ThemesPluginsDocs
Docs Home Introduction Core Concepts
Get Started
Essentials
Advanced
API
Examples
Integrations

Users and Roles

One of the defining features of a quality app is your user and authentication system. Factor includes a powerful yet simple implementation that can handle almost anything you might need.

Setting Up

Setting up authentication only requires two things: a database and a password (token) for encoding and decoding authentication data. You'll also want SMTP working for email verification.

In your .env make sure you've set up the following:

FACTOR_DB_CONNECTION=mongodb+srv://...
FACTOR_AUTH_SECRET=random-secret-password
[email protected]
SMTP_PASSWORD=--PASSWORD--
SMTP_HOST=smtp.email-provider.org

Initial Admins Users

Factor has a simple user role system that is designed to serve most privilege based scenarios. To get this system started you first need to create some "admin" users that can then promote other users from the dashboard.

To add these initial admin users, you can add a list of emails in your package.json under admins:

{
  // package.json stuff
  "factor": {
    // factor stuff
    "admins": ["[email protected]", "[email protected]"]
  }
}

or if you like in your .env file under FACTOR_ADMINS.

# .env
FACTOR_ADMINS="[email protected],[email protected]"

Now once a user with that email is logged in and verified, they will have access to admin features in the Factor dashboard.

Logging In and Signing Up

If you'd like to trigger signup/login and logout from within you're app, Factor provides you two useful functions:

import { showSignIn, logout } from "@factor/api"

// Shows signin UI (default or from plugin)
showSignIn()

// Logs the user out (if signed in)
logout()

Email Verification

Email verification is important because you need to make sure a user owns the email they sign up with.

When a user signs up, Factor sends them a verification email with a link to click to verify their account. For this to work, you'll need to have SMTP email setup (or verification emails won't be sent).

User Roles

Inside Factor there is a concept of user roles assigned to users. Each role is assigned an access level (0 - 500) and given privileges related to the scope of that role:

  • Admin (500) - All privileges
  • Moderator (300) - Ability to manage and edit posts, users
  • Editor (200) - Can write and edit their own posts and others
  • Creator (100) - Can write and edit their own posts
  • Member (1) - Logged in, can manage own account settings
  • Anonymous (0)

Promoting Users to Roles

If you are an admin user, then you will have the right to "promote" other users in the CMS directly from the dashboard. You can find this functionality under dashboard > users > select action.

Promoting Users

Advanced Authentication and Privileges

To learn more about working with authentication and privileges check out the doc.

window.__INITIAL_STATE__={"docs-users-and-roles":{"title":"Users & Roles","doc":"users-and-roles","parents":[{"title":"Essentials","description":"Essential development tools and techniques","boxIcon":"touch","path":"\u002Fdocs\u002Fupgrading"}],"markdown":"---\ntitle: Users and Roles\ndescription: Working with users, user roles and basic authentication\n---\n\n# Users and Roles\n\nOne of the defining features of a quality app is your user and authentication system. Factor includes a powerful yet simple implementation that can handle almost anything you might need.\n\n## Setting Up\n\nSetting up authentication only requires two things: a database and a password (token) for encoding and decoding authentication data. You'll also want SMTP working for email verification.\n\nIn your `.env` make sure you've set up the following:\n\n```bash\nFACTOR_DB_CONNECTION=mongodb+srv:\u002F\u002F...\nFACTOR_AUTH_SECRET=random-secret-password\nSMTP_USERNAME=postmaster@email.example.com\nSMTP_PASSWORD=--PASSWORD--\nSMTP_HOST=smtp.email-provider.org\n```\n\n## Initial Admins Users\n\nFactor has a simple user role system that is designed to serve most privilege based scenarios. To get this system started you first need to create some \"admin\" users that can then promote other users from the dashboard.\n\nTo add these initial admin users, you can add a list of emails in your `package.json` under `admins`:\n\n```json\n{\n \u002F\u002F package.json stuff\n \"factor\": {\n \u002F\u002F factor stuff\n \"admins\": [\"youremail@example.com\", \"anotheremail@example.com\"]\n }\n}\n```\n\nor if you like in your `.env` file under `FACTOR_ADMINS`.\n\n```bash\n# .env\nFACTOR_ADMINS=\"youremail@example.com,anotheremail@example.com\"\n```\n\nNow once a user with that email is logged in and verified, they will have access to admin features in the Factor dashboard.\n\n## Logging In and Signing Up\n\nIf you'd like to trigger signup\u002Flogin and logout from within you're app, Factor provides you two useful functions:\n\n```js\nimport { showSignIn, logout } from \"@factor\u002Fapi\"\n\n\u002F\u002F Shows signin UI (default or from plugin)\nshowSignIn()\n\n\u002F\u002F Logs the user out (if signed in)\nlogout()\n```\n\n## Email Verification\n\nEmail verification is important because you need to make sure a user owns the email they sign up with.\n\nWhen a user signs up, Factor sends them a verification email with a link to click to verify their account. For this to work, you'll need to have SMTP email setup (or verification emails won't be sent).\n\n## User Roles\n\nInside Factor there is a concept of user roles assigned to users. Each role is assigned an access level (0 - 500) and given privileges related to the scope of that role:\n\n- **Admin (500)** - All privileges\n- **Moderator (300)** - Ability to manage and edit posts, users\n- **Editor (200)** - Can write and edit their own posts and others\n- **Creator (100)** - Can write and edit their own posts\n- **Member (1)** - Logged in, can manage own account settings\n- **Anonymous (0)**\n\n### Promoting Users to Roles\n\nIf you are an admin user, then you will have the right to \"promote\" other users in the CMS directly from the dashboard. You can find this functionality under `dashboard \u003E users \u003E select action`.\n\n![Promoting Users](\u002Fpromote-users-bef39064.jpg)\n\n## Advanced Authentication and Privileges\n\nTo learn more about working with authentication and privileges [check out the doc](.\u002Fauthentication).\n","meta":{"title":"Users and Roles","description":"Working with users, user roles and basic authentication"},"content":"\u003Ch1 id=\"users-and-roles\"\u003EUsers and Roles\u003C\u002Fh1\u003E\n\u003Cp\u003EOne of the defining features of a quality app is your user and authentication system. Factor includes a powerful yet simple implementation that can handle almost anything you might need.\u003C\u002Fp\u003E\n\u003Ch2 id=\"setting-up\"\u003ESetting Up\u003C\u002Fh2\u003E\n\u003Cp\u003ESetting up authentication only requires two things: a database and a password (token) for encoding and decoding authentication data. You'll also want SMTP working for email verification.\u003C\u002Fp\u003E\n\u003Cp\u003EIn your \u003Ccode\u003E.env\u003C\u002Fcode\u003E make sure you've set up the following:\u003C\u002Fp\u003E\n\u003Cpre\u003E\u003Ccode class=\"language-bash\"\u003EFACTOR_DB_CONNECTION=mongodb+srv:\u002F\u002F...\nFACTOR_AUTH_SECRET=random-secret-password\nSMTP_USERNAME=postmaster@email.example.com\nSMTP_PASSWORD=--PASSWORD--\nSMTP_HOST=smtp.email-provider.org\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\n\u003Ch2 id=\"initial-admins-users\"\u003EInitial Admins Users\u003C\u002Fh2\u003E\n\u003Cp\u003EFactor has a simple user role system that is designed to serve most privilege based scenarios. To get this system started you first need to create some "admin" users that can then promote other users from the dashboard.\u003C\u002Fp\u003E\n\u003Cp\u003ETo add these initial admin users, you can add a list of emails in your \u003Ccode\u003Epackage.json\u003C\u002Fcode\u003E under \u003Ccode\u003Eadmins\u003C\u002Fcode\u003E:\u003C\u002Fp\u003E\n\u003Cpre\u003E\u003Ccode class=\"language-json\"\u003E{\n \u002F\u002F package.json stuff\n "factor": {\n \u002F\u002F factor stuff\n "admins": ["youremail@example.com", "anotheremail@example.com"]\n }\n}\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\n\u003Cp\u003Eor if you like in your \u003Ccode\u003E.env\u003C\u002Fcode\u003E file under \u003Ccode\u003EFACTOR_ADMINS\u003C\u002Fcode\u003E.\u003C\u002Fp\u003E\n\u003Cpre\u003E\u003Ccode class=\"language-bash\"\u003E# .env\nFACTOR_ADMINS="youremail@example.com,anotheremail@example.com"\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\n\u003Cp\u003ENow once a user with that email is logged in and verified, they will have access to admin features in the Factor dashboard.\u003C\u002Fp\u003E\n\u003Ch2 id=\"logging-in-and-signing-up\"\u003ELogging In and Signing Up\u003C\u002Fh2\u003E\n\u003Cp\u003EIf you'd like to trigger signup\u002Flogin and logout from within you're app, Factor provides you two useful functions:\u003C\u002Fp\u003E\n\u003Cpre\u003E\u003Ccode class=\"language-js\"\u003Eimport { showSignIn, logout } from "@factor\u002Fapi"\n\n\u002F\u002F Shows signin UI (default or from plugin)\nshowSignIn()\n\n\u002F\u002F Logs the user out (if signed in)\nlogout()\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\n\u003Ch2 id=\"email-verification\"\u003EEmail Verification\u003C\u002Fh2\u003E\n\u003Cp\u003EEmail verification is important because you need to make sure a user owns the email they sign up with.\u003C\u002Fp\u003E\n\u003Cp\u003EWhen a user signs up, Factor sends them a verification email with a link to click to verify their account. For this to work, you'll need to have SMTP email setup (or verification emails won't be sent).\u003C\u002Fp\u003E\n\u003Ch2 id=\"user-roles\"\u003EUser Roles\u003C\u002Fh2\u003E\n\u003Cp\u003EInside Factor there is a concept of user roles assigned to users. Each role is assigned an access level (0 - 500) and given privileges related to the scope of that role:\u003C\u002Fp\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Cstrong\u003EAdmin (500)\u003C\u002Fstrong\u003E - All privileges\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Cstrong\u003EModerator (300)\u003C\u002Fstrong\u003E - Ability to manage and edit posts, users\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Cstrong\u003EEditor (200)\u003C\u002Fstrong\u003E - Can write and edit their own posts and others\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Cstrong\u003ECreator (100)\u003C\u002Fstrong\u003E - Can write and edit their own posts\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Cstrong\u003EMember (1)\u003C\u002Fstrong\u003E - Logged in, can manage own account settings\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Cstrong\u003EAnonymous (0)\u003C\u002Fstrong\u003E\u003C\u002Fli\u003E\n\u003C\u002Ful\u003E\n\u003Ch3 id=\"promoting-users-to-roles\"\u003EPromoting Users to Roles\u003C\u002Fh3\u003E\n\u003Cp\u003EIf you are an admin user, then you will have the right to "promote" other users in the CMS directly from the dashboard. You can find this functionality under \u003Ccode\u003Edashboard > users > select action\u003C\u002Fcode\u003E.\u003C\u002Fp\u003E\n\u003Cfigure data-type=\"image\"\u003E\u003Ca href=\"\u002Fpromote-users-bef39064.jpg\"\u003E\u003Cimg src=\"\u002Fpromote-users-bef39064.jpg\" alt=\"\"\u003E\u003C\u002Fa\u003E\u003Cfigcaption\u003EPromoting Users\u003C\u002Ffigcaption\u003E\u003C\u002Ffigure\u003E\n\u003Ch2 id=\"advanced-authentication-and-privileges\"\u003EAdvanced Authentication and Privileges\u003C\u002Fh2\u003E\n\u003Cp\u003ETo learn more about working with authentication and privileges \u003Ca href=\".\u002Fauthentication\"\u003Echeck out the doc\u003C\u002Fa\u003E.\u003C\u002Fp\u003E\n"}};(function(){var s;(s=document.currentScript||document.scripts[document.scripts.length-1]).parentNode.removeChild(s);}());