Vince
Vince
PostsComments
BABetter Auth
Created by Vince on 3/8/2025 in #bug-reports
organization.update does not error on missing permissions
The role check seems to work because the updates are not actually committed but the response indicates success when it should instead error because of missing permissions. 
const permissionResult = await authClient.organization.hasPermission({
  permission: {
    organization: ["update"]
  }
})
const permissionResult = await authClient.organization.hasPermission({
  permission: {
    organization: ["update"]
  }
})
will return 
{
  data: {
    {error: null, success: false}
  }, 
  error: null
}
{
  data: {
    {error: null, success: false}
  }, 
  error: null
}
which is expected and correct 
const updateResult = await authClient.organization.update({
  data: {
    name: "new org name"
  }
})
const updateResult = await authClient.organization.update({
  data: {
    name: "new org name"
  }
})
will return {data: null, error: null} which is wrong. It should error instead. It also takes the onSuccess path in the fetch options. This makes it difficult to properly manage feedback to the user This is a slimmed down version of my custom access control & roles: 
const statement = {
    ...defaultStatements,
    project: ["create", "update", "delete"],
} as const;

export const ac = createAccessControl(statement);

export const authRoles = {
    estimator: ac.newRole({
        ...memberAc.statements,
        project: ["update"],
    }),
    managingDirector: ac.newRole({
        ...adminAc.statements,
        organization: ["update"]
    })
} as const;
const statement = {
    ...defaultStatements,
    project: ["create", "update", "delete"],
} as const;

export const ac = createAccessControl(statement);

export const authRoles = {
    estimator: ac.newRole({
        ...memberAc.statements,
        project: ["update"],
    }),
    managingDirector: ac.newRole({
        ...adminAc.statements,
        organization: ["update"]
    })
} as const;
And this is a slimmed down version of the server config: 
const orgPluginConfig = organization({
    allowUserToCreateOrganization: false,
    organizationLimit: 1,
    creatorRole: authRoleNames.managingDirector,
    ac: ac,
    roles: authRoles,
});
const orgPluginConfig = organization({
    allowUserToCreateOrganization: false,
    organizationLimit: 1,
    creatorRole: authRoleNames.managingDirector,
    ac: ac,
    roles: authRoles,
});
3 replies