5Stack implements a hierarchical role-based access control (RBAC) system that determines what actions users can perform on the platform. The system ensures secure access to administrative features while maintaining flexibility for different organizational needs.
Role Hierarchy Roles are ordered hierarchically, where each role inherits permissions from roles below it:
const roleOrder = [ e_player_roles_enum . user , e_player_roles_enum . verified_user , e_player_roles_enum . streamer , e_player_roles_enum . match_organizer , e_player_roles_enum . tournament_organizer , e_player_roles_enum . administrator , ];
User Base role for all authenticated players. Can participate in matches and tournaments.
Verified User Authenticated players who have completed verification. May have access to additional features.
Streamer Content creators with special privileges for streaming matches and tournaments.
Match Organizer Can create, configure, and manage matches. Access to player sanctions and match administration.
Tournament Organizer Can create and manage tournaments. Full access to tournament settings and participant management.
Administrator Full platform access including system monitoring, database management, and global settings.
Permission Checks isRoleAbove Function The core permission check function determines if a user has sufficient privileges:
function isRoleAbove ( role : e_player_roles_enum ) { if ( ! me . value ) { return false ; } const meRoleIndex = roleOrder . indexOf ( me . value . role ); const roleIndex = roleOrder . indexOf ( role ); return meRoleIndex >= roleIndex ; }
Usage Example: // Check if user can manage matches if ( useAuthStore (). isRoleAbove ( e_player_roles_enum . match_organizer )) { // User has match_organizer role or higher // Allow access to match management features }
Role-Specific Computed Properties The auth store provides convenient computed properties for role checks:
const isUser = computed (() => me . value ?. role === e_player_roles_enum . user ); const isVerifiedUser = computed (() => me . value ?. role === e_player_roles_enum . verified_user ); const isStreamer = computed (() => me . value ?. role === e_player_roles_enum . streamer ); const isMatchOrganizer = computed (() => me . value ?. role === e_player_roles_enum . match_organizer ); const isTournamentOrganizer = computed (() => me . value ?. role === e_player_roles_enum . tournament_organizer ); const isAdmin = computed (() => me . value ?. role === e_player_roles_enum . administrator );
Role-Based Feature Access Match Organizer Permissions Match Management:
Create and configure matches
Manage match settings and servers
Access live match controls
Subscribe to managing matches
Player Moderation:
Apply player sanctions (ban, mute, gag, silence)
Manage abandoned match records
Edit sanction expiration dates
Remove sanctions
const canManageSanctions = computed (() => { return useAuthStore (). isRoleAbove ( e_player_roles_enum . match_organizer ); });
Tournament Organizer Permissions Tournament Management:
Create and configure tournaments
Manage tournament brackets and schedules
Control tournament registration
Oversee tournament matches
Subscribe to managing tournaments
if ( useAuthStore (). isRoleAbove ( e_player_roles_enum . tournament_organizer )) { useMatchLobbyStore (). subscribeToManagingTournaments (); }
Administrator Permissions System Administration:
Access system logs and metrics
Database management and monitoring
Platform-wide settings configuration
User role management
Game server node administration
Route Protection: // middleware/admin.ts if ( useAuthStore (). isRoleAbove ( e_player_roles_enum . administrator ) === false ) { return navigateTo ( '/' ); // Redirect non-admins }
Middleware Protection Admin Middleware Protects administrative routes from unauthorized access:
// middleware/admin.ts import { e_player_roles_enum } from "~/generated/zeus" ; export default defineNuxtRouteMiddleware (() => { if ( useAuthStore (). isRoleAbove ( e_player_roles_enum . administrator ) === false ) { return navigateTo ( '/' ); } } ) ;
Match Creation Middleware Controls who can create matches based on application settings:
// middleware/match-create.ts if ( useAuthStore (). isRoleAbove ( e_player_roles_enum . match_organizer ) === false ) { // Check application settings for minimum role const requiredRole = useApplicationSettingsStore (). createMatchesRole ; if ( ! useAuthStore (). isRoleAbove ( requiredRole )) { return navigateTo ( '/' ); // Insufficient permissions } }
Dynamic Role Requirements Application settings can define minimum roles for certain actions:
// Create Matches Role const createMatchesRole = computed (() => { return create_matches_role ?. value || e_player_roles_enum . user ; }); // Create Tournaments Role const createTournamentsRole = computed (() => { return create_tournaments_role ?. value || e_player_roles_enum . user ; });
This allows administrators to adjust platform permissions without code changes.
Real-Time Role Synchronization User roles are kept in sync via GraphQL subscriptions:
function subscribeToMe ( steam_id : string , callback : () => void ) { const subscription = getGraphqlClient (). subscribe ({ query: generateSubscription ({ players_by_pk: [ { steam_id }, meFields , // Includes role field ], }), }); subscription . subscribe ({ next : ({ data }) => { me . value = data ?. players_by_pk ; // Role changes are automatically reflected callback (); }, }); }
Role changes take effect immediately via real-time subscriptions. Users with elevated permissions should be carefully monitored.
Best Practices
Principle of Least Privilege
Grant users the minimum role required for their responsibilities. Regularly audit role assignments.
Hide features users cannot access based on their role to avoid confusion and improve UX. < Button v-if = " canManageSanctions " > Manage Sanctions </ Button >
Always validate permissions on the server. Client-side role checks are for UX only.
When subscriptions update user roles, ensure UI state refreshes appropriately.
Player Sanctions Learn about player moderation tools
System Monitoring Monitor platform health and performance
Database Management Manage database operations