Skip to content
CFast CFast

resolveGrants

resolveGrants(permissions, roles): Grant[]

Defined in: packages/permissions/src/resolve-grants.ts:37

Resolves and merges grants for multiple roles into a single flat array.

Looks up each role’s pre-expanded grants (from hierarchy resolution) and deduplicates them by action + subject. When multiple grants share the same action + subject:

  • If any grant has no where clause, the merged grant is unrestricted.
  • If all grants have where clauses, they are OR-merged via Drizzle’s or().

This is used when a user has multiple roles and their grants need to be combined.

Parameters

Section titled “Parameters”

permissions

Section titled “permissions”

Permissions

The permissions object from definePermissions.

roles

Section titled “roles”

string[]

Array of role names whose grants should be merged.

Returns

Section titled “Returns”

Grant[]

A deduplicated array of Grant objects with merged where clauses.