Permissions

Permissions use a domain + actions model. Each permission grants one or more actions on a domain. Wildcards (*) are supported for both domain and actions.

Permission Type

type Permission = {
  domain: string
  actions: string[]
}

Stored in the permission tenant table with columns domain (text) and actions (text array), linked to a role.

hasPermission

Checks if a set of granted permissions satisfies a required domain + actions combination.

import { hasPermission } from '@repo/auth'

// Check single action
hasPermission(permissions, 'users', ['read']) // boolean

// Check multiple actions -- all must be granted
hasPermission(permissions, 'documents', ['read', 'write', 'delete'])

Wildcard Matching

domain: '*' matches any domain
actions: ['*'] matches any action

// This permission grants everything
const adminPermission: Permission = { domain: '*', actions: ['*'] }

hasPermission([adminPermission], 'anything', ['any-action']) // true

AuthDomains

Define your application's permission domains for type-safe gate creation:

import type { AuthDomains } from '@repo/auth'

const domains = {
  users: {
    label: 'Users',
    actions: [
      { value: 'read', label: 'Read' },
      { value: 'write', label: 'Write' },
    ] as const,
  },
  invoices: {
    label: 'Invoices',
    actions: [
      { value: 'read', label: 'Read' },
      { value: 'create', label: 'Create' },
      { value: 'delete', label: 'Delete' },
    ] as const,
  },
} satisfies AuthDomains

This is used by permissionGate for type inference on domain names and action values.

PermissionsField Component

A Svelte 5 form component for editing an array of permissions. Renders one PermissionField per entry with add/remove controls.

<script lang="ts">
  import { PermissionsField } from '@repo/auth'
  import { domains } from './auth-domains'

  let permissions = $state([{ domain: '', actions: [] }])
</script>

<PermissionsField bind:value={permissions} {domains} />

Props

Prop	Type	Description
`value`	`Permission[]`	Bindable array of permissions
`domains`	`AuthDomains`	Domain definitions with labels and action options

Permission Schemas

Zod schemas for validating permission and role form data:

import { getPermissionSchema, getRoleSchema } from '@repo/auth'

const permissionSchema = getPermissionSchema(['users', 'invoices'], ['read', 'write', 'delete'])
const roleSchema = getRoleSchema(['users', 'invoices'], ['read', 'write', 'delete'])
// roleSchema validates: { name: string, permissions: Permission[] }

Permission Type​

hasPermission​

Wildcard Matching​

AuthDomains​

PermissionsField Component​

Props​

Permission Schemas​