Gravity
  • Welcome to Gravity
  • Getting Started
  • Stack
  • Updates
  • Rules For AI
  • Troubleshooting
  • Gravity Server
    • Introduction
    • Installation
      • Install Node.js
      • Database Setup
      • Stripe Setup
      • Mailgun Setup
      • Install Gravity
    • Application Structure
    • REST API
      • API Scopes
      • Webhooks
    • Authentication
      • Email Verification
      • Social Sign On
      • Two-Factor Authentication
    • Authorization
      • Feature Access and Plan Restrictions
      • Permissions (Roles)
    • Config
    • Environment Variables
    • Database Queries
    • Handling Errors
    • Logging
    • Localization
    • Push Notifications
    • Email Notifications
    • User Feedback
    • User Onboarding
    • File Uploads
    • Billing
      • Seat Billing
      • Usage Billing
    • Free Accounts
    • CLI Toolbelt
    • Testing
    • AI Tools
    • Background Jobs
    • Deployment
  • Gravity Web
    • Introduction
    • Tailwind & SCSS
    • Routing
    • Events
    • Authentication
    • Localization
    • Hooks
      • useAPI
      • usePlans
      • usePermissions
    • Components
      • Alert
      • Animate
      • Avatar
      • Badge
      • Breadcrumb
      • Button
      • Calendar
      • Card
      • Chart
      • Checklist
      • Credit Card
      • Detail
      • Dialog
      • Dropdown
      • Feedback
      • Form
      • Grid
      • Header
      • Helper
      • Icon
      • Image
      • Layout
      • Link
      • List
      • Loader
      • Logo
      • Nav
      • Onboarding
      • Pagination
      • Popover
      • Progress
      • Row
      • Search
      • Separator
      • Sheet
      • Social
      • Stat
      • Table
      • Tabs
      • Toast (Notification)
      • Tooltip
      • User
      • View
    • Views
    • Handling Errors
    • Deployment
  • Gravity Native
    • Introduction
    • Prerequisites
    • Installation
    • App Context
    • Authentication
    • Localisation
    • External Linking
    • Handling Errors
    • Navigation
    • Config
    • Events
    • Views
    • Components
      • Badge
      • Blankslate
      • Button
      • Card
      • Chart
      • Form
      • Global
      • Grid
      • Icon
      • List
      • Logo
      • Message
      • Modal
      • Nav
      • Notification
      • Progress Bar
      • Search
      • Separator
      • Social
      • Stat
      • View
    • Push Notifications
    • Payments
    • Building Your App
  • Mission Control
    • Introduction
    • Installation
    • User Management
    • Feedback
    • Events
    • Logs
  • Website Template
    • Introduction
    • Environment Variables
    • Styling
    • Components
      • Article
      • Feature List
      • Footer
      • Hero
      • Layout
      • Pricing
      • Meta Data
      • Nav
      • Testimonial
    • Build and Deploy
Powered by GitBook
On this page
  • Users without a plan
  • Restricting features by plan

Was this helpful?

  1. Gravity Server
  2. Authorization

Feature Access and Plan Restrictions

The most common authorisation scenario you will find yourself building is controlling access to features based on the account's billing plan.

Users without a plan

By default, users who have not signed up for a plan will only have access to authentication and account profile pages. This ensures that users without an active plan cannot access features beyond the basics. On the client side, users are restricted to just authentication and profile management until they choose a plan.

On the server side, actions such as inviting child users, accessing AI endpoints, or creating API keys should be disabled for users without an active plan. For example:

// check account has a plan
const accountData = await account.get({ id: req.account });
utility.assert(accountData.plan, res.__('account.plan_required'));

As you build custom endpoints for your own features, it’s important to include this check to ensure actions cannot be performed without an active plan via the API.

Restricting features by plan

When you want to limit feature access or impose usage limits based on the user's billing plan, it's recommended to define plan-specific flags or limits in your configuration within the Stripe plans object.

"plans": [
 {
  "id": "free",
  "name": "Free",
  "type": "free",
  "price": 0,
  "max_gb": 2,
  "store_files": true,
 }
]

In your controller methods, you can check whether the user’s current plan permits the requested action or feature. For example:

exports.fileController.save = async function(req, res){

 const accountData = await account.get({ id: accountID });
 const currentPlan = settings.plans.find(x => x.id === accountData.plan);
 utility.assert(currentPlan.store_files, res_('file.save.not_permitted_on_plan')

}

This ensures that the feature or action is only available to users on the appropriate plan.

PreviousAuthorizationNextPermissions (Roles)

Last updated 6 months ago

Was this helpful?