Skip to content
CFast CFast

AuthRolesApi

AuthRolesApi = object

Defined in: packages/auth/src/types.ts:210

Grouped role-management API exposed on AuthInstance.roles.

Every method on this namespace reuses the same underlying D1 role manager and role-grant rules as the single-request AuthInstance it belongs to. Prefer this grouped form over the top-level getRoles / setRole / setRoles / removeRole aliases — those stay for backwards compatibility but the grouped namespace scales better when new role operations are added (e.g. list, has, audit), and it reads more like a real API on top of an already-initialized auth instance.

Obtain one by calling auth.roles, where auth is the value returned from initAuth(env) — no separate factory, no second role-manager instantiation.

Example

Section titled “Example”
const auth = initAuth({ d1: env.DB, appUrl: env.APP_URL });
const roles = await auth.roles.get(userId);
await auth.roles.set(userId, "editor", { callerRoles: ["admin"] });
await auth.roles.remove(userId, "editor");

Properties

Section titled “Properties”

get()

Section titled “get()”

get: (userId) => Promise<string[]>

Defined in: packages/auth/src/types.ts:212

Retrieves all roles assigned to a user.

Parameters

Section titled “Parameters”
userId
Section titled “userId”

string

Returns

Section titled “Returns”

Promise<string[]>

remove()

Section titled “remove()”

remove: (userId, role) => Promise<void>

Defined in: packages/auth/src/types.ts:232

Removes a single role from a user.

Parameters

Section titled “Parameters”
userId
Section titled “userId”

string

role
Section titled “role”

string

Returns

Section titled “Returns”

Promise<void>

set()

Section titled “set()”

set: (userId, role, caller?) => Promise<void>

Defined in: packages/auth/src/types.ts:217

Assigns a single role to a user (additive, does not remove existing roles). When caller.callerRoles is provided, validates against roleGrants rules.

Parameters

Section titled “Parameters”
userId
Section titled “userId”

string

role
Section titled “role”

string

caller?
Section titled “caller?”
callerRoles?
Section titled “callerRoles?”

string[]

Returns

Section titled “Returns”

Promise<void>

setAll()

Section titled “setAll()”

setAll: (userId, roles, caller?) => Promise<void>

Defined in: packages/auth/src/types.ts:226

Replaces all of a user’s roles with the given set. When caller.callerRoles is provided, validates each role against roleGrants rules.

Parameters

Section titled “Parameters”
userId
Section titled “userId”

string

roles
Section titled “roles”

string[]

caller?
Section titled “caller?”
callerRoles?
Section titled “callerRoles?”

string[]

Returns

Section titled “Returns”

Promise<void>