Better Auth•3d ago

How to check permissions on server side

Hello, I created custom roles and rights and I would like to check permission but if I use auth.api.hasPermission , i cannot use project:["my_right"] So i tried to use authClient but it doesn't work either. What should i do ?

17 Replies

lonelyplanet•3d ago

What was the full method call you did for server side

lonelyplanet•3d ago

https://www.better-auth.com/docs/concepts/api#calling-api-endpoints-on-the-server

API | Better Auth

Better Auth API.

lonelyplanet•3d ago

//server,ts
import { betterAuth } from "better-auth";
 
export const auth = betterAuth({
    //...
})

//get the headers of the current request
const requestHeaders = ...forward_the_current_server_requests_headers
 
// calling hasPermission  on the server
await auth.api.hasPermission({
    headers: requestHeaders
    body: {
        project:["my_right"] 
    }

})

//server,ts
import { betterAuth } from "better-auth";
 
export const auth = betterAuth({
    //...
})

//get the headers of the current request
const requestHeaders = ...forward_the_current_server_requests_headers
 
// calling hasPermission  on the server
await auth.api.hasPermission({
    headers: requestHeaders
    body: {
        project:["my_right"] 
    }

})

Im not sure exactly how sveltekit regarding headers But have a solid look at the documentation the API page is quite nice

rtmorgan•3d ago

Also, the 'Access Control Usage' section of the Organization plugin's docs has an example that could help https://www.better-auth.com/docs/plugins/organization#usage With changes from that doc to account for getting headers from the PageServerLoad event :

auth.api.hasPermission({
        headers: event.request.headers,
        body: {
            permission: {
                project: ["create"] // This must match the structure in your access control
            }
        }
    });

auth.api.hasPermission({
        headers: event.request.headers,
        body: {
            permission: {
                project: ["create"] // This must match the structure in your access control
            }
        }
    });

You should be able to use something similar with your 'makeOrder' action instead of the example's 'create' action.

roze789OP•3d ago

I cannot make it work

roze789OP•3d ago

Here is what error I get.

roze789OP•3d ago

@lonelyplanet @rtmorgan

rtmorgan•2d ago

@roze789 could you provide more details on how you assigned the role and what role you assigned to the user you're authenticating as? thank you

roze789OP•2d ago

yes, my user has admin role

roze789OP•2d ago

rtmorgan•2d ago

Your earlier screenshots showed customizations for the existing role 'Admin'. Could you confirm that you merged the roles' permissions set with the default roles as covered in the custom permissions step 2 https://www.better-auth.com/docs/plugins/organization#create-roles ? It could be that the Admin role statements are not correctly established and evaluated.

roze789OP•2d ago

I didn't, I created my own roles permissions for each one (organization, members, invitation, project)

rtmorgan•2d ago

What do the member records look like in table 'member'? Is there a valid record for a organization member with role 'admin'?

roze789OP•2d ago

Yes, i changed both

roze789OP•2d ago

roze789OP•22h ago

But what i dont understand is why I created those rights only on the authClient authClient cannot be called in the server ? ok I forget to add those roles in auth.ts ... sorry my bad

Gaming

Programming

How to check permissions on server side

Did you find this page helpful?