Three ways to refer a current User in Sanity Documents

There are pretty much situations when you'd like to have a reference to a Sanity studio user from your documents. In this article, we will consider scenarios when you need to refer a current user somehow related to a document. Before we dive into a technical implementation let's see why you might need it at all

The most obvious cases are when you’d like to have fields like createdBy and updatedBy in your documents. That could be useful to keep article authors when creating a blog site. Many other CMS have such things out of the box. In Sanity, you need to implement it yourselves but at the same time, you have the flexibility to have more complex scenarios in your document flow. For example, you can add approvedBy, assignedTo, and publishedBy fields to your documents and use them for creating complex publishing flows. Other cases could be:

• Role-based document access model
• Improved Sanity studio UX
• Extending document history, creating dashboards, and so on.

Content-type for storing user details​

Let's first create a new content type called user. In it, we will store the necessary information about the user.

Script 1. User content type

const user = {
 name: 'user',
 title: 'Authenticated User',
 type: 'object',
 fields: [
   {
     name: 'id',
     type: 'string',
   },
   {
     name: 'name',
     type: 'string',
   },
   {
     name: 'email',
     type: 'string',
   },
   {
     name: 'profileImage',
     type: 'string',
   },
   {
     name: 'role',
     type: 'string',
   },
   {
     name: 'provider',
     type: 'string',
   },
 ],
};

The id field will store the Santy user ID. The purpose of the fields name and email is obvious. The profileImage field will contain the URL with the user's avatar if one exists. The role field is the user's role for this project, specified in the project settings. provider contains information about the user's authentication service, for example, google if the user is registered with a Google account.

Getting the current user​

When a user opens Sanity Studio, they must log in to it. Then all data operations are performed on behalf of the given user. Interaction with documents is provided by the Sanity Client module. Authentication of requests is achieved through an individual authorization token that the Sanity Client adds to the headers of each request. It all happens under the hood of Sanity Studio. Thus, any request made through the Sanity Client automatically occurs on behalf of the current user. You can get the Sanity Client access the following way:

Script 2. Import Sanity client

import client from 'part:@sanity/base/client';

To get information about the current user, we need to call the following request.

Script 3. Request current user

const resp = await client.request({ uri: 'users/me' });

As a result of such a request, we will receive an object of the following shape.

Script 3. User fields example

{
 id: 'pXXXXXX',
 name: 'Oleg Proskurin',
 email: '[email protected]',
 profileImage: 'https://lh3.googleusercontent.com/...',
 role: 'administrator',
 provider: 'google',
};

As you can see, we have received all the data we need and all that is left is to save them in the appropriate field of a document. To do this, we need to execute the request at the right time and transfer the data to the currently open document. There are several ways to implement this logic.

Utilizing initialValue API​

The easiest way to request data during document creation is to add an initialValue property to our content-type definition. Below I put the complete source code with the type, which can be used in your projects.

Script 4. Content-type with an initial value

import client from 'part:@sanity/base/client';

export const user = {
 name: 'user',
 title: 'Authenticated User',
 type: 'object',
 fields: [
   {
     name: 'id',
     type: 'string',
     readOnly: true,
     hidden: true,
   },
   {
     name: 'name',
     type: 'string',
     readOnly: true,
   },
   {
     name: 'email',
     type: 'string',
     readOnly: true,
   },
   {
     name: 'profileImage',
     readOnly: true,
     hidden: true,
     type: 'string',
   },
   {
     name: 'role',
     type: 'string',
     readOnly: true,
     hidden: true,
   },
   {
     name: 'provider',
     type: 'string',
     readOnly: true,
     hidden: true,
   },
 ],
 initialValue: () => client.request({ uri: 'users/me' }),
};

In order to start using this, you just need to add the createdBy field of the user type to the document’s schema.

Script 5. Adding createdBy field

const Article = {
 name: 'Article',
 type: 'document',
 fields: [
   {
     name: 'createdBy',
     title: 'Created By',
     type: 'user',
   },

   /* ...other document fields  */
 ],
};

As soon as the user creates a new document of this type, the function specified in the initialValue of this type will make an asynchronous request and return a result with the user's data. Thus, the document will be pre-filled with the value we need. Note that I have added read-only properties to all fields of type user. This is necessary because we do not want the user to manually change this data. Also, using the hidden property, we can display only human-readable information in the Sanity Studio editor.

Custom input component​

More control and possibilities can be gained by creating your own component to display user data. A component can provide a user interface for interacting with data. Let's illustrate this by creating an assignedTo field that allows any CMS user to assign themself to whatever is described in the document. In order to set a React Component as a field input to our content type, let's add an inputComponent property to it and create a React component to use for this, respectively.

Script 6. Adding custom React Component

inputComponent: User,

The minimal implementation of a component might look like this:

Script 7. Custom input implementation

const User = ({ value, type }) => {
 const { profileImage, name, email } = value;
 const { title } = type;

 return (
   <div>
     <div className="title">{title}</div>
     <img src={profileImage} />
     <div>{`${name} / ${email}`}</div>
   </div>
 );
};

Please note that here I deliberately provide only the minimum necessary component implementation. In reality, what you want to do is add styling, checks, and validation. However, we already have a component that shows us the avatar of the user who created the document, their name, and their email. Let's add the ability for other users to assign themselves to this document. To do this, add a “Join” button and its handler.

Script 8. Adding a button handler

const User = ({ value, type }) => {
 const { profileImage, name, email } = value;
 const { title } = type;

 const handleClick = () => {
// todo: switch user to the current one
}
 return (
   <div>
     <div className="title">{title}</div>
     <img src={profileImage} />
     <div>{`${name} / ${email}`}</div>
     <button onClick={handleClick}>Join</button>
   </div>
 );
};

To implement handleClick, let's use helpful utilities from the Sanity form-builder package.

Script 9. Import patching utils

import PatchEvent, { set } from '@sanity/form-builder/PatchEvent';

As a result, our component will look like this.

Script 10. Component patching the document

import PatchEvent, { set } from ‘@Qsanity/form-builder/PatchEvent' ;

const User = ({ value, type, onChange }) = {
const { profileImage, name, email } = value;
const { title } = type;

const handleClick = async () => {
const user = await client.request({ uri: ‘'users/me' });
onChange(PatchEvent.from(set(user)));
};

return (
<div>
<div className="title">{title}</div>
<img src={profileImage} />
<div>{`${name} / ${email}`}</div>
<button onClick={handleClick}>Join</button>
</div>
);
};

Now, having added the assignedTo field of the user type to our document, we initially will have a user who created the document, but later other users will be able to re-assign themselves.

The complete example of the user content-type implementation

Script 10. Content-type with an initial value and a custom input component

import React from 'react';
import client from 'part:@sanity/base/client';
import PatchEvent, { set } from '@sanity/form-builder/PatchEvent';

const User = ({ value = {}, type, onChange }) => {
 const { profileImage, name, email } = value;
 const { title } = type;

 const handleClick = async () => {
   const user = await client.request({ uri: 'users/me' });
   onChange(PatchEvent.from(set(user)));
 };

 return (
   <div>
     <div className="title">{title}</div>
     <img src={profileImage} />
     <div>{`${name} / ${email}`}</div>
     <button onClick={handleClick}>Join</button>
   </div>
 );
};

export const user = {
 name: 'user',
 title: 'Authenticated User',
 type: 'object',
 fields: [
   {
     name: 'id',
     type: 'string',
     readOnly: true,
     hidden: true,
   },
   {
     name: 'name',
     type: 'string',
     readOnly: true,
   },
   {
     name: 'email',
     type: 'string',
     readOnly: true,
   },
   {
     name: 'profileImage',
     readOnly: true,
     hidden: true,
     type: 'string',
   },
   {
     name: 'role',
     type: 'string',
     readOnly: true,
     hidden: true,
   },
   {
     name: 'provider',
     type: 'string',
     readOnly: true,
     hidden: true,
   },
 ],
 initialValue: () => client.request({ uri: 'users/me' }),
 inputComponent: User,
};

Custom action​

Another operation where user data can be involved is a custom action command. For example, it can be an approval of a document by an authorized person. The process of creating and connecting custom actions is described in the documentation and we will skip them, switching directly to the “Approve” action, which will be used by users with appropriate permissions, to approve documents. Suppose in our document there is an approved field, the type of which is user that we created above, and we have an agreement that an empty value of the field means that the document is not approved, and the field in which there is user data - that it is approved by this user. This is what a custom action that implements this operation might look like.

Script 11. Approve action function

import client from 'part:@sanity/base/client';

export const approveAction = (docInfo) => {
 const { id, approved } = docInfo.draft;

 // only for not approved documents
 if (approved) {
   return null;
 }

 const onHandle = async () => {
   const user = await client.request({ uri: 'users/me' });

   // only administrators can approve documents
   if (user.role !== 'administrator') {
     return;
   }
   await client.patch(id).set({ approved: user }).commit();
 };

 return {
   icon: () => '👍',
   label: 'Approve',
   onHandle,
 };
};

When you click on a button, we request user data and check their permissions. If the user is authorized to do this, we patch the document by adding details about the user who approved it. This action should be hidden for already approved documents - for this, it is enough to return null from the action function. Ideally, we would like to similarly hide this action from users who do not have the appropriate permissions. Unfortunately, this requires making an asynchronous request from the body of the function itself, which means that the approveAction function itself would have to be asynchronous, which is no longer supported by Sanity Studio.

Thank you for your time, I hope you learned something useful and interesting for you. More articles about headless CMS and Sanity, in particular, can be found on our blog