{"version":3,"file":"has-permission.mjs","names":["acRoles: {\n\t\t[x: string]: Role<any> | undefined;\n\t}"],"sources":["../../../src/plugins/organization/has-permission.ts"],"sourcesContent":["import type { GenericEndpointContext } from \"@better-auth/core\";\nimport * as z from \"zod\";\nimport { APIError } from \"../../api\";\nimport type { Role } from \"../access\";\nimport { defaultRoles } from \"./access\";\nimport type { HasPermissionBaseInput } from \"./permission\";\nimport { cacheAllRoles, hasPermissionFn } from \"./permission\";\nimport type { OrganizationRole } from \"./schema\";\n\nexport const hasPermission = async (\n\tinput: {\n\t\torganizationId: string;\n\t\t/**\n\t\t * If true, will use the in-memory cache of the roles.\n\t\t * Keep in mind to use this in a stateless mindset, the purpose of this is to avoid unnecessary database calls when running multiple\n\t\t * hasPermission calls in a row.\n\t\t *\n\t\t * @default false\n\t\t */\n\t\tuseMemoryCache?: boolean | undefined;\n\t} & HasPermissionBaseInput,\n\tctx: GenericEndpointContext,\n) => {\n\tlet acRoles: {\n\t\t[x: string]: Role<any> | undefined;\n\t} = { ...(input.options.roles || defaultRoles) };\n\n\tif (\n\t\tctx &&\n\t\tinput.organizationId &&\n\t\tinput.options.dynamicAccessControl?.enabled &&\n\t\tinput.options.ac &&\n\t\t!input.useMemoryCache\n\t) {\n\t\t// Load roles from database\n\t\tconst roles = await ctx.context.adapter.findMany<\n\t\t\tOrganizationRole & { permission: string }\n\t\t>({\n\t\t\tmodel: \"organizationRole\",\n\t\t\twhere: [\n\t\t\t\t{\n\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\tvalue: input.organizationId,\n\t\t\t\t},\n\t\t\t],\n\t\t});\n\n\t\tfor (const { role, permission: permissionsString } of roles) {\n\t\t\t// If it's for an existing role, skip as we shouldn't override hard-coded roles.\n\t\t\tif (role in acRoles) continue;\n\n\t\t\tconst result = z\n\t\t\t\t.record(z.string(), z.array(z.string()))\n\t\t\t\t.safeParse(JSON.parse(permissionsString));\n\n\t\t\tif (!result.success) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"[hasPermission] Invalid permissions for role \" + role,\n\t\t\t\t\t{\n\t\t\t\t\t\tpermissions: JSON.parse(permissionsString),\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Invalid permissions for role \" + role,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tacRoles[role] = input.options.ac.newRole(result.data);\n\t\t}\n\t}\n\n\tif (input.useMemoryCache) {\n\t\tacRoles = cacheAllRoles.get(input.organizationId) || acRoles;\n\t}\n\tcacheAllRoles.set(input.organizationId, acRoles);\n\n\treturn hasPermissionFn(input, acRoles);\n};\n"],"mappings":";;;;;;;AASA,MAAa,gBAAgB,OAC5B,OAWA,QACI;CACJ,IAAIA,UAEA,EAAE,GAAI,MAAM,QAAQ,SAAS,cAAe;AAEhD,KACC,OACA,MAAM,kBACN,MAAM,QAAQ,sBAAsB,WACpC,MAAM,QAAQ,MACd,CAAC,MAAM,gBACN;EAED,MAAM,QAAQ,MAAM,IAAI,QAAQ,QAAQ,SAEtC;GACD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO,MAAM;IACb,CACD;GACD,CAAC;AAEF,OAAK,MAAM,EAAE,MAAM,YAAY,uBAAuB,OAAO;AAE5D,OAAI,QAAQ,QAAS;GAErB,MAAM,SAAS,EACb,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvC,UAAU,KAAK,MAAM,kBAAkB,CAAC;AAE1C,OAAI,CAAC,OAAO,SAAS;AACpB,QAAI,QAAQ,OAAO,MAClB,kDAAkD,MAClD,EACC,aAAa,KAAK,MAAM,kBAAkB,EAC1C,CACD;AACD,UAAM,IAAI,SAAS,yBAAyB,EAC3C,SAAS,kCAAkC,MAC3C,CAAC;;AAGH,WAAQ,QAAQ,MAAM,QAAQ,GAAG,QAAQ,OAAO,KAAK;;;AAIvD,KAAI,MAAM,eACT,WAAU,cAAc,IAAI,MAAM,eAAe,IAAI;AAEtD,eAAc,IAAI,MAAM,gBAAgB,QAAQ;AAEhD,QAAO,gBAAgB,OAAO,QAAQ"}