Better Auth•5mo ago

Organization role customization

Goal: Have only custom roles and access control for organizations Observed Behavior: Things still being created as "owner", I think "admin", "owner" and other roles still exist. I only want my custom roles, and I want the creating user to get the custom role as well ("parent" in this case). Background: I'm building a family management app, using an organization as the "family", and I want to have custom roles for parents and children, etc. I have followed the custom roles/authorization docs for the organization to customize things. Here is what that looks like so far:

const statement = {
    organization: ["update"],
    invitation: ["create", "cancel"],
} as const;

const ac = createAccessControl(statement);

const parent = ac.newRole({
    organization: ["update"],
    invitation: ["create", "cancel"],
});

const statement = {
    organization: ["update"],
    invitation: ["create", "cancel"],
} as const;

const ac = createAccessControl(statement);

const parent = ac.newRole({
    organization: ["update"],
    invitation: ["create", "cancel"],
});

and I've included the "ac" and "parent" on both server and client side plugins. (client shown below)

        organizationClient({
            ac,
            roles: {
                parent,
            },
        }),

        organizationClient({
            ac,
            roles: {
                parent,
            },
        }),

Is what I'm trying to do possible, or are owner, admin, and member always roles, and I can only extend things?

1 Reply

jhspaybarOP•5mo ago

I went and looked at the code, it looks like "creatorRole" lets me set this to "parent". https://github.com/better-auth/better-auth/blob/main/packages/better-auth/src/plugins/organization/organization.ts#L87 that solves half my probem. The other half is here though: https://github.com/better-auth/better-auth/blob/main/packages/better-auth/src/plugins/organization/organization.ts#L394 And it looks like there's not a way to remove the default roles. I've ended up trying this:

const statement = {
    ...defaultStatements,
} as const;

export const ac = createAccessControl(statement);

export const parent = ac.newRole({
    organization: ["update"],
    invitation: ["create", "cancel"],
});

export const admin = ac.newRole({
    organization: [],
    member: [],
    invitation: [],
    team: [],
});

export const owner = ac.newRole({
    organization: [],
    member: [],
    invitation: [],
    team: [],
});

export const member = ac.newRole({
    organization: [],
    member: [],
    invitation: [],
    team: [],
});

            ac,
            roles: {
                parent,
                admin: adminRole,
                owner,
                member,
            },
            creatorRole: "parent",

const statement = {
    ...defaultStatements,
} as const;

export const ac = createAccessControl(statement);

export const parent = ac.newRole({
    organization: ["update"],
    invitation: ["create", "cancel"],
});

export const admin = ac.newRole({
    organization: [],
    member: [],
    invitation: [],
    team: [],
});

export const owner = ac.newRole({
    organization: [],
    member: [],
    invitation: [],
    team: [],
});

export const member = ac.newRole({
    organization: [],
    member: [],
    invitation: [],
    team: [],
});

            ac,
            roles: {
                parent,
                admin: adminRole,
                owner,
                member,
            },
            creatorRole: "parent",

Is there a better way?

GitHub

better-auth/packages/better-auth/src/plugins/organization/organizat...

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

Gaming

Programming

Organization role customization

Did you find this page helpful?