How can I manage user roles when the client and server are in different projects?
Hello Better Auth community, I have a question that my team and I are currently grappling with regarding how to manage roles when you have separate environments.
The documentation on roles mentions that: “You also need to pass the access controller and the roles to the client plugin.” That means that this library assumes that you are working in a monorepo environment or, if not, in a full-stack environment.
I understand that it is not ideal to have a
permissions.ts in each project, because if one changes, the other also has to change. Is this where a solution such as microservices or a shared library might come in?
Is it possible to bring the roles asynchronously from the database and pass them as parameters?
Has anyone had to deal with this in their projects or work?
The front end is built with React, and the server with Node and Express. We also use Prisma.Solution:Jump to solution
We will have database support soon, PR is merged and in canary now (https://github.com/better-auth/better-auth/pull/4087) besides that another solution could be to use git sub-modules, although it's still not the most ideal solution. it's hard to solve when you don't have direct access between the projects, some system has to be in place to keep them in sync
GitHub
feat(org): Dynamic Access Control by ping-maxwell · Pull Request #...
#2743
additional fields support
tests
documentation
Summary by cubic
Add Dynamic Access Control for organizations so you can create, read, update, and delete org-specific roles at runtime,...
4 Replies
Solution
We will have database support soon, PR is merged and in canary now (https://github.com/better-auth/better-auth/pull/4087) besides that another solution could be to use git sub-modules, although it's still not the most ideal solution. it's hard to solve when you don't have direct access between the projects, some system has to be in place to keep them in sync
GitHub
feat(org): Dynamic Access Control by ping-maxwell · Pull Request #...
#2743
additional fields support
tests
documentation
Summary by cubic
Add Dynamic Access Control for organizations so you can create, read, update, and delete org-specific roles at runtime,...
So, using the organization plugin, you can define the
dynamicAccessControl property on both the client and server, and that would allow us to define roles only on the server side? Am I understanding the feature correctly?You can define it from the client too, it just depends on which user and weather or not their role has the right
ac permissionsWith this dynamic approach, would defining roles on the client side as well be more explicit with regard to role contexts and permissions? Ultimately, my problem is that I don't want to be managing an intermediate permissions file for both environments, and I understand that there may be permissions on the client side that are not necessarily displayed on the server, and vice versa. For now, I like this feature, and even though it's in canary, I'm going to be testing it because our project is just getting started.