better-auth 1.3.27 → 1.4.0-beta.10

package/dist/access-Bc2qfyoJ.js

@@ -0,0 +1,79 @@
+import { createAccessControl } from "./access-D9xZn6mT.js";
+
+//#region src/plugins/organization/access/statement.ts
+const defaultStatements = {
+	organization: ["update", "delete"],
+	member: [
+		"create",
+		"update",
+		"delete"
+	],
+	invitation: ["create", "cancel"],
+	team: [
+		"create",
+		"update",
+		"delete"
+	],
+	ac: [
+		"create",
+		"read",
+		"update",
+		"delete"
+	]
+};
+const defaultAc = createAccessControl(defaultStatements);
+const adminAc = defaultAc.newRole({
+	organization: ["update"],
+	invitation: ["create", "cancel"],
+	member: [
+		"create",
+		"update",
+		"delete"
+	],
+	team: [
+		"create",
+		"update",
+		"delete"
+	],
+	ac: [
+		"create",
+		"read",
+		"update",
+		"delete"
+	]
+});
+const ownerAc = defaultAc.newRole({
+	organization: ["update", "delete"],
+	member: [
+		"create",
+		"update",
+		"delete"
+	],
+	invitation: ["create", "cancel"],
+	team: [
+		"create",
+		"update",
+		"delete"
+	],
+	ac: [
+		"create",
+		"read",
+		"update",
+		"delete"
+	]
+});
+const memberAc = defaultAc.newRole({
+	organization: [],
+	member: [],
+	invitation: [],
+	team: [],
+	ac: ["read"]
+});
+const defaultRoles = {
+	admin: adminAc,
+	owner: ownerAc,
+	member: memberAc
+};
+
+//#endregion
+export { adminAc, defaultAc, defaultRoles, defaultStatements, memberAc, ownerAc };

package/dist/access-C85goQpj.cjs

@@ -0,0 +1,80 @@
+const require_access = require('./access-KlwyAJUG.cjs');
+
+//#region src/plugins/admin/access/statement.ts
+const defaultStatements = {
+	user: [
+		"create",
+		"list",
+		"set-role",
+		"ban",
+		"impersonate",
+		"delete",
+		"set-password",
+		"get",
+		"update"
+	],
+	session: [
+		"list",
+		"revoke",
+		"delete"
+	]
+};
+const defaultAc = require_access.createAccessControl(defaultStatements);
+const adminAc = defaultAc.newRole({
+	user: [
+		"create",
+		"list",
+		"set-role",
+		"ban",
+		"impersonate",
+		"delete",
+		"set-password",
+		"get",
+		"update"
+	],
+	session: [
+		"list",
+		"revoke",
+		"delete"
+	]
+});
+const userAc = defaultAc.newRole({
+	user: [],
+	session: []
+});
+const defaultRoles = {
+	admin: adminAc,
+	user: userAc
+};
+
+//#endregion
+Object.defineProperty(exports, 'adminAc', {
+  enumerable: true,
+  get: function () {
+    return adminAc;
+  }
+});
+Object.defineProperty(exports, 'defaultAc', {
+  enumerable: true,
+  get: function () {
+    return defaultAc;
+  }
+});
+Object.defineProperty(exports, 'defaultRoles', {
+  enumerable: true,
+  get: function () {
+    return defaultRoles;
+  }
+});
+Object.defineProperty(exports, 'defaultStatements', {
+  enumerable: true,
+  get: function () {
+    return defaultStatements;
+  }
+});
+Object.defineProperty(exports, 'userAc', {
+  enumerable: true,
+  get: function () {
+    return userAc;
+  }
+});

package/dist/access-CGHTpm01.js

@@ -0,0 +1,51 @@
+import { createAccessControl } from "./access-D9xZn6mT.js";
+
+//#region src/plugins/admin/access/statement.ts
+const defaultStatements = {
+	user: [
+		"create",
+		"list",
+		"set-role",
+		"ban",
+		"impersonate",
+		"delete",
+		"set-password",
+		"get",
+		"update"
+	],
+	session: [
+		"list",
+		"revoke",
+		"delete"
+	]
+};
+const defaultAc = createAccessControl(defaultStatements);
+const adminAc = defaultAc.newRole({
+	user: [
+		"create",
+		"list",
+		"set-role",
+		"ban",
+		"impersonate",
+		"delete",
+		"set-password",
+		"get",
+		"update"
+	],
+	session: [
+		"list",
+		"revoke",
+		"delete"
+	]
+});
+const userAc = defaultAc.newRole({
+	user: [],
+	session: []
+});
+const defaultRoles = {
+	admin: adminAc,
+	user: userAc
+};
+
+//#endregion
+export { adminAc, defaultAc, defaultRoles, defaultStatements, userAc };

package/dist/access-CMKBGgPM.cjs

@@ -0,0 +1,114 @@
+const require_access = require('./access-KlwyAJUG.cjs');
+
+//#region src/plugins/organization/access/statement.ts
+const defaultStatements = {
+	organization: ["update", "delete"],
+	member: [
+		"create",
+		"update",
+		"delete"
+	],
+	invitation: ["create", "cancel"],
+	team: [
+		"create",
+		"update",
+		"delete"
+	],
+	ac: [
+		"create",
+		"read",
+		"update",
+		"delete"
+	]
+};
+const defaultAc = require_access.createAccessControl(defaultStatements);
+const adminAc = defaultAc.newRole({
+	organization: ["update"],
+	invitation: ["create", "cancel"],
+	member: [
+		"create",
+		"update",
+		"delete"
+	],
+	team: [
+		"create",
+		"update",
+		"delete"
+	],
+	ac: [
+		"create",
+		"read",
+		"update",
+		"delete"
+	]
+});
+const ownerAc = defaultAc.newRole({
+	organization: ["update", "delete"],
+	member: [
+		"create",
+		"update",
+		"delete"
+	],
+	invitation: ["create", "cancel"],
+	team: [
+		"create",
+		"update",
+		"delete"
+	],
+	ac: [
+		"create",
+		"read",
+		"update",
+		"delete"
+	]
+});
+const memberAc = defaultAc.newRole({
+	organization: [],
+	member: [],
+	invitation: [],
+	team: [],
+	ac: ["read"]
+});
+const defaultRoles = {
+	admin: adminAc,
+	owner: ownerAc,
+	member: memberAc
+};
+
+//#endregion
+Object.defineProperty(exports, 'adminAc', {
+  enumerable: true,
+  get: function () {
+    return adminAc;
+  }
+});
+Object.defineProperty(exports, 'defaultAc', {
+  enumerable: true,
+  get: function () {
+    return defaultAc;
+  }
+});
+Object.defineProperty(exports, 'defaultRoles', {
+  enumerable: true,
+  get: function () {
+    return defaultRoles;
+  }
+});
+Object.defineProperty(exports, 'defaultStatements', {
+  enumerable: true,
+  get: function () {
+    return defaultStatements;
+  }
+});
+Object.defineProperty(exports, 'memberAc', {
+  enumerable: true,
+  get: function () {
+    return memberAc;
+  }
+});
+Object.defineProperty(exports, 'ownerAc', {
+  enumerable: true,
+  get: function () {
+    return ownerAc;
+  }
+});

package/dist/access-D9xZn6mT.js

@@ -0,0 +1,45 @@
+import { BetterAuthError } from "@better-auth/core/error";
+
+//#region src/plugins/access/access.ts
+function role(statements) {
+	return {
+		authorize(request, connector = "AND") {
+			let success = false;
+			for (const [requestedResource, requestedActions] of Object.entries(request)) {
+				const allowedActions = statements[requestedResource];
+				if (!allowedActions) return {
+					success: false,
+					error: `You are not allowed to access resource: ${requestedResource}`
+				};
+				if (Array.isArray(requestedActions)) success = requestedActions.every((requestedAction) => allowedActions.includes(requestedAction));
+				else if (typeof requestedActions === "object") {
+					const actions = requestedActions;
+					if (actions.connector === "OR") success = actions.actions.some((requestedAction) => allowedActions.includes(requestedAction));
+					else success = actions.actions.every((requestedAction) => allowedActions.includes(requestedAction));
+				} else throw new BetterAuthError("Invalid access control request");
+				if (success && connector === "OR") return { success };
+				if (!success && connector === "AND") return {
+					success: false,
+					error: `unauthorized to access resource "${requestedResource}"`
+				};
+			}
+			if (success) return { success };
+			return {
+				success: false,
+				error: "Not authorized"
+			};
+		},
+		statements
+	};
+}
+function createAccessControl(s) {
+	return {
+		newRole(statements) {
+			return role(statements);
+		},
+		statements: s
+	};
+}
+
+//#endregion
+export { createAccessControl, role };

package/dist/access-KlwyAJUG.cjs

@@ -0,0 +1,58 @@
+const require_chunk = require('./chunk-DWy1uDak.cjs');
+let __better_auth_core_error = require("@better-auth/core/error");
+__better_auth_core_error = require_chunk.__toESM(__better_auth_core_error);
+
+//#region src/plugins/access/access.ts
+function role(statements) {
+	return {
+		authorize(request, connector = "AND") {
+			let success = false;
+			for (const [requestedResource, requestedActions] of Object.entries(request)) {
+				const allowedActions = statements[requestedResource];
+				if (!allowedActions) return {
+					success: false,
+					error: `You are not allowed to access resource: ${requestedResource}`
+				};
+				if (Array.isArray(requestedActions)) success = requestedActions.every((requestedAction) => allowedActions.includes(requestedAction));
+				else if (typeof requestedActions === "object") {
+					const actions = requestedActions;
+					if (actions.connector === "OR") success = actions.actions.some((requestedAction) => allowedActions.includes(requestedAction));
+					else success = actions.actions.every((requestedAction) => allowedActions.includes(requestedAction));
+				} else throw new __better_auth_core_error.BetterAuthError("Invalid access control request");
+				if (success && connector === "OR") return { success };
+				if (!success && connector === "AND") return {
+					success: false,
+					error: `unauthorized to access resource "${requestedResource}"`
+				};
+			}
+			if (success) return { success };
+			return {
+				success: false,
+				error: "Not authorized"
+			};
+		},
+		statements
+	};
+}
+function createAccessControl(s) {
+	return {
+		newRole(statements) {
+			return role(statements);
+		},
+		statements: s
+	};
+}
+
+//#endregion
+Object.defineProperty(exports, 'createAccessControl', {
+  enumerable: true,
+  get: function () {
+    return createAccessControl;
+  }
+});
+Object.defineProperty(exports, 'role', {
+  enumerable: true,
+  get: function () {
+    return role;
+  }
+});