lst_v3/backend/utils/auth.permissions.ts

import { createAccessControl } from "better-auth/plugins/access";
import { adminAc, defaultStatements } from "better-auth/plugins/admin/access";

export const statement = {
	...defaultStatements,
	app: ["read", "create", "update", "delete", "readAll"],
	quality: ["read", "create", "update", "delete", "readAll"],
	logistics: ["read", "create", "update", "delete", "readAll"],
	mobile: ["read", "create", "update", "delete", "readAll"],
	openDock: ["read", "create", "update", "delete"],
	notifications: ["read", "create", "update", "delete", "readAll"],
} as const;

export const ac = createAccessControl(statement);

export const user = ac.newRole({
	app: ["read", "create"],
	notifications: ["read", "create"],
	openDock: ["read"],
});

export const manager = ac.newRole({
	app: ["read", "create", "update"],
	mobile: ["read", "create", "update"],
	openDock: ["read", "create", "update"],
});

export const transport = ac.newRole({
	app: ["read", "create", "update"],
	openDock: ["read", "create", "update"],
});

export const admin = ac.newRole({
	app: ["read", "create", "update"],
	mobile: ["read", "create", "update"],
	user: ["create", "update", "ban"],
	openDock: ["read", "create", "update"],
});

export const systemAdmin = ac.newRole({
	...adminAc.statements,
	app: ["read", "create", "update", "delete", "readAll"],
	quality: ["read", "create", "update", "delete", "readAll"],
	mobile: ["read", "create", "update", "delete", "readAll"],
	logistics: ["read", "create", "update", "delete", "readAll"],
	notifications: ["read", "create", "update", "delete", "readAll"],
	openDock: ["read", "create", "update", "delete"],
});

/* example usage
const canCreateProject = await authClient.admin.hasPermission({
  permissions: {
    project: ["create"],
  },
});
// You can also check multiple resource permissions at the same time
const canCreateProjectAndCreateSale = await authClient.admin.hasPermission({
  permissions: {
    project: ["create"],
    sale: ["create"]
  },
});


*/