All files / src/lib organization-permissions.ts

0% Statements 0/30
0% Branches 0/1
0% Functions 0/1
0% Lines 0/30

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
import { createAccessControl } from "better-auth/plugins/access";
 
/**
 * Organization Access Control Configuration
 *
 * Defines resources, permissions, and roles for multi-tenant organizations
 * Used by Better Auth organization plugin for RBAC enforcement
 */
 
// Define all organization resources and their available permissions
export const statement = {
	// Snapshot management permissions
	snapshot: ["create", "read", "update", "delete", "restore"],
 
	// API key management permissions
	apiKey: ["create", "read", "revoke"],
 
	// Member management permissions
	member: ["invite", "remove", "update"],
 
	// Organization settings permissions
	organization: ["read", "update", "delete"],
 
	// Billing and subscription permissions
	billing: ["read", "update"],
 
	// Analytics and reporting permissions
	analytics: ["read"],
} as const;
 
// Create access control instance
export const ac = createAccessControl(statement);
 
/**
 * Member Role - Read-only access
 * Can view snapshots and analytics, create own snapshots
 */
export const member = ac.newRole({
	snapshot: ["create", "read", "restore"],
	analytics: ["read"],
});
 
/**
 * Admin Role - Management access
 * Can manage snapshots, API keys, invite members, view billing
 */
export const admin = ac.newRole({
	snapshot: ["create", "read", "update", "delete", "restore"],
	apiKey: ["create", "read", "revoke"],
	member: ["invite", "update"],
	organization: ["read", "update"],
	billing: ["read"],
	analytics: ["read"],
});
 
/**
 * Owner Role - Full access
 * Complete control over organization including deletion
 */
export const owner = ac.newRole({
	snapshot: ["create", "read", "update", "delete", "restore"],
	apiKey: ["create", "read", "revoke"],
	member: ["invite", "remove", "update"],
	organization: ["read", "update", "delete"],
	billing: ["read", "update"],
	analytics: ["read"],
});
 
Code coverage generated by istanbul at 2026-03-19T20:32:26.143Z