Permissions

Learn how to use role-based permissions.

Server-side roles check

If you import @workspace/auth/permissions you have following helpers:

isOrganizationOwner(userId, organizationId)
isOrganizationAdmin(userId, organizationId)
isOrganizationMember(userId, organizationId)

You can check the permission for the active organization on the server-side like following:

permission-example.ts

import { getAuthOrganizationContext } from '@workspace/auth/context';import { isOrganizationAdmin } from '@workspace/auth/permissions';const ctx = await getAuthOrganizationContext();const isAdmin = await isOrganizationAdmin(  ctx.session.user.id,  ctx.organization.id);

Please not that you can pass in any userId or organizationId, it doesn't have to be from a session context.

Client-side roles check

The profile object of the getProfile() server-side call returns the active organization permissions:

profile-example.ts

type ActiveOrganizationPermissions = { isOwner: boolean; role: Role };

The values are transient and not cached. Passing the profile object to any client component enables you to do permission checks on the client.

Accessing memberships

On the server-side the context object has all the current user's memberships.

access-user-memberships-server-example.ts

const memberships = ctx.session.user.memberships;

The same pattern for the active's organization memberships.

access-organization-memberships-server-example.ts

const memberships = ctx.organization.memberships;

You can check the active organization memberships on the client using:

access-organization-memberships-client-example.tsx

'use client';import { useActiveOrganization } from '~/hooks/use-active-organization';export function ClientComponent() {  const activeOrganization = useActiveOrganization();  const memberships = activeOrganization.memberships;}

Getting Started

General

Apps

Dev Tools

Permissions

Server-side roles check

Client-side roles check

Accessing memberships