Better Auth•2d ago

Dynamically create Role and Permission.

Can anyone tell how to create role and permissions programatically? Such as from admin dashboard. In the doc, it shows how to create access controller and pass it to auth configuration

import { betterAuth } from "better-auth"
import { admin as adminPlugin } from "better-auth/plugins"
import { ac, admin, user } from "@/auth/permissions"
 
export const auth = betterAuth({
    plugins: [
        adminPlugin({
            ac,
            roles: {
                admin,
                user,
                myCustomRole
            }
        }),
    ],
});

import { betterAuth } from "better-auth"
import { admin as adminPlugin } from "better-auth/plugins"
import { ac, admin, user } from "@/auth/permissions"
 
export const auth = betterAuth({
    plugins: [
        adminPlugin({
            ac,
            roles: {
                admin,
                user,
                myCustomRole
            }
        }),
    ],
});

But if I want to create these role from admin dashboard along with permissions, how do I do it?

5 Replies

Ping•2d ago

Could you try creating a new endpoint in your server which just gets ac from your @/auth/permissions and then use ac.newRole to add new role/perms? FYI, I've never tried this out, so we'll have to test this theory and see how it goes.

ArifOP•2d ago

app.post("/acl/roles", async (req, res) => {
  const { resourceName, actions } = req.body as ACL;

  const newRole = ac.newRole({
    [resourceName]: [...actions], // { resourceName: "category", actions: ["create", "update"] }
    ...userAc.statements
  });

  res.status(201).json(newRole);
})

app.post("/acl/roles", async (req, res) => {
  const { resourceName, actions } = req.body as ACL;

  const newRole = ac.newRole({
    [resourceName]: [...actions], // { resourceName: "category", actions: ["create", "update"] }
    ...userAc.statements
  });

  res.status(201).json(newRole);
})

Tried this way, though it gives a successful response, but I guess, still it is required to pass this newRole to betterAuth configuration,

 roles: {
            admin,
            user,
            myCustomRole
            [newResource]
          }

 roles: {
            admin,
            user,
            myCustomRole
            [newResource]
          }

Since, better auth requires them on initialization time. So then I tried this way by using roles object and pass it as reference.

import { createAccessControl } from "better-auth/plugins/access";
import { adminAc, defaultStatements, } from "better-auth/plugins/admin/access";

const statement = {
  ...defaultStatements,
} as const;

const ac = createAccessControl(statement);

const admin = ac.newRole({
  ...adminAc.statements,
})

const roles = {
  admin,
}

export {
  ac,
  roles,
}

import { createAccessControl } from "better-auth/plugins/access";
import { adminAc, defaultStatements, } from "better-auth/plugins/admin/access";

const statement = {
  ...defaultStatements,
} as const;

const ac = createAccessControl(statement);

const admin = ac.newRole({
  ...adminAc.statements,
})

const roles = {
  admin,
}

export {
  ac,
  roles,
}

app.post("/acl/roles", async (req, res) => {
  const { resourceName, actions } = req.body as ACL;

  const newRole = ac.newRole({
    [resourceName]: [...actions],
    ...adminAc.statements
  });

  // @ts-ignore
  roles[resourceName] = newRole;
  res.status(201).json(newRole);
})

app.post("/acl/roles", async (req, res) => {
  const { resourceName, actions } = req.body as ACL;

  const newRole = ac.newRole({
    [resourceName]: [...actions],
    ...adminAc.statements
  });

  // @ts-ignore
  roles[resourceName] = newRole;
  res.status(201).json(newRole);
})

=============== It works, but only as long as the server is up. Once we close the server its gone. Since, it is not being stored anywhere in the database, so I guess currently we cannot dynamically manage creating roles , permissions in Better Auth? @Ping

Ping•2d ago

So I guess currently we cannot dynamically manage creating roles , permissions in Better Auth?

Yeah I don't think so.

Once we close the server its gone. Since, it is not being stored anywhere in the database,

I guess the next step is to store it in the database 😁 I do think further consideration should be done regarding Better Auth natively supporting dynamic roles/perms. Wdyt @bekacru

ArifOP•2d ago

Yeah, can store them on DB but seems too much work. If Better Auth could provide a native api for this that would be awesome. I have another question regarding social login. I'll mention you in the thread, please take a look if you can. Thanks!

bekacru•2d ago

yeah we'll in the future

Gaming

Programming

Dynamically create Role and Permission.

Did you find this page helpful?