5 replies

Org Dynamic Access Control - updateOrgRole error

Issue: user with Owner role cant updateOrgRole

For an org say Org1, I changed the role of an existing user2 from Member->Owner.

User2 (owner) can create new OrgRole with all the permissions, but cant update,

when user2, tries to update an existing OrgRole,
1. the name update is working,
2. but the resource:Actions permisssions is throwing error

name = 'APIError'
status ='FORBIDDEN'
statusCode = 403
message= "You are not permitted to update a role with those set of permissions. Please get someone with high enough permissions to update this role."

name = 'APIError'
status ='FORBIDDEN'
statusCode = 403
message= "You are not permitted to update a role with those set of permissions. Please get someone with high enough permissions to update this role."

Here is what i tested,

  await authClient.organization.hasPermission({
    permissions: {
      organization: ["update", "delete"],
      member: ["create", "update", "delete"],
      invitation: ["create", "cancel"],
      team: ["create", "update", "delete"],
      ac: ["create", "read", "update", "delete"],
      project: ["create", "read", "update", "delete", "share"],
      billing: ["read", "update"],
    },
    organizationId: "6S...T0k7RT1W",
  });

  await authClient.organization.hasPermission({
    permissions: {
      organization: ["update", "delete"],
      member: ["create", "update", "delete"],
      invitation: ["create", "cancel"],
      team: ["create", "update", "delete"],
      ac: ["create", "read", "update", "delete"],
      project: ["create", "read", "update", "delete", "share"],
      billing: ["read", "update"],
    },
    organizationId: "6S...T0k7RT1W",
  });

which returned success, so user2 has permissions for all resource:actions.

{
    "data": {
        "error": null,
        "success": true
    },
    "error": null
}

{
    "data": {
        "error": null,
        "success": true
    },
    "error": null
}

but updating an orgRole, gave error.

      const result = await auth.api.updateOrgRole({
        headers,
        body: {
           roleName: "new132",
          data: {
            permission: {
              organization: ["update", "delete"],
              member: ["create", "update", "delete"],
              invitation: ["create", "cancel"],
              team: ["create", "update", "delete"],
              ac: ["create", "read", "update", "delete"],
              project: ["create", "read", "update"],
              billing: ["read", "update"],
            },,
          },
          organizationId: "6S...T0k7RT1W",
        },
      });

      const result = await auth.api.updateOrgRole({
        headers,
        body: {
           roleName: "new132",
          data: {
            permission: {
              organization: ["update", "delete"],
              member: ["create", "update", "delete"],
              invitation: ["create", "cancel"],
              team: ["create", "update", "delete"],
              ac: ["create", "read", "update", "delete"],
              project: ["create", "read", "update"],
              billing: ["read", "update"],
            },,
          },
          organizationId: "6S...T0k7RT1W",
        },
      });

Note: The same user can "create" a newRole with any resource:[Actions], but cant update certain actions.

Solution

seems fixed in v1.3.10-beta.5 - i am on latest stable release - v1.3.9

Jump to solution

Org Dynamic Access Control - updateOrgRole error

name = 'APIError'
status ='FORBIDDEN'
statusCode = 403
message= "You are not permitted to update a role with those set of permissions. Please get someone with high enough permissions to update this role."

name = 'APIError'
status ='FORBIDDEN'
statusCode = 403
message= "You are not permitted to update a role with those set of permissions. Please get someone with high enough permissions to update this role."

Here is what i tested,

  await authClient.organization.hasPermission({
    permissions: {
      organization: ["update", "delete"],
      member: ["create", "update", "delete"],
      invitation: ["create", "cancel"],
      team: ["create", "update", "delete"],
      ac: ["create", "read", "update", "delete"],
      project: ["create", "read", "update", "delete", "share"],
      billing: ["read", "update"],
    },
    organizationId: "6S...T0k7RT1W",
  });

  await authClient.organization.hasPermission({
    permissions: {
      organization: ["update", "delete"],
      member: ["create", "update", "delete"],
      invitation: ["create", "cancel"],
      team: ["create", "update", "delete"],
      ac: ["create", "read", "update", "delete"],
      project: ["create", "read", "update", "delete", "share"],
      billing: ["read", "update"],
    },
    organizationId: "6S...T0k7RT1W",
  });

which returned success, so user2 has permissions for all resource:actions.

{
    "data": {
        "error": null,
        "success": true
    },
    "error": null
}

{
    "data": {
        "error": null,
        "success": true
    },
    "error": null
}

but updating an orgRole, gave error.

      const result = await auth.api.updateOrgRole({
        headers,
        body: {
           roleName: "new132",
          data: {
            permission: {
              organization: ["update", "delete"],
              member: ["create", "update", "delete"],
              invitation: ["create", "cancel"],
              team: ["create", "update", "delete"],
              ac: ["create", "read", "update", "delete"],
              project: ["create", "read", "update"],
              billing: ["read", "update"],
            },,
          },
          organizationId: "6S...T0k7RT1W",
        },
      });

      const result = await auth.api.updateOrgRole({
        headers,
        body: {
           roleName: "new132",
          data: {
            permission: {
              organization: ["update", "delete"],
              member: ["create", "update", "delete"],
              invitation: ["create", "cancel"],
              team: ["create", "update", "delete"],
              ac: ["create", "read", "update", "delete"],
              project: ["create", "read", "update"],
              billing: ["read", "update"],
            },,
          },
          organizationId: "6S...T0k7RT1W",
        },
      });

Note: The same user can "create" a newRole with any resource:[Actions], but cant update certain actions.

Solution

seems fixed in v1.3.10-beta.5 - i am on latest stable release - v1.3.9

Jump to solution

Org Dynamic Access Control - updateOrgRole error

Org Dynamic Access Control - updateOrgRole error

Similar Threads

Similar Threads

Similar Threads