Best way to restrict features for a Saas based on account type?

StevenM · March 15, 2021, 6:06am

Hi

I am working on a saas app and it has three account types - for the purposes of this question lets say bronze, silver and gold.

Each account type has a restriction of features, for example;

Bronze 10 users = id as 1
Silver 50 users = id as 2
Gold unlimited users = id as 3

They sit in a Table called “Account_type” and next to each one I have features on or off or as in the above case the number of “Users” allowed etc.

I also have an “Account” table and the account table has the details of the account along with an account number and the id of the corresponding with Bronze, Silver , Gold.

The question: is there an efficient way of restricting my app features in Wappler without having to add in to each server connect a check to see if they have access to the feature before performing an action.

As yo can imagine if you hard code this in it becomes a bit onerous and would be a bit of a nightmare to manage.

What method are others using?

Is there a better method other than the one detailed above?

Any suggestions or what worked for you and what didn’t would be great!

Thank you.

sitestreet · March 14, 2021, 10:39pm

I assume you’re using Security Provider? You should set up the access levels there. Then, every time you add Security Restrict to an API script, you can select the access level there. It’s a simple dropdown so just a couple of clicks to secure each script accordingly.

StevenM · March 14, 2021, 11:11pm

Thanks @sitestreet!

So I understand this correctly.

I currently have Security provider set up with user roles on the User table. So I would just add in the account_type on the user table, for example:

User Table

Name: Steven
Account: 1
Account_type: Gold (ref Account_type table)

Then on security restrict just add condition “Account_type = Gold”

So then when I say have a server connect process I want to restrict based on Account_type how do I bind the restricted feature to the condition?

Hope that makes sense. I know how I can say restrict a page in Security restrict not a problem but not sure how to bind the above to the action on the server connect, or am I overthinking this?

sitestreet · March 15, 2021, 8:26am

You need to set the access levels in your security provider:

Then select the level in security restrict in every API script: