Skip to content

Commit 54d115b

Browse files
Copilothotlong
Copilot
and
hotlong
committed
Fix role definitions and update documentation
Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com>
1 parent e958451 commit 54d115b

File tree

2 files changed

+65
-60
lines changed

2 files changed

+65
-60
lines changed

packages/better-auth/README.md

Lines changed: 46 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ The organization plugin is enabled in the server's auth configuration:
3030
```typescript
3131
import { betterAuth } from "better-auth";
3232
import { organization } from "better-auth/plugins";
33+
import { role } from "better-auth/plugins/access";
3334

3435
const auth = betterAuth({
3536
database: pool,
@@ -43,28 +44,25 @@ const auth = betterAuth({
4344
teams: {
4445
enabled: true
4546
},
46-
// Define organization roles
47+
// Define organization roles with permissions
4748
roles: {
48-
owner: {
49-
name: 'Owner',
50-
permissions: ['*']
51-
},
52-
admin: {
53-
name: 'Admin',
54-
permissions: [
55-
'organization:read',
56-
'organization:update',
57-
'member:*',
58-
'invitation:*'
59-
]
60-
},
61-
member: {
62-
name: 'Member',
63-
permissions: [
64-
'organization:read',
65-
'member:read'
66-
]
67-
}
49+
owner: role({
50+
organization: ['create', 'read', 'update', 'delete'],
51+
member: ['create', 'read', 'update', 'delete'],
52+
invitation: ['create', 'read', 'delete'],
53+
team: ['create', 'read', 'update', 'delete']
54+
}),
55+
admin: role({
56+
organization: ['read', 'update'],
57+
member: ['create', 'read', 'update', 'delete'],
58+
invitation: ['create', 'read', 'delete'],
59+
team: ['create', 'read', 'update']
60+
}),
61+
member: role({
62+
organization: ['read'],
63+
member: ['read'],
64+
team: ['read']
65+
})
6866
}
6967
})
7068
]
@@ -117,21 +115,38 @@ When the organization plugin is enabled, Better-Auth provides the following endp
117115

118116
### Default Roles
119117

120-
- **owner** - Full access to all organization features
121-
- **admin** - Management access for members and invitations
118+
The organization plugin supports custom roles with fine-grained permissions:
119+
120+
- **owner** - Full access to all organization features (create, read, update, delete)
121+
- **admin** - Management access for members, invitations, and organization updates
122122
- **member** - Read-only access to organization and members
123123

124124
### Permission Format
125125

126-
Permissions follow the pattern: `resource:action`
126+
Roles are defined using the `role()` function from `better-auth/plugins/access`. Each role specifies which actions are allowed on different resources:
127+
128+
```typescript
129+
import { role } from "better-auth/plugins/access";
130+
131+
const ownerRole = role({
132+
organization: ['create', 'read', 'update', 'delete'],
133+
member: ['create', 'read', 'update', 'delete'],
134+
invitation: ['create', 'read', 'delete'],
135+
team: ['create', 'read', 'update', 'delete']
136+
});
137+
```
127138

128-
Examples:
129-
- `organization:read` - Read organization details
130-
- `organization:update` - Update organization
131-
- `member:create` - Add members
132-
- `member:delete` - Remove members
133-
- `invitation:create` - Create invitations
134-
- `*` - All permissions (owner only)
139+
Available resources:
140+
- `organization` - Organization management
141+
- `member` - Member management
142+
- `invitation` - Invitation management
143+
- `team` - Team management (when teams are enabled)
144+
145+
Available actions:
146+
- `create` - Create new resources
147+
- `read` - View resources
148+
- `update` - Modify existing resources
149+
- `delete` - Remove resources
135150

136151
## Schema Reference
137152

packages/server/src/auth/auth.client.ts

Lines changed: 19 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ export const getAuth = async () => {
66
if (authInstance) return authInstance;
77
const { betterAuth } = await import("better-auth");
88
const { organization } = await import("better-auth/plugins");
9+
const { role } = await import("better-auth/plugins/access");
910

1011
try {
1112
const pool = new Pool({
@@ -26,36 +27,25 @@ export const getAuth = async () => {
2627
teams: {
2728
enabled: true
2829
},
29-
// Define default organization roles
30+
// Define default organization roles with permissions
3031
roles: {
31-
owner: {
32-
name: 'Owner',
33-
description: 'Organization owner with full access',
34-
permissions: ['*']
35-
},
36-
admin: {
37-
name: 'Admin',
38-
description: 'Administrator with management access',
39-
permissions: [
40-
'organization:read',
41-
'organization:update',
42-
'member:create',
43-
'member:read',
44-
'member:update',
45-
'member:delete',
46-
'invitation:create',
47-
'invitation:read',
48-
'invitation:delete'
49-
]
50-
},
51-
member: {
52-
name: 'Member',
53-
description: 'Regular organization member',
54-
permissions: [
55-
'organization:read',
56-
'member:read'
57-
]
58-
}
32+
owner: role({
33+
organization: ['create', 'read', 'update', 'delete'],
34+
member: ['create', 'read', 'update', 'delete'],
35+
invitation: ['create', 'read', 'delete'],
36+
team: ['create', 'read', 'update', 'delete']
37+
}),
38+
admin: role({
39+
organization: ['read', 'update'],
40+
member: ['create', 'read', 'update', 'delete'],
41+
invitation: ['create', 'read', 'delete'],
42+
team: ['create', 'read', 'update']
43+
}),
44+
member: role({
45+
organization: ['read'],
46+
member: ['read'],
47+
team: ['read']
48+
})
5949
}
6050
})
6151
]

0 commit comments

Comments
 (0)