Bro, you put the permissions of users in sessions. How can you revalidate users' sessions for users already logged in when the admin changes their permissions?
He has to login again then he can do that but if you want you do this without session as i have updated users model permission fields only which can be re validated easily you can skip permissions inside on backend next auth you don’t need to include it there just update user models using admin which can do the fine
@@GreatAdib That means I must get the user's information from the database and check it before the user takes any action. Isn't it expensive to always fetch user information from the database and check their permissions for each request?