Skip to content
CFast CFast

definePermissions

Call Signature

Section titled “Call Signature”

definePermissions<TRoles>(config): Permissions<TRoles>

Defined in: packages/permissions/src/define-permissions.ts:57

Creates a permission configuration that can be shared between server-side enforcement (@cfast/db) and client-side introspection (@cfast/actions).

Supports two calling styles:

  • Direct: definePermissions(config) when no custom user type is needed.
  • Curried: definePermissions<MyUser>()(config) to get typed where clause user parameters.

Type Parameters

Section titled “Type Parameters”

TRoles

Section titled “TRoles”

TRoles extends readonly string[]

Parameters

Section titled “Parameters”

config

Section titled “config”

PermissionsConfig<TRoles>

The permissions configuration with roles, grants, and optional hierarchy.

Returns

Section titled “Returns”

Permissions<TRoles>

A Permissions object containing roles, raw grants, and hierarchy-expanded resolvedGrants.

Example

Section titled “Example”
import { definePermissions, grant } from "@cfast/permissions";
import { eq } from "drizzle-orm";
import { posts, comments } from "./schema";


const permissions = definePermissions({
  roles: ["anonymous", "user", "admin"] as const,
  grants: {
    anonymous: [
      grant("read", posts, { where: (p) => eq(p.published, true) }),
    ],
    user: [
      grant("read", posts),
      grant("create", posts),
      grant("update", posts, { where: (p, u) => eq(p.authorId, u.id) }),
    ],
    admin: [grant("manage", "all")],
  },
});

Call Signature

Section titled “Call Signature”

definePermissions<TUser>(): <TRoles>(config) => Permissions<TRoles>

Defined in: packages/permissions/src/define-permissions.ts:60

Creates a permission configuration that can be shared between server-side enforcement (@cfast/db) and client-side introspection (@cfast/actions).

Supports two calling styles:

  • Direct: definePermissions(config) when no custom user type is needed.
  • Curried: definePermissions<MyUser>()(config) to get typed where clause user parameters.

Type Parameters

Section titled “Type Parameters”

TUser

Section titled “TUser”

TUser

Returns

Section titled “Returns”

A Permissions object containing roles, raw grants, and hierarchy-expanded resolvedGrants.

<TRoles>(config): Permissions<TRoles>

Type Parameters

Section titled “Type Parameters”
TRoles
Section titled “TRoles”

TRoles extends readonly string[]

Parameters

Section titled “Parameters”
config
Section titled “config”

PermissionsConfig<TRoles, TUser>

Returns

Section titled “Returns”

Permissions<TRoles>

Example

Section titled “Example”
import { definePermissions, grant } from "@cfast/permissions";
import { eq } from "drizzle-orm";
import { posts, comments } from "./schema";


const permissions = definePermissions({
  roles: ["anonymous", "user", "admin"] as const,
  grants: {
    anonymous: [
      grant("read", posts, { where: (p) => eq(p.published, true) }),
    ],
    user: [
      grant("read", posts),
      grant("create", posts),
      grant("update", posts, { where: (p, u) => eq(p.authorId, u.id) }),
    ],
    admin: [grant("manage", "all")],
  },
});