BA
Better Auth2mo ago
iRoachie

authClient.admin.hasPermission always returns 401 unauthorized

Hey, i'm using the auth plugin, The api/auth/admin/has-permission endpoint always returns 401 even though i'm logged in. I have custom roles 
import { createAccessControl } from 'better-auth/plugins/access';

/**
 * make sure to use `as const` so typescript can infer the type correctly
 */
const statement = {
  events: ['create', 'read', 'update', 'delete'],
  event: ['manage'],
  users: ['manage'],
  participants: ['create', 'read', 'update', 'delete'],
} as const;

export const ac = createAccessControl(statement);

export const superAdmin = ac.newRole({
  events: ['create', 'read', 'update', 'delete'],
});

export const eventAdmin = ac.newRole({
  event: ['manage'],
  users: ['manage'],
  participants: ['create', 'read', 'update', 'delete'],
});

export const secretary = ac.newRole({
  participants: ['create', 'read', 'update', 'delete'],
});

export const roles = {
  superAdmin,
  eventAdmin,
  secretary,
};
import { createAccessControl } from 'better-auth/plugins/access';

/**
 * make sure to use `as const` so typescript can infer the type correctly
 */
const statement = {
  events: ['create', 'read', 'update', 'delete'],
  event: ['manage'],
  users: ['manage'],
  participants: ['create', 'read', 'update', 'delete'],
} as const;

export const ac = createAccessControl(statement);

export const superAdmin = ac.newRole({
  events: ['create', 'read', 'update', 'delete'],
});

export const eventAdmin = ac.newRole({
  event: ['manage'],
  users: ['manage'],
  participants: ['create', 'read', 'update', 'delete'],
});

export const secretary = ac.newRole({
  participants: ['create', 'read', 'update', 'delete'],
});

export const roles = {
  superAdmin,
  eventAdmin,
  secretary,
};
2 Replies
iRoachie
iRoachieOP2mo ago
I tried calling getSession and it returned my session successfully. It works only if i set userId Did some console.logs in the .next folder. It seems that session is null in ctx.context.session ctx.request has the cookie though 
    cookie: 'ajs_anonymous_id=%22423a081d-cafe-4fe7-b173-ba4696fe1ebb%22; sidebar_state=true; __next_hmr_refresh_hash__=289; better-auth.session_token=STok9ehDJFlQ054lIwaVOdahwkp4xO0a.1VsmMcrLFjrsUqTIy1QboTyn5WiUxE3yWY4h74mc%2BMo%3D',
    cookie: 'ajs_anonymous_id=%22423a081d-cafe-4fe7-b173-ba4696fe1ebb%22; sidebar_state=true; __next_hmr_refresh_hash__=289; better-auth.session_token=STok9ehDJFlQ054lIwaVOdahwkp4xO0a.1VsmMcrLFjrsUqTIy1QboTyn5WiUxE3yWY4h74mc%2BMo%3D',
@bekacru
bekacru
bekacru2mo ago
will be fixed on next release

Did you find this page helpful?