diff --git a/.changeset/fresh-news-cry.md b/.changeset/fresh-news-cry.md new file mode 100644 index 00000000000..beba07522d8 --- /dev/null +++ b/.changeset/fresh-news-cry.md @@ -0,0 +1,6 @@ +--- +'@clerk/clerk-js': patch +'@clerk/types': patch +--- + +Update default organization permissions with a `sys_` prefix as part of the entitlement. This changes makes it easy to distinguish between clerk reserved permissions and custom permissions created by developers. diff --git a/packages/clerk-js/src/core/resources/Session.test.ts b/packages/clerk-js/src/core/resources/Session.test.ts index 19b68fbee2c..e098f5597d7 100644 --- a/packages/clerk-js/src/core/resources/Session.test.ts +++ b/packages/clerk-js/src/core/resources/Session.test.ts @@ -73,7 +73,7 @@ describe('Session', () => { updated_at: new Date().getTime(), } as SessionJSON); - const isAuthorized = await session.isAuthorized({ permission: 'org:profile:delete' }); + const isAuthorized = await session.isAuthorized({ permission: 'org:sys_profile:delete' }); expect(isAuthorized).toBe(true); }); @@ -84,7 +84,7 @@ describe('Session', () => { id: 'session_1', object: 'session', user: createUser({ - organization_memberships: [{ name: 'Org1', id: 'org1', permissions: ['org:memberships:read'] }], + organization_memberships: [{ name: 'Org1', id: 'org1', permissions: ['org:sys_memberships:read'] }], }), last_active_organization_id: 'org1', last_active_token: { object: 'token', jwt: mockJwt }, @@ -93,7 +93,7 @@ describe('Session', () => { updated_at: new Date().getTime(), } as SessionJSON); - const isAuthorized = await session.isAuthorized({ permission: 'org:profile:delete' }); + const isAuthorized = await session.isAuthorized({ permission: 'org:sys_profile:delete' }); expect(isAuthorized).toBe(false); }); diff --git a/packages/clerk-js/src/core/test/fixtures.ts b/packages/clerk-js/src/core/test/fixtures.ts index 3baaff61aad..65d174e6ad0 100644 --- a/packages/clerk-js/src/core/test/fixtures.ts +++ b/packages/clerk-js/src/core/test/fixtures.ts @@ -51,14 +51,14 @@ export const createOrganizationMembership = (params: OrgParams): OrganizationMem public_metadata: {}, role: role || 'admin', permissions: permissions || [ - 'org:domains:delete', - 'org:domains:manage', - 'org:domains:read', - 'org:memberships:delete', - 'org:memberships:manage', - 'org:memberships:read', - 'org:profile:delete', - 'org:profile:manage', + 'org:sys_domains:delete', + 'org:sys_domains:manage', + 'org:sys_domains:read', + 'org:sys_memberships:delete', + 'org:sys_memberships:manage', + 'org:sys_memberships:read', + 'org:sys_profile:delete', + 'org:sys_profile:manage', ], updated_at: new Date().getTime(), } as OrganizationMembershipJSON; diff --git a/packages/types/src/organizationMembership.ts b/packages/types/src/organizationMembership.ts index 87860889558..3ac2225de1d 100644 --- a/packages/types/src/organizationMembership.ts +++ b/packages/types/src/organizationMembership.ts @@ -43,14 +43,14 @@ export interface OrganizationMembershipResource extends ClerkResource { export type MembershipRole = 'admin' | 'basic_member' | 'guest_member'; export type OrganizationPermission = - | 'org:domains:manage' - | 'org:domains:delete' - | 'org:profile:manage' - | 'org:profile:delete' - | 'org:memberships:read' - | 'org:memberships:manage' - | 'org:memberships:delete' - | 'org:domains:read'; + | 'org:sys_domains:manage' + | 'org:sys_domains:delete' + | 'org:sys_profile:manage' + | 'org:sys_profile:delete' + | 'org:sys_memberships:read' + | 'org:sys_memberships:manage' + | 'org:sys_memberships:delete' + | 'org:sys_domains:read'; export type UpdateOrganizationMembershipParams = { role: MembershipRole;