fix: include default roles when adding custom viewer role to org plugin

raghavyuva · raghavyuva · commit 1e986f1776c3 · 2026-03-26T12:42:31.000+05:30
Better Auth's hasPermission uses `options.roles || defaultRoles`, so
passing only `{ viewer }` made the built-in owner/admin/member roles
unresolvable, causing "not allowed to invite" errors for owners.
diff --git a/src/auth/index.ts b/src/auth/index.ts
@@ -1,6 +1,7 @@
 import { betterAuth } from 'better-auth';
 import { drizzleAdapter } from 'better-auth/adapters/drizzle';
 import { emailOTP, organization, role, deviceAuthorization, bearer, captcha, jwt, testUtils } from 'better-auth/plugins';
+import { defaultRoles } from 'better-auth/plugins/organization/access';
 import { apiKey } from '@better-auth/api-key';
 import { passkey } from '@better-auth/passkey';
 import { oauthProvider } from '@better-auth/oauth-provider';
@@ -82,6 +83,7 @@ export const auth = betterAuth({
       : []),
     organization({
       roles: {
+        ...defaultRoles,
         viewer: role({
           organization: [],
           member: [],
