export const SYSTEM_ROLES = ['super_admin', 'user'] as const; export const MEMBERSHIP_ROLES = ['admin', 'user'] as const; export const BUSINESS_ROLES = [ 'it_admin', 'helpdesk', 'infrastructure', 'application', 'auditor', 'viewer' ] as const; export type SystemRole = (typeof SYSTEM_ROLES)[number]; export type MembershipRole = (typeof MEMBERSHIP_ROLES)[number]; export type BusinessRole = (typeof BUSINESS_ROLES)[number]; export const PERMISSIONS = { productsRead: 'products:read', productsWrite: 'products:write', organizationManage: 'organization:manage', usersManage: 'users:manage', masterDataManage: 'master_data:manage', assetRead: 'asset:read', assetCreate: 'asset:create', assetUpdate: 'asset:update', assetAssign: 'asset:assign', assetTransfer: 'asset:transfer', assetReturn: 'asset:return', assetRepair: 'asset:repair', assetAudit: 'asset:audit', reportRead: 'report:read' } as const; export type Permission = (typeof PERMISSIONS)[keyof typeof PERMISSIONS]; function getMembershipBasePermissions(role: MembershipRole): Permission[] { if (role === 'admin') { return [ PERMISSIONS.productsRead, PERMISSIONS.productsWrite, PERMISSIONS.organizationManage, PERMISSIONS.usersManage ]; } return [PERMISSIONS.productsRead]; } export function getBusinessRolePermissions(role: BusinessRole): Permission[] { switch (role) { case 'it_admin': return [ PERMISSIONS.masterDataManage, PERMISSIONS.assetRead, PERMISSIONS.assetCreate, PERMISSIONS.assetUpdate, PERMISSIONS.assetAssign, PERMISSIONS.assetTransfer, PERMISSIONS.assetReturn, PERMISSIONS.assetRepair, PERMISSIONS.assetAudit, PERMISSIONS.reportRead ]; case 'helpdesk': return [ PERMISSIONS.assetRead, PERMISSIONS.assetAssign, PERMISSIONS.assetTransfer, PERMISSIONS.assetReturn ]; case 'infrastructure': return [ PERMISSIONS.assetRead, PERMISSIONS.assetCreate, PERMISSIONS.assetUpdate, PERMISSIONS.assetRepair, PERMISSIONS.reportRead ]; case 'application': return [ PERMISSIONS.assetRead, PERMISSIONS.assetCreate, PERMISSIONS.assetUpdate, PERMISSIONS.reportRead ]; case 'auditor': return [PERMISSIONS.assetRead, PERMISSIONS.assetAudit, PERMISSIONS.reportRead]; case 'viewer': default: return [PERMISSIONS.assetRead]; } } export function getDefaultBusinessRole(role: MembershipRole): BusinessRole { return role === 'admin' ? 'it_admin' : 'viewer'; } export function getDefaultPermissions( role: MembershipRole, businessRole: BusinessRole = getDefaultBusinessRole(role) ): Permission[] { return [...new Set([...getMembershipBasePermissions(role), ...getBusinessRolePermissions(businessRole)])]; } export function isSystemRole(value: string): value is SystemRole { return SYSTEM_ROLES.includes(value as SystemRole); } export function isMembershipRole(value: string): value is MembershipRole { return MEMBERSHIP_ROLES.includes(value as MembershipRole); } export function isBusinessRole(value: string): value is BusinessRole { return BUSINESS_ROLES.includes(value as BusinessRole); }