grant
grant(
action,subject,options?):Grant
Defined in: packages/permissions/src/grant.ts:34
Declares that a role can perform an action on a subject, optionally restricted
by a row-level where clause.
Used inside the grants map of definePermissions to build permission rules.
A grant without a where clause applies to all rows.
Parameters
Section titled “Parameters”action
Section titled “action”The operation being permitted ("read", "create", "update", "delete", or "manage" for all four).
subject
Section titled “subject”A Drizzle table reference, or "all" to apply to every table.
object | "all"
options?
Section titled “options?”Optional configuration.
where?
Section titled “where?”A Drizzle filter function (columns, user) => SQL that restricts which rows this grant covers.
Returns
Section titled “Returns”A Grant object for use in a permissions configuration.
Example
Section titled “Example”import { grant } from "@cfast/permissions";import { eq } from "drizzle-orm";import { posts } from "./schema";
// Unrestricted read on all postsgrant("read", posts);
// Only allow updating own postsgrant("update", posts, { where: (post, user) => eq(post.authorId, user.id),});
// Full access to everythinggrant("manage", "all");