Situation:
I want to make a versitile application that covers both client’s and admin’s needs. This means that admins should have full freedom with user management, within the website. Using the plasmic editor is in this case ONLY for the developer/web designer.
Idea of solution:
Since the plasmic user system cannot be edited dynamically, I would use supabase’s authentication. Supabase alows to query for user data, alowing me to make an app with a custom user management dashboard for admin accounts.
Problem:
If I simply use the supabase API to do authentication, then authentication is fully separated from the plasmic role base acces control, leading to security problems. I can for example not restrict specific page acces or integration actions to specific roles anymore. Normally you would write code for page redirects, making use of the supabase session in the code. But this means that you need to write code for a redirect each time you make a new page. I work with a small group with no coding knowledge, so without me it would be unmaintainable to do this via code.
Question:
So is it possible to fully integrate supabase users into the plasmic RBAC so that I can still have the full functionality of role based acces through the visual plasmic editor? And how do I do this (in Next.js)?
If not, is restricting query requests by just using supabase RLS secure enough to then hide content by just hiding pages on the front-end with condintional containers? Also how does RLS work when integrated in plasmic: I get the idea that plasmic always gets full query permissions despite RLS.