@sirketio/auth 0.0.1

package/dist/plugins/organization/organization.mjs

@@ -0,0 +1,428 @@
+import { getSessionFromCtx } from "../../api/routes/session.mjs";
+import "../../api/index.mjs";
+import { defaultRoles } from "./access/statement.mjs";
+import "./access/index.mjs";
+import { ORGANIZATION_ERROR_CODES } from "./error-codes.mjs";
+import { getOrgAdapter } from "./adapter.mjs";
+import { shimContext } from "../../utils/shim.mjs";
+import { orgSessionMiddleware } from "./call.mjs";
+import { hasPermission } from "./has-permission.mjs";
+import { createOrgRole, deleteOrgRole, getOrgRole, listOrgRoles, updateOrgRole } from "./routes/crud-access-control.mjs";
+import { acceptInvitation, cancelInvitation, createInvitation, getInvitation, listInvitations, listUserInvitations, rejectInvitation } from "./routes/crud-invites.mjs";
+import { addMember, getActiveMember, getActiveMemberRole, leaveOrganization, listMembers, removeMember, updateMemberRole } from "./routes/crud-members.mjs";
+import { checkOrganizationSlug, createOrganization, deleteOrganization, getFullOrganization, listOrganizations, setActiveOrganization, updateOrganization } from "./routes/crud-org.mjs";
+import { addTeamMember, createTeam, listOrganizationTeams, listTeamMembers, listUserTeams, removeTeam, removeTeamMember, setActiveTeam, updateTeam } from "./routes/crud-team.mjs";
+import { APIError } from "@better-auth/core/error";
+import { createAuthEndpoint } from "@better-auth/core/api";
+import * as z from "zod";
+
+//#region src/plugins/organization/organization.ts
+function parseRoles(roles) {
+	return Array.isArray(roles) ? roles.join(",") : roles;
+}
+const createHasPermissionBodySchema = z.object({ organizationId: z.string().optional() }).and(z.union([z.object({
+	permission: z.record(z.string(), z.array(z.string())),
+	permissions: z.undefined()
+}), z.object({
+	permission: z.undefined(),
+	permissions: z.record(z.string(), z.array(z.string()))
+})]));
+const createHasPermission = (options) => {
+	return createAuthEndpoint("/organization/has-permission", {
+		method: "POST",
+		requireHeaders: true,
+		body: createHasPermissionBodySchema,
+		use: [orgSessionMiddleware],
+		metadata: {
+			$Infer: { body: {} },
+			openapi: {
+				description: "Check if the user has permission",
+				requestBody: { content: { "application/json": { schema: {
+					type: "object",
+					properties: {
+						permission: {
+							type: "object",
+							description: "The permission to check",
+							deprecated: true
+						},
+						permissions: {
+							type: "object",
+							description: "The permission to check"
+						}
+					},
+					required: ["permissions"]
+				} } } },
+				responses: { "200": {
+					description: "Success",
+					content: { "application/json": { schema: {
+						type: "object",
+						properties: {
+							error: { type: "string" },
+							success: { type: "boolean" }
+						},
+						required: ["success"]
+					} } }
+				} }
+			}
+		}
+	}, async (ctx) => {
+		const activeOrganizationId = ctx.body.organizationId || ctx.context.session.session.activeOrganizationId;
+		if (!activeOrganizationId) throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION);
+		const member = await getOrgAdapter(ctx.context, options).findMemberByOrgId({
+			userId: ctx.context.session.user.id,
+			organizationId: activeOrganizationId
+		});
+		if (!member) throw APIError.from("UNAUTHORIZED", ORGANIZATION_ERROR_CODES.USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION);
+		const result = await hasPermission({
+			role: member.role,
+			options,
+			permissions: ctx.body.permissions,
+			organizationId: activeOrganizationId
+		}, ctx);
+		return ctx.json({
+			error: null,
+			success: result
+		});
+	});
+};
+function organization(options) {
+	const opts = options || {};
+	let endpoints = {
+		createOrganization: createOrganization(opts),
+		updateOrganization: updateOrganization(opts),
+		deleteOrganization: deleteOrganization(opts),
+		setActiveOrganization: setActiveOrganization(opts),
+		getFullOrganization: getFullOrganization(opts),
+		listOrganizations: listOrganizations(opts),
+		createInvitation: createInvitation(opts),
+		cancelInvitation: cancelInvitation(opts),
+		acceptInvitation: acceptInvitation(opts),
+		getInvitation: getInvitation(opts),
+		rejectInvitation: rejectInvitation(opts),
+		listInvitations: listInvitations(opts),
+		getActiveMember: getActiveMember(opts),
+		checkOrganizationSlug: checkOrganizationSlug(opts),
+		addMember: addMember(opts),
+		removeMember: removeMember(opts),
+		updateMemberRole: updateMemberRole(opts),
+		leaveOrganization: leaveOrganization(opts),
+		listUserInvitations: listUserInvitations(opts),
+		listMembers: listMembers(opts),
+		getActiveMemberRole: getActiveMemberRole(opts)
+	};
+	const teamSupport = opts.teams?.enabled;
+	const teamEndpoints = {
+		createTeam: createTeam(opts),
+		listOrganizationTeams: listOrganizationTeams(opts),
+		removeTeam: removeTeam(opts),
+		updateTeam: updateTeam(opts),
+		setActiveTeam: setActiveTeam(opts),
+		listUserTeams: listUserTeams(opts),
+		listTeamMembers: listTeamMembers(opts),
+		addTeamMember: addTeamMember(opts),
+		removeTeamMember: removeTeamMember(opts)
+	};
+	if (teamSupport) endpoints = {
+		...endpoints,
+		...teamEndpoints
+	};
+	const dynamicAccessControlEndpoints = {
+		createOrgRole: createOrgRole(opts),
+		deleteOrgRole: deleteOrgRole(opts),
+		listOrgRoles: listOrgRoles(opts),
+		getOrgRole: getOrgRole(opts),
+		updateOrgRole: updateOrgRole(opts)
+	};
+	if (opts.dynamicAccessControl?.enabled) endpoints = {
+		...endpoints,
+		...dynamicAccessControlEndpoints
+	};
+	const roles = {
+		...defaultRoles,
+		...opts.roles
+	};
+	const teamSchema = teamSupport ? {
+		team: {
+			modelName: opts.schema?.team?.modelName,
+			fields: {
+				name: {
+					type: "string",
+					required: true,
+					fieldName: opts.schema?.team?.fields?.name
+				},
+				organizationId: {
+					type: "string",
+					required: true,
+					references: {
+						model: "organization",
+						field: "id"
+					},
+					fieldName: opts.schema?.team?.fields?.organizationId,
+					index: true
+				},
+				createdAt: {
+					type: "date",
+					required: true,
+					fieldName: opts.schema?.team?.fields?.createdAt
+				},
+				updatedAt: {
+					type: "date",
+					required: false,
+					fieldName: opts.schema?.team?.fields?.updatedAt,
+					onUpdate: () => /* @__PURE__ */ new Date()
+				},
+				...opts.schema?.team?.additionalFields || {}
+			}
+		},
+		teamMember: {
+			modelName: opts.schema?.teamMember?.modelName,
+			fields: {
+				teamId: {
+					type: "string",
+					required: true,
+					references: {
+						model: "team",
+						field: "id"
+					},
+					fieldName: opts.schema?.teamMember?.fields?.teamId,
+					index: true
+				},
+				userId: {
+					type: "string",
+					required: true,
+					references: {
+						model: "user",
+						field: "id"
+					},
+					fieldName: opts.schema?.teamMember?.fields?.userId,
+					index: true
+				},
+				createdAt: {
+					type: "date",
+					required: false,
+					fieldName: opts.schema?.teamMember?.fields?.createdAt
+				}
+			}
+		}
+	} : {};
+	const organizationRoleSchema = opts.dynamicAccessControl?.enabled ? { organizationRole: {
+		fields: {
+			organizationId: {
+				type: "string",
+				required: true,
+				references: {
+					model: "organization",
+					field: "id"
+				},
+				fieldName: opts.schema?.organizationRole?.fields?.organizationId,
+				index: true
+			},
+			role: {
+				type: "string",
+				required: true,
+				fieldName: opts.schema?.organizationRole?.fields?.role,
+				index: true
+			},
+			permission: {
+				type: "string",
+				required: true,
+				fieldName: opts.schema?.organizationRole?.fields?.permission
+			},
+			createdAt: {
+				type: "date",
+				required: true,
+				defaultValue: () => /* @__PURE__ */ new Date(),
+				fieldName: opts.schema?.organizationRole?.fields?.createdAt
+			},
+			updatedAt: {
+				type: "date",
+				required: false,
+				fieldName: opts.schema?.organizationRole?.fields?.updatedAt,
+				onUpdate: () => /* @__PURE__ */ new Date()
+			},
+			...opts.schema?.organizationRole?.additionalFields || {}
+		},
+		modelName: opts.schema?.organizationRole?.modelName
+	} } : {};
+	const schema = {
+		organization: {
+			modelName: opts.schema?.organization?.modelName,
+			fields: {
+				name: {
+					type: "string",
+					required: true,
+					sortable: true,
+					fieldName: opts.schema?.organization?.fields?.name
+				},
+				slug: {
+					type: "string",
+					required: true,
+					unique: true,
+					sortable: true,
+					fieldName: opts.schema?.organization?.fields?.slug,
+					index: true
+				},
+				logo: {
+					type: "string",
+					required: false,
+					fieldName: opts.schema?.organization?.fields?.logo
+				},
+				createdAt: {
+					type: "date",
+					required: true,
+					fieldName: opts.schema?.organization?.fields?.createdAt
+				},
+				metadata: {
+					type: "string",
+					required: false,
+					fieldName: opts.schema?.organization?.fields?.metadata
+				},
+				...opts.schema?.organization?.additionalFields || {}
+			}
+		},
+		...organizationRoleSchema,
+		...teamSchema,
+		member: {
+			modelName: opts.schema?.member?.modelName,
+			fields: {
+				organizationId: {
+					type: "string",
+					required: true,
+					references: {
+						model: "organization",
+						field: "id"
+					},
+					fieldName: opts.schema?.member?.fields?.organizationId,
+					index: true
+				},
+				userId: {
+					type: "string",
+					required: true,
+					fieldName: opts.schema?.member?.fields?.userId,
+					references: {
+						model: "user",
+						field: "id"
+					},
+					index: true
+				},
+				role: {
+					type: "string",
+					required: true,
+					sortable: true,
+					defaultValue: "member",
+					fieldName: opts.schema?.member?.fields?.role
+				},
+				createdAt: {
+					type: "date",
+					required: true,
+					fieldName: opts.schema?.member?.fields?.createdAt
+				},
+				...opts.schema?.member?.additionalFields || {}
+			}
+		},
+		invitation: {
+			modelName: opts.schema?.invitation?.modelName,
+			fields: {
+				organizationId: {
+					type: "string",
+					required: true,
+					references: {
+						model: "organization",
+						field: "id"
+					},
+					fieldName: opts.schema?.invitation?.fields?.organizationId,
+					index: true
+				},
+				email: {
+					type: "string",
+					required: true,
+					sortable: true,
+					fieldName: opts.schema?.invitation?.fields?.email,
+					index: true
+				},
+				role: {
+					type: "string",
+					required: false,
+					sortable: true,
+					fieldName: opts.schema?.invitation?.fields?.role
+				},
+				...teamSupport ? { teamId: {
+					type: "string",
+					required: false,
+					sortable: true,
+					fieldName: opts.schema?.invitation?.fields?.teamId
+				} } : {},
+				status: {
+					type: "string",
+					required: true,
+					sortable: true,
+					defaultValue: "pending",
+					fieldName: opts.schema?.invitation?.fields?.status
+				},
+				expiresAt: {
+					type: "date",
+					required: true,
+					fieldName: opts.schema?.invitation?.fields?.expiresAt
+				},
+				createdAt: {
+					type: "date",
+					required: true,
+					fieldName: opts.schema?.invitation?.fields?.createdAt,
+					defaultValue: () => /* @__PURE__ */ new Date()
+				},
+				inviterId: {
+					type: "string",
+					references: {
+						model: "user",
+						field: "id"
+					},
+					fieldName: opts.schema?.invitation?.fields?.inviterId,
+					required: true
+				},
+				...opts.schema?.invitation?.additionalFields || {}
+			}
+		}
+	};
+	return {
+		id: "organization",
+		endpoints: {
+			...shimContext(endpoints, {
+				orgOptions: opts,
+				roles,
+				getSession: async (context) => {
+					return await getSessionFromCtx(context);
+				}
+			}),
+			hasPermission: createHasPermission(opts)
+		},
+		schema: {
+			...schema,
+			session: { fields: {
+				activeOrganizationId: {
+					type: "string",
+					required: false,
+					fieldName: opts.schema?.session?.fields?.activeOrganizationId
+				},
+				...teamSupport ? { activeTeamId: {
+					type: "string",
+					required: false,
+					fieldName: opts.schema?.session?.fields?.activeTeamId
+				} } : {}
+			} }
+		},
+		$Infer: {
+			Organization: {},
+			Invitation: {},
+			Member: {},
+			Team: teamSupport ? {} : {},
+			TeamMember: teamSupport ? {} : {},
+			ActiveOrganization: {}
+		},
+		$ERROR_CODES: ORGANIZATION_ERROR_CODES,
+		options: opts
+	};
+}
+
+//#endregion
+export { organization, parseRoles };
+//# sourceMappingURL=organization.mjs.map

package/dist/plugins/organization/organization.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"organization.mjs","names":[],"sources":["../../../src/plugins/organization/organization.ts"],"sourcesContent":["import type { AuthContext, BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport type { BetterAuthPluginDBSchema } from \"@better-auth/core/db\";\nimport { APIError } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api\";\nimport { shimContext } from \"../../utils/shim\";\nimport type { AccessControl } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { defaultRoles } from \"./access\";\nimport { getOrgAdapter } from \"./adapter\";\nimport { orgSessionMiddleware } from \"./call\";\nimport { ORGANIZATION_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\nimport {\n\tcreateOrgRole,\n\tdeleteOrgRole,\n\tgetOrgRole,\n\tlistOrgRoles,\n\tupdateOrgRole,\n} from \"./routes/crud-access-control\";\nimport {\n\tacceptInvitation,\n\tcancelInvitation,\n\tcreateInvitation,\n\tgetInvitation,\n\tlistInvitations,\n\tlistUserInvitations,\n\trejectInvitation,\n} from \"./routes/crud-invites\";\nimport {\n\taddMember,\n\tgetActiveMember,\n\tgetActiveMemberRole,\n\tleaveOrganization,\n\tlistMembers,\n\tremoveMember,\n\tupdateMemberRole,\n} from \"./routes/crud-members\";\nimport {\n\tcheckOrganizationSlug,\n\tcreateOrganization,\n\tdeleteOrganization,\n\tgetFullOrganization,\n\tlistOrganizations,\n\tsetActiveOrganization,\n\tupdateOrganization,\n} from \"./routes/crud-org\";\nimport {\n\taddTeamMember,\n\tcreateTeam,\n\tlistOrganizationTeams,\n\tlistTeamMembers,\n\tlistUserTeams,\n\tremoveTeam,\n\tremoveTeamMember,\n\tsetActiveTeam,\n\tupdateTeam,\n} from \"./routes/crud-team\";\nimport type {\n\tInferInvitation,\n\tInferMember,\n\tInferOrganization,\n\tInferTeam,\n\tOrganizationSchema,\n\tTeam,\n\tTeamMember,\n} from \"./schema\";\nimport type { OrganizationOptions } from \"./types\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\torganization: {\n\t\t\tcreator: OrganizationCreator;\n\t\t};\n\t}\n}\n\nexport type DefaultOrganizationPlugin<Options extends OrganizationOptions> = {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<Options>;\n\tschema: OrganizationSchema<Options>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<Options>;\n\t\tInvitation: InferInvitation<Options>;\n\t\tMember: InferMember<Options>;\n\t\tTeam: Options[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: Options[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: Options[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<Options, false>[];\n\t\t\t\t\tinvitations: InferInvitation<Options, false>[];\n\t\t\t\t\tteams: InferTeam<Options, false>[];\n\t\t\t\t} & InferOrganization<Options, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<Options, false>[];\n\t\t\t\t\tinvitations: InferInvitation<Options, false>[];\n\t\t\t\t} & InferOrganization<Options, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<Options>;\n};\n\nexport interface OrganizationCreator {\n\t<Options extends OrganizationOptions>(\n\t\toptions?: Options | undefined,\n\t): DefaultOrganizationPlugin<Options>;\n}\n\nexport function parseRoles(roles: string | string[]): string {\n\treturn Array.isArray(roles) ? roles.join(\",\") : roles;\n}\n\nexport type DynamicAccessControlEndpoints<O extends OrganizationOptions> = {\n\tcreateOrgRole: ReturnType<typeof createOrgRole<O>>;\n\tdeleteOrgRole: ReturnType<typeof deleteOrgRole<O>>;\n\tlistOrgRoles: ReturnType<typeof listOrgRoles<O>>;\n\tgetOrgRole: ReturnType<typeof getOrgRole<O>>;\n\tupdateOrgRole: ReturnType<typeof updateOrgRole<O>>;\n};\n\nexport type TeamEndpoints<O extends OrganizationOptions> = {\n\tcreateTeam: ReturnType<typeof createTeam<O>>;\n\tlistOrganizationTeams: ReturnType<typeof listOrganizationTeams<O>>;\n\tremoveTeam: ReturnType<typeof removeTeam<O>>;\n\tupdateTeam: ReturnType<typeof updateTeam<O>>;\n\tsetActiveTeam: ReturnType<typeof setActiveTeam<O>>;\n\tlistUserTeams: ReturnType<typeof listUserTeams<O>>;\n\tlistTeamMembers: ReturnType<typeof listTeamMembers<O>>;\n\taddTeamMember: ReturnType<typeof addTeamMember<O>>;\n\tremoveTeamMember: ReturnType<typeof removeTeamMember<O>>;\n};\n\nexport type OrganizationEndpoints<O extends OrganizationOptions> = {\n\tcreateOrganization: ReturnType<typeof createOrganization<O>>;\n\tupdateOrganization: ReturnType<typeof updateOrganization<O>>;\n\tdeleteOrganization: ReturnType<typeof deleteOrganization<O>>;\n\tsetActiveOrganization: ReturnType<typeof setActiveOrganization<O>>;\n\tgetFullOrganization: ReturnType<typeof getFullOrganization<O>>;\n\tlistOrganizations: ReturnType<typeof listOrganizations<O>>;\n\tcreateInvitation: ReturnType<typeof createInvitation<O>>;\n\tcancelInvitation: ReturnType<typeof cancelInvitation<O>>;\n\tacceptInvitation: ReturnType<typeof acceptInvitation<O>>;\n\tgetInvitation: ReturnType<typeof getInvitation<O>>;\n\trejectInvitation: ReturnType<typeof rejectInvitation<O>>;\n\tlistInvitations: ReturnType<typeof listInvitations<O>>;\n\tgetActiveMember: ReturnType<typeof getActiveMember<O>>;\n\tcheckOrganizationSlug: ReturnType<typeof checkOrganizationSlug<O>>;\n\taddMember: ReturnType<typeof addMember<O>>;\n\tremoveMember: ReturnType<typeof removeMember<O>>;\n\tupdateMemberRole: ReturnType<typeof updateMemberRole<O>>;\n\tleaveOrganization: ReturnType<typeof leaveOrganization<O>>;\n\tlistUserInvitations: ReturnType<typeof listUserInvitations<O>>;\n\tlistMembers: ReturnType<typeof listMembers<O>>;\n\tgetActiveMemberRole: ReturnType<typeof getActiveMemberRole<O>>;\n\thasPermission: ReturnType<typeof createHasPermission<O>>;\n};\n\nconst createHasPermissionBodySchema = z\n\t.object({\n\t\torganizationId: z.string().optional(),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\tpermissions: z.undefined(),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\tpermission: z.undefined(),\n\t\t\t\tpermissions: z.record(z.string(), z.array(z.string())),\n\t\t\t}),\n\t\t]),\n\t);\n\nconst createHasPermission = <O extends OrganizationOptions>(options: O) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key][number]\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\treturn createAuthEndpoint(\n\t\t\"/organization/has-permission\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\trequireHeaders: true,\n\t\t\tbody: createHasPermissionBodySchema,\n\t\t\tuse: [orgSessionMiddleware],\n\t\t\tmetadata: {\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as PermissionExclusive & {\n\t\t\t\t\t\torganizationId?: string | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Check if the user has permission\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tpermission: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t\tdeprecated: true,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"permissions\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"success\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst activeOrganizationId =\n\t\t\t\tctx.body.organizationId ||\n\t\t\t\tctx.context.session.session.activeOrganizationId;\n\t\t\tif (!activeOrganizationId) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst adapter = getOrgAdapter<O>(ctx.context, options);\n\t\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\torganizationId: activeOrganizationId,\n\t\t\t});\n\t\t\tif (!member) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst result = await hasPermission(\n\t\t\t\t{\n\t\t\t\t\trole: member.role,\n\t\t\t\t\toptions: options,\n\t\t\t\t\tpermissions: ctx.body.permissions as any,\n\t\t\t\t\torganizationId: activeOrganizationId,\n\t\t\t\t},\n\t\t\t\tctx,\n\t\t\t);\n\n\t\t\treturn ctx.json({\n\t\t\t\terror: null,\n\t\t\t\tsuccess: result,\n\t\t\t});\n\t\t},\n\t);\n};\n\nexport type OrganizationPlugin<O extends OrganizationOptions> = {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> &\n\t\t(O extends { teams: { enabled: true } } ? TeamEndpoints<O> : {}) &\n\t\t(O extends { dynamicAccessControl: { enabled: true } }\n\t\t\t? DynamicAccessControlEndpoints<O>\n\t\t\t: {});\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\n\n/**\n * Organization plugin for Better Auth. Organization allows you to create teams, members,\n * and manage access control for your users.\n *\n * @example\n * ```ts\n * const auth = sirketioAuth({\n *  plugins: [\n *    organization({\n *      allowUserToCreateOrganization: true,\n *    }),\n *  ],\n * });\n * ```\n */\nexport function organization<\n\tO extends OrganizationOptions & {\n\t\tteams: { enabled: true };\n\t\tdynamicAccessControl?:\n\t\t\t| {\n\t\t\t\t\tenabled?: false | undefined;\n\t\t\t  }\n\t\t\t| undefined;\n\t},\n>(\n\toptions?: O | undefined,\n): {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> & TeamEndpoints<O>;\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\nexport function organization<\n\tO extends OrganizationOptions & {\n\t\tteams: { enabled: true };\n\t\tdynamicAccessControl: { enabled: true };\n\t},\n>(\n\toptions?: O | undefined,\n): {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> &\n\t\tTeamEndpoints<O> &\n\t\tDynamicAccessControlEndpoints<O>;\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\nexport function organization<\n\tO extends OrganizationOptions & {\n\t\tdynamicAccessControl: { enabled: true };\n\t\tteams?: { enabled?: false | undefined } | undefined;\n\t},\n>(\n\toptions?: O | undefined,\n): {\n\tid: \"organization\";\n\tendpoints: OrganizationEndpoints<O> & DynamicAccessControlEndpoints<O>;\n\tschema: OrganizationSchema<O>;\n\t$Infer: {\n\t\tOrganization: InferOrganization<O>;\n\t\tInvitation: InferInvitation<O>;\n\t\tMember: InferMember<O>;\n\t\tTeam: O[\"teams\"] extends { enabled: true } ? Team : never;\n\t\tTeamMember: O[\"teams\"] extends { enabled: true } ? TeamMember : never;\n\t\tActiveOrganization: O[\"teams\"] extends { enabled: true }\n\t\t\t? {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>\n\t\t\t: {\n\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t} & InferOrganization<O, false>;\n\t};\n\t$ERROR_CODES: typeof ORGANIZATION_ERROR_CODES;\n\toptions: NoInfer<O>;\n};\nexport function organization<O extends OrganizationOptions>(\n\toptions?: O | undefined,\n): DefaultOrganizationPlugin<O>;\nexport function organization<O extends OrganizationOptions>(options?: O) {\n\tconst opts = (options || {}) as O;\n\tlet endpoints = {\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/create`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.createOrganization`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.create`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-create)\n\t\t */\n\t\tcreateOrganization: createOrganization(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/update`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.updateOrganization`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.update`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-update)\n\t\t */\n\t\tupdateOrganization: updateOrganization(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/delete`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.deleteOrganization`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.delete`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-delete)\n\t\t */\n\t\tdeleteOrganization: deleteOrganization(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/set-active`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.setActiveOrganization`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.setActive`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-set-active)\n\t\t */\n\t\tsetActiveOrganization: setActiveOrganization(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * GET `/organization/get-full-organization`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.getFullOrganization`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.getFullOrganization`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-full-organization)\n\t\t */\n\t\tgetFullOrganization: getFullOrganization(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * GET `/organization/list`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.listOrganizations`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.list`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-list)\n\t\t */\n\t\tlistOrganizations: listOrganizations(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/invite-member`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.createInvitation`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.inviteMember`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-invite-member)\n\t\t */\n\t\tcreateInvitation: createInvitation(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/cancel-invitation`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.cancelInvitation`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.cancelInvitation`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-cancel-invitation)\n\t\t */\n\t\tcancelInvitation: cancelInvitation(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/accept-invitation`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.acceptInvitation`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.acceptInvitation`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-accept-invitation)\n\t\t */\n\t\tacceptInvitation: acceptInvitation(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * GET `/organization/get-invitation`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.getInvitation`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.getInvitation`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-invitation)\n\t\t */\n\t\tgetInvitation: getInvitation(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/reject-invitation`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.rejectInvitation`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.rejectInvitation`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-reject-invitation)\n\t\t */\n\t\trejectInvitation: rejectInvitation(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * GET `/organization/list-invitations`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.listInvitations`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.listInvitations`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-list-invitations)\n\t\t */\n\t\tlistInvitations: listInvitations(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * GET `/organization/get-active-member`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.getActiveMember`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.getActiveMember`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-active-member)\n\t\t */\n\t\tgetActiveMember: getActiveMember(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/check-slug`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.checkOrganizationSlug`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.checkSlug`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-check-slug)\n\t\t */\n\t\tcheckOrganizationSlug: checkOrganizationSlug(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/add-member`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.addMember`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-add-member)\n\t\t */\n\n\t\taddMember: addMember<O>(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/remove-member`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.removeMember`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.removeMember`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-remove-member)\n\t\t */\n\t\tremoveMember: removeMember(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/update-member-role`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.updateMemberRole`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.updateMemberRole`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-update-member-role)\n\t\t */\n\t\tupdateMemberRole: updateMemberRole(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/leave`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.leaveOrganization`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.leave`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-leave)\n\t\t */\n\t\tleaveOrganization: leaveOrganization(opts),\n\t\tlistUserInvitations: listUserInvitations(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * GET `/organization/list-members`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.listMembers`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.listMembers`\n\t\t */\n\t\tlistMembers: listMembers(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * GET `/organization/get-active-member-role`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.getActiveMemberRole`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.getActiveMemberRole`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-get-active-member-role)\n\t\t */\n\t\tgetActiveMemberRole: getActiveMemberRole(opts),\n\t};\n\tconst teamSupport = opts.teams?.enabled;\n\tconst teamEndpoints = {\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/create-team`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.createTeam`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.createTeam`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-create-team)\n\t\t */\n\t\tcreateTeam: createTeam(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * GET `/organization/list-teams`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.listOrganizationTeams`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.listTeams`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-list-teams)\n\t\t */\n\t\tlistOrganizationTeams: listOrganizationTeams(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/remove-team`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.removeTeam`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.removeTeam`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-remove-team)\n\t\t */\n\t\tremoveTeam: removeTeam(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/update-team`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.updateTeam`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.updateTeam`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-method-organization-update-team)\n\t\t */\n\t\tupdateTeam: updateTeam(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/set-active-team`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.setActiveTeam`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.setActiveTeam`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-set-active-team)\n\t\t */\n\t\tsetActiveTeam: setActiveTeam(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * GET `/organization/list-user-teams`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.listUserTeams`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.listUserTeams`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-set-active-team)\n\t\t */\n\t\tlistUserTeams: listUserTeams(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/list-team-members`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.listTeamMembers`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.listTeamMembers`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-set-active-team)\n\t\t */\n\t\tlistTeamMembers: listTeamMembers(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/add-team-member`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.addTeamMember`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.addTeamMember`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-add-team-member)\n\t\t */\n\t\taddTeamMember: addTeamMember(opts),\n\t\t/**\n\t\t * ### Endpoint\n\t\t *\n\t\t * POST `/organization/remove-team-member`\n\t\t *\n\t\t * ### API Methods\n\t\t *\n\t\t * **server:**\n\t\t * `auth.api.removeTeamMember`\n\t\t *\n\t\t * **client:**\n\t\t * `authClient.organization.removeTeamMember`\n\t\t *\n\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/organization#api-remove-team-member)\n\t\t */\n\t\tremoveTeamMember: removeTeamMember(opts),\n\t};\n\tif (teamSupport) {\n\t\tendpoints = {\n\t\t\t...endpoints,\n\t\t\t...teamEndpoints,\n\t\t};\n\t}\n\n\tconst dynamicAccessControlEndpoints = {\n\t\tcreateOrgRole: createOrgRole(opts),\n\t\tdeleteOrgRole: deleteOrgRole(opts),\n\t\tlistOrgRoles: listOrgRoles(opts),\n\t\tgetOrgRole: getOrgRole(opts),\n\t\tupdateOrgRole: updateOrgRole(opts),\n\t};\n\tif (opts.dynamicAccessControl?.enabled) {\n\t\tendpoints = {\n\t\t\t...endpoints,\n\t\t\t...dynamicAccessControlEndpoints,\n\t\t};\n\t}\n\tconst roles = {\n\t\t...defaultRoles,\n\t\t...opts.roles,\n\t};\n\n\t// Build team schema in a way that never introduces undefined values when spreading\n\tconst teamSchema = teamSupport\n\t\t? ({\n\t\t\t\tteam: {\n\t\t\t\t\tmodelName: opts.schema?.team?.modelName,\n\t\t\t\t\tfields: {\n\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.name,\n\t\t\t\t\t\t},\n\t\t\t\t\t\torganizationId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.organizationId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.createdAt,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\tfieldName: opts.schema?.team?.fields?.updatedAt,\n\t\t\t\t\t\t\tonUpdate: () => new Date(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t...(opts.schema?.team?.additionalFields || {}),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tteamMember: {\n\t\t\t\t\tmodelName: opts.schema?.teamMember?.modelName,\n\t\t\t\t\tfields: {\n\t\t\t\t\t\tteamId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"team\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.teamMember?.fields?.teamId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tuserId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.teamMember?.fields?.userId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\tfieldName: opts.schema?.teamMember?.fields?.createdAt,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t} satisfies BetterAuthPluginDBSchema)\n\t\t: {};\n\n\tconst organizationRoleSchema = opts.dynamicAccessControl?.enabled\n\t\t? ({\n\t\t\t\torganizationRole: {\n\t\t\t\t\tfields: {\n\t\t\t\t\t\torganizationId: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.organizationId,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\trole: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.role,\n\t\t\t\t\t\t\tindex: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tpermission: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.permission,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\t\tdefaultValue: () => new Date(),\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.createdAt,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\tfieldName: opts.schema?.organizationRole?.fields?.updatedAt,\n\t\t\t\t\t\t\tonUpdate: () => new Date(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t...(opts.schema?.organizationRole?.additionalFields || {}),\n\t\t\t\t\t},\n\t\t\t\t\tmodelName: opts.schema?.organizationRole?.modelName,\n\t\t\t\t},\n\t\t\t} satisfies BetterAuthPluginDBSchema)\n\t\t: {};\n\n\tconst schema = {\n\t\t...({\n\t\t\torganization: {\n\t\t\t\tmodelName: opts.schema?.organization?.modelName,\n\t\t\t\tfields: {\n\t\t\t\t\tname: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.name,\n\t\t\t\t\t},\n\t\t\t\t\tslug: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tunique: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.slug,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\tlogo: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.logo,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.createdAt,\n\t\t\t\t\t},\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tfieldName: opts.schema?.organization?.fields?.metadata,\n\t\t\t\t\t},\n\t\t\t\t\t...(opts.schema?.organization?.additionalFields || {}),\n\t\t\t\t},\n\t\t\t},\n\t\t} satisfies BetterAuthPluginDBSchema),\n\t\t...organizationRoleSchema,\n\t\t...teamSchema,\n\t\t...({\n\t\t\tmember: {\n\t\t\t\tmodelName: opts.schema?.member?.modelName,\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.organizationId,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\tuserId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.userId,\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tdefaultValue: \"member\",\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.role,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.member?.fields?.createdAt,\n\t\t\t\t\t},\n\t\t\t\t\t...(opts.schema?.member?.additionalFields || {}),\n\t\t\t\t},\n\t\t\t},\n\t\t\tinvitation: {\n\t\t\t\tmodelName: opts.schema?.invitation?.modelName,\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.organizationId,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\temail: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.email,\n\t\t\t\t\t\tindex: true,\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.role,\n\t\t\t\t\t},\n\t\t\t\t\t...(teamSupport\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tteamId: {\n\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.teamId,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: {}),\n\t\t\t\t\tstatus: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tsortable: true,\n\t\t\t\t\t\tdefaultValue: \"pending\",\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.status,\n\t\t\t\t\t},\n\t\t\t\t\texpiresAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.expiresAt,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.createdAt,\n\t\t\t\t\t\tdefaultValue: () => new Date(),\n\t\t\t\t\t},\n\t\t\t\t\tinviterId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tfieldName: opts.schema?.invitation?.fields?.inviterId,\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\t...(opts.schema?.invitation?.additionalFields || {}),\n\t\t\t\t},\n\t\t\t},\n\t\t} satisfies BetterAuthPluginDBSchema),\n\t};\n\n\t/**\n\t * the orgMiddleware type-asserts an empty object representing org options, roles, and a getSession function.\n\t * This `shimContext` function is used to add those missing properties to the context object.\n\t */\n\tconst api = shimContext(endpoints, {\n\t\torgOptions: opts,\n\t\troles,\n\t\tgetSession: async (context: AuthContext) => {\n\t\t\t//@ts-expect-error\n\t\t\treturn await getSessionFromCtx(context);\n\t\t},\n\t});\n\n\treturn {\n\t\tid: \"organization\",\n\t\tendpoints: {\n\t\t\t...(api as OrganizationEndpoints<O>),\n\t\t\thasPermission: createHasPermission(opts),\n\t\t},\n\t\tschema: {\n\t\t\t...(schema as BetterAuthPluginDBSchema),\n\t\t\tsession: {\n\t\t\t\tfields: {\n\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tfieldName: opts.schema?.session?.fields?.activeOrganizationId,\n\t\t\t\t\t},\n\t\t\t\t\t...(teamSupport\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tactiveTeamId: {\n\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\t\t\tfieldName: opts.schema?.session?.fields?.activeTeamId,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: {}),\n\t\t\t\t} as unknown as O[\"teams\"] extends {\n\t\t\t\t\tenabled: true;\n\t\t\t\t}\n\t\t\t\t\t? {\n\t\t\t\t\t\t\tactiveTeamId: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t}\n\t\t\t\t\t: {\n\t\t\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\t$Infer: {\n\t\t\tOrganization: {} as InferOrganization<O>,\n\t\t\tInvitation: {} as InferInvitation<O>,\n\t\t\tMember: {} as InferMember<O>,\n\t\t\tTeam: teamSupport ? ({} as Team) : ({} as never),\n\t\t\tTeamMember: teamSupport ? ({} as TeamMember) : ({} as never),\n\t\t\tActiveOrganization: {} as O[\"teams\"] extends { enabled: true }\n\t\t\t\t? {\n\t\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\t\tteams: InferTeam<O, false>[];\n\t\t\t\t\t} & InferOrganization<O, false>\n\t\t\t\t: {\n\t\t\t\t\t\tmembers: InferMember<O, false>[];\n\t\t\t\t\t\tinvitations: InferInvitation<O, false>[];\n\t\t\t\t\t} & InferOrganization<O, false>,\n\t\t},\n\t\t$ERROR_CODES: ORGANIZATION_ERROR_CODES,\n\t\toptions: opts as NoInfer<O>,\n\t} satisfies BetterAuthPlugin;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AA6GA,SAAgB,WAAW,OAAkC;AAC5D,QAAO,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,IAAI,GAAG;;AAgDjD,MAAM,gCAAgC,EACpC,OAAO,EACP,gBAAgB,EAAE,QAAQ,CAAC,UAAU,EACrC,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO;CACR,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrD,aAAa,EAAE,WAAW;CAC1B,CAAC,EACF,EAAE,OAAO;CACR,YAAY,EAAE,WAAW;CACzB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACtD,CAAC,CACF,CAAC,CACF;AAEF,MAAM,uBAAsD,YAAe;AAe1E,QAAO,mBACN,gCACA;EACC,QAAQ;EACR,gBAAgB;EAChB,MAAM;EACN,KAAK,CAAC,qBAAqB;EAC3B,UAAU;GACT,QAAQ,EACP,MAAM,EAAE,EAGR;GACD,SAAS;IACR,aAAa;IACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,YAAY;OACX,MAAM;OACN,aAAa;OACb,YAAY;OACZ;MACD,aAAa;OACZ,MAAM;OACN,aAAa;OACb;MACD;KACD,UAAU,CAAC,cAAc;KACzB,EACD,EACD,EACD;IACD,WAAW,EACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO,EACN,MAAM,UACN;OACD,SAAS,EACR,MAAM,WACN;OACD;MACD,UAAU,CAAC,UAAU;MACrB,EACD,EACD;KACD,EACD;IACD;GACD;EACD,EACD,OAAO,QAAQ;EACd,MAAM,uBACL,IAAI,KAAK,kBACT,IAAI,QAAQ,QAAQ,QAAQ;AAC7B,MAAI,CAAC,qBACJ,OAAM,SAAS,KACd,eACA,yBAAyB,uBACzB;EAGF,MAAM,SAAS,MADC,cAAiB,IAAI,SAAS,QAAQ,CACzB,kBAAkB;GAC9C,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,gBAAgB;GAChB,CAAC;AACF,MAAI,CAAC,OACJ,OAAM,SAAS,KACd,gBACA,yBAAyB,yCACzB;EAEF,MAAM,SAAS,MAAM,cACpB;GACC,MAAM,OAAO;GACJ;GACT,aAAa,IAAI,KAAK;GACtB,gBAAgB;GAChB,EACD,IACA;AAED,SAAO,IAAI,KAAK;GACf,OAAO;GACP,SAAS;GACT,CAAC;GAEH;;AAqJF,SAAgB,aAA4C,SAAa;CACxE,MAAM,OAAQ,WAAW,EAAE;CAC3B,IAAI,YAAY;EAgBf,oBAAoB,mBAAmB,KAAK;EAgB5C,oBAAoB,mBAAmB,KAAK;EAgB5C,oBAAoB,mBAAmB,KAAK;EAgB5C,uBAAuB,sBAAsB,KAAK;EAgBlD,qBAAqB,oBAAoB,KAAK;EAgB9C,mBAAmB,kBAAkB,KAAK;EAgB1C,kBAAkB,iBAAiB,KAAK;EAgBxC,kBAAkB,iBAAiB,KAAK;EAgBxC,kBAAkB,iBAAiB,KAAK;EAgBxC,eAAe,cAAc,KAAK;EAgBlC,kBAAkB,iBAAiB,KAAK;EAgBxC,iBAAiB,gBAAgB,KAAK;EAgBtC,iBAAiB,gBAAgB,KAAK;EAgBtC,uBAAuB,sBAAsB,KAAK;EAclD,WAAW,UAAa,KAAK;EAgB7B,cAAc,aAAa,KAAK;EAgBhC,kBAAkB,iBAAiB,KAAK;EAgBxC,mBAAmB,kBAAkB,KAAK;EAC1C,qBAAqB,oBAAoB,KAAK;EAc9C,aAAa,YAAY,KAAK;EAgB9B,qBAAqB,oBAAoB,KAAK;EAC9C;CACD,MAAM,cAAc,KAAK,OAAO;CAChC,MAAM,gBAAgB;EAgBrB,YAAY,WAAW,KAAK;EAgB5B,uBAAuB,sBAAsB,KAAK;EAgBlD,YAAY,WAAW,KAAK;EAgB5B,YAAY,WAAW,KAAK;EAgB5B,eAAe,cAAc,KAAK;EAgBlC,eAAe,cAAc,KAAK;EAgBlC,iBAAiB,gBAAgB,KAAK;EAgBtC,eAAe,cAAc,KAAK;EAgBlC,kBAAkB,iBAAiB,KAAK;EACxC;AACD,KAAI,YACH,aAAY;EACX,GAAG;EACH,GAAG;EACH;CAGF,MAAM,gCAAgC;EACrC,eAAe,cAAc,KAAK;EAClC,eAAe,cAAc,KAAK;EAClC,cAAc,aAAa,KAAK;EAChC,YAAY,WAAW,KAAK;EAC5B,eAAe,cAAc,KAAK;EAClC;AACD,KAAI,KAAK,sBAAsB,QAC9B,aAAY;EACX,GAAG;EACH,GAAG;EACH;CAEF,MAAM,QAAQ;EACb,GAAG;EACH,GAAG,KAAK;EACR;CAGD,MAAM,aAAa,cACf;EACD,MAAM;GACL,WAAW,KAAK,QAAQ,MAAM;GAC9B,QAAQ;IACP,MAAM;KACL,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC;IACD,gBAAgB;KACf,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC,OAAO;KACP;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,MAAM,QAAQ;KACtC,gCAAgB,IAAI,MAAM;KAC1B;IACD,GAAI,KAAK,QAAQ,MAAM,oBAAoB,EAAE;IAC7C;GACD;EACD,YAAY;GACX,WAAW,KAAK,QAAQ,YAAY;GACpC,QAAQ;IACP,QAAQ;KACP,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,QAAQ;KACP,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD;GACD;EACD,GACA,EAAE;CAEL,MAAM,yBAAyB,KAAK,sBAAsB,UACtD,EACD,kBAAkB;EACjB,QAAQ;GACP,gBAAgB;IACf,MAAM;IACN,UAAU;IACV,YAAY;KACX,OAAO;KACP,OAAO;KACP;IACD,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD,OAAO;IACP;GACD,MAAM;IACL,MAAM;IACN,UAAU;IACV,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD,OAAO;IACP;GACD,YAAY;IACX,MAAM;IACN,UAAU;IACV,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD;GACD,WAAW;IACV,MAAM;IACN,UAAU;IACV,oCAAoB,IAAI,MAAM;IAC9B,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD;GACD,WAAW;IACV,MAAM;IACN,UAAU;IACV,WAAW,KAAK,QAAQ,kBAAkB,QAAQ;IAClD,gCAAgB,IAAI,MAAM;IAC1B;GACD,GAAI,KAAK,QAAQ,kBAAkB,oBAAoB,EAAE;GACzD;EACD,WAAW,KAAK,QAAQ,kBAAkB;EAC1C,EACD,GACA,EAAE;CAEL,MAAM,SAAS;EAEb,cAAc;GACb,WAAW,KAAK,QAAQ,cAAc;GACtC,QAAQ;IACP,MAAM;KACL,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,QAAQ;KACR,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C,OAAO;KACP;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,UAAU;KACT,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,cAAc,QAAQ;KAC9C;IACD,GAAI,KAAK,QAAQ,cAAc,oBAAoB,EAAE;IACrD;GACD;EAEF,GAAG;EACH,GAAG;EAEF,QAAQ;GACP,WAAW,KAAK,QAAQ,QAAQ;GAChC,QAAQ;IACP,gBAAgB;KACf,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC,OAAO;KACP;IACD,QAAQ;KACP,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,OAAO;KACP;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,UAAU;KACV,cAAc;KACd,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,QAAQ,QAAQ;KACxC;IACD,GAAI,KAAK,QAAQ,QAAQ,oBAAoB,EAAE;IAC/C;GACD;EACD,YAAY;GACX,WAAW,KAAK,QAAQ,YAAY;GACpC,QAAQ;IACP,gBAAgB;KACf,MAAM;KACN,UAAU;KACV,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,OAAO;KACN,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,OAAO;KACP;IACD,MAAM;KACL,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD,GAAI,cACD,EACA,QAAQ;KACP,MAAM;KACN,UAAU;KACV,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,EACD,GACA,EAAE;IACL,QAAQ;KACP,MAAM;KACN,UAAU;KACV,UAAU;KACV,cAAc;KACd,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C;IACD,WAAW;KACV,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,oCAAoB,IAAI,MAAM;KAC9B;IACD,WAAW;KACV,MAAM;KACN,YAAY;MACX,OAAO;MACP,OAAO;MACP;KACD,WAAW,KAAK,QAAQ,YAAY,QAAQ;KAC5C,UAAU;KACV;IACD,GAAI,KAAK,QAAQ,YAAY,oBAAoB,EAAE;IACnD;GACD;EAEF;AAeD,QAAO;EACN,IAAI;EACJ,WAAW;GACV,GAZU,YAAY,WAAW;IAClC,YAAY;IACZ;IACA,YAAY,OAAO,YAAyB;AAE3C,YAAO,MAAM,kBAAkB,QAAQ;;IAExC,CAAC;GAMA,eAAe,oBAAoB,KAAK;GACxC;EACD,QAAQ;GACP,GAAI;GACJ,SAAS,EACR,QAAQ;IACP,sBAAsB;KACrB,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,SAAS,QAAQ;KACzC;IACD,GAAI,cACD,EACA,cAAc;KACb,MAAM;KACN,UAAU;KACV,WAAW,KAAK,QAAQ,SAAS,QAAQ;KACzC,EACD,GACA,EAAE;IACL,EAmBD;GACD;EACD,QAAQ;GACP,cAAc,EAAE;GAChB,YAAY,EAAE;GACd,QAAQ,EAAE;GACV,MAAM,cAAe,EAAE,GAAa,EAAE;GACtC,YAAY,cAAe,EAAE,GAAmB,EAAE;GAClD,oBAAoB,EAAE;GAUtB;EACD,cAAc;EACd,SAAS;EACT"}

package/dist/plugins/organization/permission.d.mts

@@ -0,0 +1,17 @@
+import "../access/index.mjs";
+import { OrganizationOptions } from "./types.mjs";
+
+//#region src/plugins/organization/permission.d.ts
+type PermissionExclusive = {
+  permissions: {
+    [key: string]: string[];
+  };
+};
+type HasPermissionBaseInput = {
+  role: string;
+  options: OrganizationOptions;
+  allowCreatorAllPermissions?: boolean | undefined;
+} & PermissionExclusive;
+//#endregion
+export { HasPermissionBaseInput };
+//# sourceMappingURL=permission.d.mts.map

package/dist/plugins/organization/permission.mjs

@@ -0,0 +1,16 @@
+//#region src/plugins/organization/permission.ts
+const hasPermissionFn = (input, acRoles) => {
+	if (!input.permissions) return false;
+	const roles = input.role.split(",");
+	const creatorRole = input.options.creatorRole || "owner";
+	const isCreator = roles.includes(creatorRole);
+	const allowCreatorsAllPermissions = input.allowCreatorAllPermissions || false;
+	if (isCreator && allowCreatorsAllPermissions) return true;
+	for (const role of roles) if ((acRoles[role]?.authorize(input.permissions))?.success) return true;
+	return false;
+};
+const cacheAllRoles = /* @__PURE__ */ new Map();
+
+//#endregion
+export { cacheAllRoles, hasPermissionFn };
+//# sourceMappingURL=permission.mjs.map

package/dist/plugins/organization/permission.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.mjs","names":[],"sources":["../../../src/plugins/organization/permission.ts"],"sourcesContent":["import type { Role } from \"../access\";\nimport type { OrganizationOptions } from \"./types\";\n\nexport const hasPermissionFn = (\n\tinput: HasPermissionBaseInput,\n\tacRoles: {\n\t\t[x: string]: Role<any> | undefined;\n\t},\n) => {\n\tif (!input.permissions) return false;\n\n\tconst roles = input.role.split(\",\");\n\tconst creatorRole = input.options.creatorRole || \"owner\";\n\tconst isCreator = roles.includes(creatorRole);\n\n\tconst allowCreatorsAllPermissions = input.allowCreatorAllPermissions || false;\n\tif (isCreator && allowCreatorsAllPermissions) return true;\n\n\tfor (const role of roles) {\n\t\tconst _role = acRoles[role as keyof typeof acRoles];\n\t\tconst result = _role?.authorize(input.permissions);\n\t\tif (result?.success) {\n\t\t\treturn true;\n\t\t}\n\t}\n\treturn false;\n};\n\nexport type PermissionExclusive = {\n\tpermissions: { [key: string]: string[] };\n};\n\nexport const cacheAllRoles = new Map<\n\tstring,\n\t{\n\t\t[x: string]: Role<any> | undefined;\n\t}\n>();\n\nexport type HasPermissionBaseInput = {\n\trole: string;\n\toptions: OrganizationOptions;\n\tallowCreatorAllPermissions?: boolean | undefined;\n} & PermissionExclusive;\n"],"mappings":";AAGA,MAAa,mBACZ,OACA,YAGI;AACJ,KAAI,CAAC,MAAM,YAAa,QAAO;CAE/B,MAAM,QAAQ,MAAM,KAAK,MAAM,IAAI;CACnC,MAAM,cAAc,MAAM,QAAQ,eAAe;CACjD,MAAM,YAAY,MAAM,SAAS,YAAY;CAE7C,MAAM,8BAA8B,MAAM,8BAA8B;AACxE,KAAI,aAAa,4BAA6B,QAAO;AAErD,MAAK,MAAM,QAAQ,MAGlB,MAFc,QAAQ,OACA,UAAU,MAAM,YAAY,GACtC,QACX,QAAO;AAGT,QAAO;;AAOR,MAAa,gCAAgB,IAAI,KAK9B"}