Skip to content

fix: Ensure admin panel is functional by linking the station manager role to admin permissions #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JacksonMeade merged 2 commits into from
Jan 3, 2026
Merged

fix: Ensure admin panel is functional by linking the station manager role to admin permissions #102

JacksonMeade merged 2 commits into from
Jan 3, 2026

Conversation

@JacksonMeade
Copy link
Contributor

@JacksonMeade JacksonMeade commented Dec 31, 2025

Fix Admin Permissions for Station Managers

Problem

Users with stationManager role in the default organization were unable to access Better Auth Admin plugin endpoints (/admin/*). The Admin plugin checks the global user.role field (not organization membership) to authorize requests, but organization roles were not being synced to this field.

Solution

Implemented automatic synchronization of user.role to "admin" when users are promoted to stationManager, admin, or owner roles in the default organization.

Changes

shared/authentication/src/auth.definition.ts

  • Added organizationHooks to the organization plugin:
    • afterAddMember: Sets user.role = "admin" when members are added with admin roles
    • afterUpdateMemberRole: Updates user.role on role changes (grants on promotion, removes on demotion)
    • afterRemoveMember: Removes admin role when members are removed from default organization
  • Hooks only apply to the default organization (identified by DEFAULT_ORG_SLUG)

apps/auth/app.ts

  • Updated createDefaultUser() to set user.role = "admin" immediately when creating a default user with stationManager role
  • Added syncAdminRoles() function to ensure consistency for existing users created before hooks were implemented

Technical Details

The Better Auth Admin plugin requires user.role === "admin" in the database to authorize admin endpoints. Organization roles (stationManager, admin, owner) are stored in the member table and are separate from the global user.role field. This change bridges that gap by automatically maintaining user.role based on organization membership in the default organization.

Testing

  • Verified existing stationManager users receive admin role on service startup
  • Verified new users created with stationManager role receive admin role immediately
  • Verified role changes (promotions/demotions) update user.role accordingly
  • Confirmed admin endpoints are now accessible to station managers

@JacksonMeade JacksonMeade self-assigned this Dec 31, 2025
@JacksonMeade
Copy link
Contributor Author

JacksonMeade commented Dec 31, 2025

Blocked, depends on #101

@JacksonMeade JacksonMeade merged commit cbe98df into main Jan 3, 2026
1 check passed
@JacksonMeade JacksonMeade deleted the fix-admin-panel branch January 3, 2026 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AyBruno AyBruno AyBruno approved these changes

@jakebromberg jakebromberg Awaiting requested review from jakebromberg

Assignees

@JacksonMeade JacksonMeade

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JacksonMeade @AyBruno