BA
Better Auth2mo ago
David.fds

Allow user to edit their own data

Hi! I've defined some custom permissions in my application, which include the roles: admin, manager, and viewer. In my current setup: Admins and managers can edit user information, including assigning roles. Viewers are not allowed to edit other users' data. However, I would like to allow users with the viewer role to update some of their own information, such as firstName, lastName, and jobTitle. I already have a method in place to validate whether a user has permission to perform certain actions based on their role. But I’d like to know if Better Auth provides any built-in way to allow users to update specific fields of their own user profile, even if they don’t have general editing permissions. Note: I'm storing this data in the default user table created by Better Auth, and I’ve added these extra fields (firstName, lastName, and jobTitle) to that table. Thanks in advance for any help! Some code sample: 
// server side check with Next.js
export default async function checkPermission(permission: object) {
  const session = await getSession();
  if (!session) redirect("/login");

  const result = await auth.api.userHasPermission({
    body: {
      userId: session.user.id,
      permission,
    },
  });

  if (!result.success) {
    return {
      success: false,
      error: "Not allowed",
    };
  }

  return { success: true, session, error: null };
}

const permissionCheck = await checkPermission({ user: ["create"] }); // just a check example
  if (!permissionCheck.success)
    return { ...response, error: permissionCheck.error };

// ...
// server side check with Next.js
export default async function checkPermission(permission: object) {
  const session = await getSession();
  if (!session) redirect("/login");

  const result = await auth.api.userHasPermission({
    body: {
      userId: session.user.id,
      permission,
    },
  });

  if (!result.success) {
    return {
      success: false,
      error: "Not allowed",
    };
  }

  return { success: true, session, error: null };
}

const permissionCheck = await checkPermission({ user: ["create"] }); // just a check example
  if (!permissionCheck.success)
    return { ...response, error: permissionCheck.error };

// ...
0 Replies
No replies yetBe the first to reply to this messageJoin

Did you find this page helpful?