Better Auth•2d ago

Route based access control

Hi! Could someone help me how to implement role based access control? First to simply allow some routes for logged in users, and then how to create admin routes? I've read the documentation, and I know that the middleware should be used for it, but I don't really have that much knowledge about this. I'm using NextJS 15.2 and the new better auth 1.2. Thank! ❤️

2 Replies

nelsonprsousa•2d ago

I am currently getting the session and performing auth.api.userHasPermission() on the server.

    const isCurrentUserAllowedToDeleteCategory = await auth.api.userHasPermission({
      headers: request.headers,
      body: {
        userId: session?.user.id,
        permission: {
          category: ['delete'],
        },
      },
    });

    const isCurrentUserAllowedToDeleteCategory = await auth.api.userHasPermission({
      headers: request.headers,
      body: {
        userId: session?.user.id,
        permission: {
          category: ['delete'],
        },
      },
    });

paliczOP•2d ago

Thanks! But this is not exactly what I meant, I want to create protected rotues, like the '/dashboard' should only be accessible for logged in users, and '/admin' should only be accessible for admin role users. Oh, I got it my bad

Gaming

Programming

Route based access control

Did you find this page helpful?