Better Auth•3mo ago

How to check permissions on server side

Hello, I created custom roles and rights and I would like to check permission but if I use auth.api.hasPermission , i cannot use project:["my_right"] So i tried to use authClient but it doesn't work either. What should i do ?

18 Replies

lonelyplanet•3mo ago

What was the full method call you did for server side

lonelyplanet•3mo ago

https://www.better-auth.com/docs/concepts/api#calling-api-endpoints-on-the-server

API | Better Auth

Better Auth API.

lonelyplanet•3mo ago

//server,ts
import { betterAuth } from "better-auth";
 
export const auth = betterAuth({
    //...
})

//get the headers of the current request
const requestHeaders = ...forward_the_current_server_requests_headers
 
// calling hasPermission  on the server
await auth.api.hasPermission({
    headers: requestHeaders
    body: {
        project:["my_right"] 
    }

})

//server,ts
import { betterAuth } from "better-auth";
 
export const auth = betterAuth({
    //...
})

//get the headers of the current request
const requestHeaders = ...forward_the_current_server_requests_headers
 
// calling hasPermission  on the server
await auth.api.hasPermission({
    headers: requestHeaders
    body: {
        project:["my_right"] 
    }

})

Im not sure exactly how sveltekit regarding headers But have a solid look at the documentation the API page is quite nice

rtmorgan•3mo ago

Also, the 'Access Control Usage' section of the Organization plugin's docs has an example that could help https://www.better-auth.com/docs/plugins/organization#usage With changes from that doc to account for getting headers from the PageServerLoad event :

auth.api.hasPermission({
        headers: event.request.headers,
        body: {
            permission: {
                project: ["create"] // This must match the structure in your access control
            }
        }
    });

auth.api.hasPermission({
        headers: event.request.headers,
        body: {
            permission: {
                project: ["create"] // This must match the structure in your access control
            }
        }
    });

You should be able to use something similar with your 'makeOrder' action instead of the example's 'create' action.

roze789OP•3mo ago

I cannot make it work

roze789OP•3mo ago

Here is what error I get.

roze789OP•3mo ago

@lonelyplanet @rtmorgan

rtmorgan•3mo ago

@roze789 could you provide more details on how you assigned the role and what role you assigned to the user you're authenticating as? thank you

roze789OP•3mo ago

yes, my user has admin role

roze789OP•3mo ago

rtmorgan•3mo ago

Your earlier screenshots showed customizations for the existing role 'Admin'. Could you confirm that you merged the roles' permissions set with the default roles as covered in the custom permissions step 2 https://www.better-auth.com/docs/plugins/organization#create-roles ? It could be that the Admin role statements are not correctly established and evaluated.

roze789OP•3mo ago

I didn't, I created my own roles permissions for each one (organization, members, invitation, project)

rtmorgan•3mo ago

What do the member records look like in table 'member'? Is there a valid record for a organization member with role 'admin'?

roze789OP•3mo ago

Yes, i changed both

roze789OP•3mo ago

But what i dont understand is why I created those rights only on the authClient authClient cannot be called in the server ? ok I forget to add those roles in auth.ts ... sorry my bad

RTMorgan•3mo ago

No prob - hopefully that gets it working

Gaming

Programming

How to check permissions on server side

Did you find this page helpful?