Better Auth•6mo ago

Permissions type not updating after creating ac and adding to organization plugin.

Hi, I believe this is a bug, even after adding my own permissions.ts, and adding ac and all of the roles to my auth.ts and auth-client.ts, it shows that the only permissions available are the 3 default ones built into the plugin. Is there any more setup that needs to be done that I'm missing? I've looked through the source of better-auth and cant pinpoint the issue

import { createAccessControl } from "better-auth/plugins/access";

const statement = {
  // Organization management
  organization: ["create", "read", "update", "delete"],
  
  // Member management
  member: ["create", "read", "update", "delete"],
  
  // Service management
  service: ["create", "read", "update", "delete"],
  
  // Appointment management
  appointment: ["create", "read", "update", "delete"],
  
  // Contact management
  contact: ["create", "read", "update", "delete"],
  
  // Availability management
  availability: ["create", "read", "update", "delete"],
  
  // Business hours management
  businessHours: ["create", "read", "update", "delete"],
  
  // Customer management
  customer: ["create", "read", "update", "delete"],
} as const;

const ac = createAccessControl(statement);

// Basic member role - limited permissions
const member = ac.newRole({
  organization: ["read"],
  member: ["read"],
  service: ["read"],
  appointment: ["read", "create", "update"],
  contact: ["read", "create"],
  availability: ["read", "create", "update"],
});

// Admin role - extended permissions
const admin = ac.newRole({
  organization: ["read", "update"],
  member: ["read", "create", "update"],
  service: ["create", "read", "update", "delete"],
  appointment: ["create", "read", "update", "delete"],
  contact: ["create", "read", "update", "delete"],
  availability: ["create", "read", "update", "delete"],
  businessHours: ["read", "update"],
  customer: ["read", "update"],
});

// Owner role - full permissions
const owner = ac.newRole({
  organization: ["create", "read", "update", "delete"],
  member: ["create", "read", "update", "delete"],
  service: ["create", "read", "update", "delete"],
  appointment: ["create", "read", "update", "delete"],
  contact: ["create", "read", "update", "delete"],
  availability: ["create", "read", "update", "delete"],
  businessHours: ["create", "read", "update", "delete"],
  customer: ["create", "read", "update", "delete"],
});

export { ac, member, admin, owner };

import { createAccessControl } from "better-auth/plugins/access";

const statement = {
  // Organization management
  organization: ["create", "read", "update", "delete"],
  
  // Member management
  member: ["create", "read", "update", "delete"],
  
  // Service management
  service: ["create", "read", "update", "delete"],
  
  // Appointment management
  appointment: ["create", "read", "update", "delete"],
  
  // Contact management
  contact: ["create", "read", "update", "delete"],
  
  // Availability management
  availability: ["create", "read", "update", "delete"],
  
  // Business hours management
  businessHours: ["create", "read", "update", "delete"],
  
  // Customer management
  customer: ["create", "read", "update", "delete"],
} as const;

const ac = createAccessControl(statement);

// Basic member role - limited permissions
const member = ac.newRole({
  organization: ["read"],
  member: ["read"],
  service: ["read"],
  appointment: ["read", "create", "update"],
  contact: ["read", "create"],
  availability: ["read", "create", "update"],
});

// Admin role - extended permissions
const admin = ac.newRole({
  organization: ["read", "update"],
  member: ["read", "create", "update"],
  service: ["create", "read", "update", "delete"],
  appointment: ["create", "read", "update", "delete"],
  contact: ["create", "read", "update", "delete"],
  availability: ["create", "read", "update", "delete"],
  businessHours: ["read", "update"],
  customer: ["read", "update"],
});

// Owner role - full permissions
const owner = ac.newRole({
  organization: ["create", "read", "update", "delete"],
  member: ["create", "read", "update", "delete"],
  service: ["create", "read", "update", "delete"],
  appointment: ["create", "read", "update", "delete"],
  contact: ["create", "read", "update", "delete"],
  availability: ["create", "read", "update", "delete"],
  businessHours: ["create", "read", "update", "delete"],
  customer: ["create", "read", "update", "delete"],
});

export { ac, member, admin, owner };

19 Replies

bekacru•6mo ago

the guide has been updated

bekacru•6mo ago

https://www.better-auth.com/docs/plugins/organization

Organization | Better Auth

The organization plugin allows you to manage your organization's members and teams.

salzarOP•6mo ago

I’ll try it out again, I was following this steps on the beta branch

salzarOP•6mo ago

Still getting type error with all new styeps

salzarOP•6mo ago

No type error when doing this, but only recognizes the default permissions, not the ones i specificied

bekacru•6mo ago

can you show me how you added ac and roles on your auth config and your auth client?

salzarOP•6mo ago

auth.ts

permissions.ts

auth-client.ts

salzarOP•6mo ago

Pretty stumped still

bekacru•6mo ago

oh will take a look now

salzarOP•6mo ago

Thank you!

bekacru•6mo ago

are you on canary? if not please update first and let me know if it's still an issue

salzarOP•6mo ago

I’m on latest at the time I posted, let me update rq Still same issue on canary

Unknown User•6mo ago

Message Not Public

salzarOP•6mo ago

Very interesting

Unknown User•6mo ago

Message Not Public

salzarOP•6mo ago

I have no idea how or why, but my types in my ac are now being recognized for my roles and permissions, and I had to modify the hasPermission to include a body request. No type errors now

async function createBusinessHoursRouter() {
    auth.api.hasPermission({
        headers: await headers(),
        body: {
            role: {
                in: ['admin', 'owner']
            },
            permission: {
                businessHours: ["create"] // This must match the structure in your access control
            }
        }
    });
}

async function createBusinessHoursRouter() {
    auth.api.hasPermission({
        headers: await headers(),
        body: {
            role: {
                in: ['admin', 'owner']
            },
            permission: {
                businessHours: ["create"] // This must match the structure in your access control
            }
        }
    });
}

:blobshrug:

salzarOP•6mo ago

https://github.com/better-auth/better-auth/pull/616 Made a pr, after checking source, thats definitley the schema it wants you to follow

GitHub

Fix error in docs by salvinoto · Pull Request #616 · better-auth/be...

Update hasPermission to show correct syntax

bekacru•6mo ago

oh nice merged :))

salzarOP•6mo ago

Awesome! One thing I'm trying to get, whats the objective of passing in the role, isnt it supposed to grab the role from the current user and check against it? like for example, if im specifying the role on the client, couldnt they just easily change the role and grant access?

Gaming

Programming

Permissions type not updating after creating ac and adding to organization plugin.

Did you find this page helpful?