Athena
Home
Environments
Environments
  • Development Server
  • Production
Home
Environments
Environments
  • Development Server
  • Production
  1. Permissions
  • Getting Started
    • Start Guide
  • Installation & Setup
    • Windows
  • Architecture
  • Guide
    • Bundles
      • Backend
    • Permissions
      • Frontend
    • Developers
      • Commit Lint
      • RESTful API
    • Workflows
      • Workflow Variables
  • API Reference
    • Authentication
      • Sign In
      • Logout
    • User
      • Get Authenticated User using Multiplai App Access Token
      • Get Authenticated User using Basic Token
    • Workspace
      • Get Workspaces Metrics
      • Get Workspaces
      • Update a Workspace
      • Retrieve a workspace
      • Delete a Workspace
    • Provider
      • Get Providers
      • Retrieve a Provider
      • Update a Provider
      • Create a Provider
      • Delete a Provider
    • Account
      • Get Accounts
      • Update an Account
      • Create an Account
      • Delete an Account
      • Retrieve an Account
    • Agent
      • Get Agents
      • Update an Agent
      • Create an Agent
      • Delete an Agent
      • Retrieve an Agent
      • Run an Agent
      • Train an Agent
      • Generate an Agent
      • Share Agent
      • Get Agent Leaderboard
    • Workflow
      • Get Workflows
      • Create a Workflow
      • Retrieve a Workflow
      • Update a Workflow
      • Delete a Workflow
      • Trigger a webhook
      • Share Workflow
      • Generate Workflow
    • Workflow Execution
      • Get Workflow Executions
      • Get Workflow Execution Counts
      • Retrieve a Workflow Execution
      • Delete a Workflow Execution
    • Prompt
      • Get Prompts
      • Create a Prompt
      • Retrieve a Prompt
      • Update a Prompt
      • Delete a Prompt
      • Run a prompt
    • Memory
      • Get Memories
      • Retrieve a Memory
      • Update a Memory
      • Delete a Memory
    • Thread
      • Get Threads
      • Retrieve a Thread
      • Update a Thread
      • Delete a Thread
      • Create a Thread
      • Run a Thread
      • Generate Thread Name
    • Message
      • Get Messages
      • Retrieve a Message
      • Update a Message
      • Delete a Message
      • Create a Message
    • Large Language Model
      • Get Large Language Models
      • Retrieve a Large Language Model
    • Command Room Task
      • Store Command Room Task
      • Remove Command Room Task
    • Metrics
      • Get Agents Metrics
      • Get Workflows Metrics
      • Get Threads Metrics
      • Get Messages Metrics
      • Get Workflow Executions Metrics
  • Schemas
    • Resources
      • User
      • Workspace
      • Provider
      • Account
      • Agent
      • Workflow
      • Share
      • WorkflowExecution
      • WorkflowExecutionData
      • Prompt
      • Memory
      • Thread
      • Attachment
      • Media
      • Tool
      • Message
      • LargeLanguageModel
      • AgentLeaderboard
    • Utils
      • Pagination
        • PaginationMeta
        • PaginationLinks
      • Provider
        • AuthenticationConfig
      • Profile
        • ProfilePhotoConfig
      • Workflow
        • WorkflowExecutionDataWorkflowData
        • Node
        • Edge
  1. Permissions

Frontend

Permissions Module (Spatie)#

Overview#

Centralizes user permissions in a global Pinia store.
Auto-loads permissions when a user is authenticated.
Provides helpers for component-level checks.
Optional route-level enforcement via page meta and middleware.

Files#

Store: store/global/permission.ts
Global loader middleware: middleware/permissions.global.ts
Page guard middleware: middleware/require-permissions.ts

Backend Contract#

Endpoint: VITE_PERMISSIONS_ENDPOINT or /api/v1/permissions by default.
Response: either
{ data: string[] } or
{ permissions: string[] }
Each item is a Spatie permission name (e.g., manage users, edit workflows).

Store API#

// store/global/permission.ts
const permissionStore = usePermissionStore()

// State
permissionStore.permissions       // string[]
permissionStore.isLoaded          // boolean
permissionStore.isLoading         // boolean
permissionStore.lastFetchedAt     // Date | null

// Actions
await permissionStore.boot()      // idempotent boot; fetches if user is authenticated
await permissionStore.fetchPermissions()
permissionStore.clear()           // clears permissions (e.g., on logout)

// Helpers
permissionStore.hasPermission('edit workflows')
permissionStore.hasAny(['admin', 'owner'])
permissionStore.hasAll(['manage users', 'view users'])
Notes:
The store watches useSanctumUser(): it clears on logout, and lazy-boots on login.

Global Loading#

middleware/permissions.global.ts runs on each navigation:
If the user is authenticated, it calls permissionStore.boot() once per session.
This ensures components can rely on permissions being available.

Page-Level Enforcement (Optional)#

Use middleware/require-permissions.ts and page meta to guard routes.
Example:
// Inside a page .vue <script setup>
definePageMeta({
  layout: 'dashboard',
  middleware: ['sanctum:auth', 'require-permissions'],
  permissions: {
    // Pass if user has any of these
    any: ['view dashboard', 'admin'],

    // Or require all of these instead
    // all: ['manage users', 'view users'],

    // Optional redirect target when unauthorized (route name or absolute path)
    redirectTo: 'chat-index',
  },
})
Behavior:
If permissions meta is absent: no route-level checks are performed (page loads normally).
If present: permissions are loaded (if needed), evaluated, and the user is redirected when unauthorized.

Component-Level Checks#

// In any component
const permissionStore = usePermissionStore()
const canEdit = computed(() => permissionStore.hasPermission('edit workflows'))
You can gate actions, buttons, or UI sections using hasPermission, hasAny, or hasAll.

Configuration#

Override endpoint via .env:

Troubleshooting#

"Cannot find name 'usePermissionStore'": ensure you imported it, e.g. import { usePermissionStore } from '~/store/global/permission'.
Permissions not loading: verify the user is authenticated and the backend endpoint returns the expected payload.
Route not guarding access: ensure the page includes both 'require-permissions' in middleware and a permissions meta config.
Modified at 2025-09-02 01:17:20
Previous
Backend
Next
Commit Lint
Built with