BA
Better Auth3w ago
codecret | Software Engineer

you are not allowed to list users 403 error

i want to create superadmin for the owner of sas project, auth 
    additionalFields: {
      role: {
        type: ["user", "admin", "superadmin"],
      },
    },
  },
  plugins: [
    username(),
    admin({
      ac,
      roles: {
        admin: adminRole,
        superadmin,
      },
    }),
    additionalFields: {
      role: {
        type: ["user", "admin", "superadmin"],
      },
    },
  },
  plugins: [
    username(),
    admin({
      ac,
      roles: {
        admin: adminRole,
        superadmin,
      },
    }),
and for authClient.tsx 
 adminClient({
      ac,
      roles: {
        admin: adminRole,
        superadmin,
      },
    }),
 adminClient({
      ac,
      roles: {
        admin: adminRole,
        superadmin,
      },
    }),
and its still showing "code": "YOU_ARE_NOT_ALLOWED_TO_LIST_USERS", here is my permissions: 
const statement = {
  ...defaultStatements,
} as const;

export const ac = createAccessControl(statement);

const adminRole = ac.newRole({
  ...adminAc.statements,
});

const superadmin = ac.newRole({
  ...adminAc.statements,
});

export { adminRole, superadmin };
const statement = {
  ...defaultStatements,
} as const;

export const ac = createAccessControl(statement);

const adminRole = ac.newRole({
  ...adminAc.statements,
});

const superadmin = ac.newRole({
  ...adminAc.statements,
});

export { adminRole, superadmin };
5 Replies
codecret | Software Engineer
codecret | Software EngineerOP3w ago
i made sure that 
 const canListUsers = authClient.admin.checkRolePermission({
          permission: {
            user: ["list"],
          },
          role: "superadmin",
        });
 const canListUsers = authClient.admin.checkRolePermission({
          permission: {
            user: ["list"],
          },
          role: "superadmin",
        });
is returning true in my application
Ashborn013H
Ashborn013H3w ago
by defult the beeterauth only considers admin as a vaild admin role even if you create a custom admin with admin permition so your auth.ts file shoud have something like this 
    
plugins: [admin({
        ac: ac,
        roles: roles,
        adminRoles : ["superadmin"],
        defaultRole : "employee",
        
    }), bearer(), nextCookies()]
    
plugins: [admin({
        ac: ac,
        roles: roles,
        adminRoles : ["superadmin"],
        defaultRole : "employee",
        
    }), bearer(), nextCookies()]
and this is my auth.ts file 
  import { createAccessControl } from "better-auth/plugins/access";
  import { defaultStatements, adminAc } from "better-auth/plugins/admin/access";
  
  const statement = {
      ...defaultStatements, 
      project : ["create","update","delete"],
      userInfo : ["create","update","delete"]

  } as const;
  
  export const ac = createAccessControl(statement);
  


  export const superadmin = ac.newRole({
    ...adminAc.statements,
    project : ["create","update","delete"],

  })

  export const manager = ac.newRole({
    project : ["update"],
    userInfo : ["update"]
  })
  export const employee = ac.newRole({
    userInfo : ["update"]
  
  })


  export const roles = {
    superadmin,employee,manager
  };
  import { createAccessControl } from "better-auth/plugins/access";
  import { defaultStatements, adminAc } from "better-auth/plugins/admin/access";
  
  const statement = {
      ...defaultStatements, 
      project : ["create","update","delete"],
      userInfo : ["create","update","delete"]

  } as const;
  
  export const ac = createAccessControl(statement);
  


  export const superadmin = ac.newRole({
    ...adminAc.statements,
    project : ["create","update","delete"],

  })

  export const manager = ac.newRole({
    project : ["update"],
    userInfo : ["update"]
  })
  export const employee = ac.newRole({
    userInfo : ["update"]
  
  })


  export const roles = {
    superadmin,employee,manager
  };
i hope this helps
codecret | Software Engineer
codecret | Software EngineerOP3w ago
and how can i use that , by just setting the role field as superadmin ? thanks for answering btw any help? i setted up superadmin as role in database 
 const response = await authClient.admin.listUsers({
          query: {
            limit: 10,
            sortBy: "createdAt",
            sortDirection: "desc",
          },
        });
 const response = await authClient.admin.listUsers({
          query: {
            limit: 10,
            sortBy: "createdAt",
            sortDirection: "desc",
          },
        });
this. is returning. 403 !
bekacru
bekacru3w ago
are you on latest?
codecret | Software Engineer
codecret | Software EngineerOP2w ago
"better-auth": "1.2.0",
"better-auth": "1.2.0",

Did you find this page helpful?