Skip to content
CFast CFast

RowActionContext

RowActionContext = object

Defined in: packages/admin/src/types.ts:159

Context passed to every RowAction handler.

Provides the authenticated admin, a permission-scoped Db instance, the resolved permission grants, and the raw Request so handlers can perform permission-aware mutations, forward cookies, or call into other services on behalf of the admin user.

The db on this context is scoped to grants — it is not an elevated bypass database. Queries that would be rejected for the acting admin under normal permission rules are still rejected here. Use `ctx.db.unsafe()` as an explicit, greppable escape hatch when a row action genuinely needs to perform an operation outside the admin’s grants (e.g. cross-tenant bookkeeping).

Example

Section titled “Example”
const approveVendor: RowAction = {
  label: "Approve vendor",
  async action(id, _formData, ctx) {
    // ctx.db is scoped to ctx.user's grants — no manage-all bypass
    await ctx.db
      .update(vendors)
      .set({ status: "approved", approvedBy: ctx.user.id })
      .where(eq(vendors.id, id))
      .run({});
  },
};

Properties

Section titled “Properties”

db

Section titled “db”

db: Db

Defined in: packages/admin/src/types.ts:163

Permission-scoped DB instance for user / grants. Use db.unsafe() for explicit admin overrides.

email?

Section titled “email?”

optional email: RowActionEmailClient

Defined in: packages/admin/src/types.ts:178

An email client the row action can use to send notifications (e.g. “your vendor application has been approved”). Populated when the app passes an email field into AdminConfig; otherwise undefined.

The client is structurally compatible with EmailClient from @cfast/email — pass your existing email client directly. The admin package does not depend on @cfast/email to keep the type surface minimal.

grants

Section titled “grants”

grants: Grant[]

Defined in: packages/admin/src/types.ts:165

The resolved permission grants for the acting admin.

request

Section titled “request”

request: Request

Defined in: packages/admin/src/types.ts:167

The raw Request that triggered the action. Useful for forwarding cookies or reading headers.

user

Section titled “user”

user: AdminUser

Defined in: packages/admin/src/types.ts:161

The authenticated admin invoking the row action.