119 lines
3.6 KiB
TypeScript
119 lines
3.6 KiB
TypeScript
export const SYSTEM_ROLES = ['super_admin', 'user'] as const;
|
|
export const MEMBERSHIP_ROLES = ['admin', 'user'] as const;
|
|
export const BUSINESS_ROLES = [
|
|
'it_admin',
|
|
'helpdesk',
|
|
'infrastructure',
|
|
'application',
|
|
'auditor',
|
|
'viewer'
|
|
] as const;
|
|
|
|
export type SystemRole = (typeof SYSTEM_ROLES)[number];
|
|
export type MembershipRole = (typeof MEMBERSHIP_ROLES)[number];
|
|
export type BusinessRole = (typeof BUSINESS_ROLES)[number];
|
|
|
|
export const PERMISSIONS = {
|
|
productsRead: 'products:read',
|
|
productsWrite: 'products:write',
|
|
organizationManage: 'organization:manage',
|
|
usersManage: 'users:manage',
|
|
reportRead: 'report:read',
|
|
crmCustomerRead: 'crm.customer.read',
|
|
crmCustomerCreate: 'crm.customer.create',
|
|
crmCustomerUpdate: 'crm.customer.update',
|
|
crmCustomerDelete: 'crm.customer.delete',
|
|
crmContactRead: 'crm.contact.read',
|
|
crmContactCreate: 'crm.contact.create',
|
|
crmContactUpdate: 'crm.contact.update',
|
|
crmContactDelete: 'crm.contact.delete',
|
|
crmEnquiryRead: 'crm.enquiry.read',
|
|
crmEnquiryCreate: 'crm.enquiry.create',
|
|
crmEnquiryUpdate: 'crm.enquiry.update',
|
|
crmEnquiryDelete: 'crm.enquiry.delete',
|
|
crmEnquiryFollowupRead: 'crm.enquiry.followup.read',
|
|
crmEnquiryFollowupCreate: 'crm.enquiry.followup.create',
|
|
crmEnquiryFollowupUpdate: 'crm.enquiry.followup.update',
|
|
crmEnquiryFollowupDelete: 'crm.enquiry.followup.delete'
|
|
} as const;
|
|
|
|
export type Permission = (typeof PERMISSIONS)[keyof typeof PERMISSIONS];
|
|
|
|
function getMembershipBasePermissions(role: MembershipRole): Permission[] {
|
|
if (role === 'admin') {
|
|
return [
|
|
PERMISSIONS.productsRead,
|
|
PERMISSIONS.productsWrite,
|
|
PERMISSIONS.organizationManage,
|
|
PERMISSIONS.usersManage,
|
|
PERMISSIONS.crmCustomerRead,
|
|
PERMISSIONS.crmCustomerCreate,
|
|
PERMISSIONS.crmCustomerUpdate,
|
|
PERMISSIONS.crmCustomerDelete,
|
|
PERMISSIONS.crmContactRead,
|
|
PERMISSIONS.crmContactCreate,
|
|
PERMISSIONS.crmContactUpdate,
|
|
PERMISSIONS.crmContactDelete,
|
|
PERMISSIONS.crmEnquiryRead,
|
|
PERMISSIONS.crmEnquiryCreate,
|
|
PERMISSIONS.crmEnquiryUpdate,
|
|
PERMISSIONS.crmEnquiryDelete,
|
|
PERMISSIONS.crmEnquiryFollowupRead,
|
|
PERMISSIONS.crmEnquiryFollowupCreate,
|
|
PERMISSIONS.crmEnquiryFollowupUpdate,
|
|
PERMISSIONS.crmEnquiryFollowupDelete
|
|
];
|
|
}
|
|
|
|
return [
|
|
PERMISSIONS.productsRead,
|
|
PERMISSIONS.crmCustomerRead,
|
|
PERMISSIONS.crmContactRead,
|
|
PERMISSIONS.crmEnquiryRead,
|
|
PERMISSIONS.crmEnquiryFollowupRead
|
|
];
|
|
}
|
|
|
|
export function getBusinessRolePermissions(role: BusinessRole): Permission[] {
|
|
switch (role) {
|
|
case 'it_admin':
|
|
return [PERMISSIONS.reportRead];
|
|
case 'helpdesk':
|
|
return [];
|
|
case 'infrastructure':
|
|
return [PERMISSIONS.reportRead];
|
|
case 'application':
|
|
return [PERMISSIONS.reportRead];
|
|
case 'auditor':
|
|
return [PERMISSIONS.reportRead];
|
|
case 'viewer':
|
|
default:
|
|
return [];
|
|
}
|
|
}
|
|
|
|
export function getDefaultBusinessRole(role: MembershipRole): BusinessRole {
|
|
return role === 'admin' ? 'it_admin' : 'viewer';
|
|
}
|
|
|
|
export function getDefaultPermissions(
|
|
role: MembershipRole,
|
|
businessRole: BusinessRole = getDefaultBusinessRole(role)
|
|
): Permission[] {
|
|
return [
|
|
...new Set([...getMembershipBasePermissions(role), ...getBusinessRolePermissions(businessRole)])
|
|
];
|
|
}
|
|
|
|
export function isSystemRole(value: string): value is SystemRole {
|
|
return SYSTEM_ROLES.includes(value as SystemRole);
|
|
}
|
|
|
|
export function isMembershipRole(value: string): value is MembershipRole {
|
|
return MEMBERSHIP_ROLES.includes(value as MembershipRole);
|
|
}
|
|
|
|
export function isBusinessRole(value: string): value is BusinessRole {
|
|
return BUSINESS_ROLES.includes(value as BusinessRole);
|
|
}
|