Skip to main content
import { useEffect, useState } from 'react';
import { useStytch } from '@stytch/react';

export const EditDocuments = () => {
  const stytch = useStytch();
  const [isAuthorized, setIsAuthorized] = useState(false);

  useEffect(() => {
    const fetchIsAuthorized = async () => {
      const authorized = await stytch.rbac.isAuthorized('documents', 'edit');
      setIsAuthorized(authorized);
    };
    fetchIsAuthorized();
  }, [stytch]);

  return (
    <button disabled={!isAuthorized}>
      Edit
    </button>
  );
};
rbac.isAuthorized is an asynchronous method that returns an authorization verdict on a resource-action pair (that is, whether the logged-in User is authorized to perform the specified action on the specified Resource). Given a resource and action, this method will return a promise that resolves to a boolean value, indicating if the User is authorized to perform the action on the resource. Returns true if the User can perform the action, false otherwise. If the User is not logged in, this method will always return false. If the resource or action provided are not valid for the configured RBAC policy, this method will return false.
As a best practice, authorization checks for sensitive actions should also occur on the backend.

Parameters

resourceId
string
required
The human-readable ID of the resource to check authorization for.
action
string
required
The action to take on the specified resource.

Response

authorized
Promise<boolean>
required
true if the User is authorized to perform the specified action on the specified resource, false otherwise.Will resolve to false if the RBAC policy has not been loaded or if the resource or action provided are not valid for the configured RBAC policy.