCollection(organizationId) {
let subscription = getOrganizationSubscription();
return isPayingOrganization(subscription) && isProPlan(subscription);
}
match /organizations/{organizationId} {
match /tasks/{task} {
allow create: canWriteToCollection(organizationId);
allow list: if userIsMemberByOrganizationId(organizationId);
}
}

Server Side Gating

When gating access on the server side, we can use two utilities that allow us to get the organization's subscription by its ID.

Using Firestore utilities

When you need to check the user's subscription in your API functions, you can use the functions isOrganizationSubscriptionActive and getOrganizationSubscription exported from src/lib/server/organizations/memberships.ts.

For example, let's assume we have an API handler that performs an action:

export default async function action({ request }) {
const organization = await parseOrganizationCookie(request);
const isSubscriptionActive =
await isOrganizationSubscriptionActive(organization);
if (!isSubscriptionActive) {
return throwForbiddenError();
}
// all good! perform action
}