Files
alla-allaos-fullstack/src/lib/auth/rbac.ts
2026-06-15 13:46:33 +07:00

119 lines
3.6 KiB
TypeScript

export const SYSTEM_ROLES = ['super_admin', 'user'] as const;
export const MEMBERSHIP_ROLES = ['admin', 'user'] as const;
export const BUSINESS_ROLES = [
'it_admin',
'helpdesk',
'infrastructure',
'application',
'auditor',
'viewer'
] as const;
export type SystemRole = (typeof SYSTEM_ROLES)[number];
export type MembershipRole = (typeof MEMBERSHIP_ROLES)[number];
export type BusinessRole = (typeof BUSINESS_ROLES)[number];
export const PERMISSIONS = {
productsRead: 'products:read',
productsWrite: 'products:write',
organizationManage: 'organization:manage',
usersManage: 'users:manage',
reportRead: 'report:read',
crmCustomerRead: 'crm.customer.read',
crmCustomerCreate: 'crm.customer.create',
crmCustomerUpdate: 'crm.customer.update',
crmCustomerDelete: 'crm.customer.delete',
crmContactRead: 'crm.contact.read',
crmContactCreate: 'crm.contact.create',
crmContactUpdate: 'crm.contact.update',
crmContactDelete: 'crm.contact.delete',
crmEnquiryRead: 'crm.enquiry.read',
crmEnquiryCreate: 'crm.enquiry.create',
crmEnquiryUpdate: 'crm.enquiry.update',
crmEnquiryDelete: 'crm.enquiry.delete',
crmEnquiryFollowupRead: 'crm.enquiry.followup.read',
crmEnquiryFollowupCreate: 'crm.enquiry.followup.create',
crmEnquiryFollowupUpdate: 'crm.enquiry.followup.update',
crmEnquiryFollowupDelete: 'crm.enquiry.followup.delete'
} as const;
export type Permission = (typeof PERMISSIONS)[keyof typeof PERMISSIONS];
function getMembershipBasePermissions(role: MembershipRole): Permission[] {
if (role === 'admin') {
return [
PERMISSIONS.productsRead,
PERMISSIONS.productsWrite,
PERMISSIONS.organizationManage,
PERMISSIONS.usersManage,
PERMISSIONS.crmCustomerRead,
PERMISSIONS.crmCustomerCreate,
PERMISSIONS.crmCustomerUpdate,
PERMISSIONS.crmCustomerDelete,
PERMISSIONS.crmContactRead,
PERMISSIONS.crmContactCreate,
PERMISSIONS.crmContactUpdate,
PERMISSIONS.crmContactDelete,
PERMISSIONS.crmEnquiryRead,
PERMISSIONS.crmEnquiryCreate,
PERMISSIONS.crmEnquiryUpdate,
PERMISSIONS.crmEnquiryDelete,
PERMISSIONS.crmEnquiryFollowupRead,
PERMISSIONS.crmEnquiryFollowupCreate,
PERMISSIONS.crmEnquiryFollowupUpdate,
PERMISSIONS.crmEnquiryFollowupDelete
];
}
return [
PERMISSIONS.productsRead,
PERMISSIONS.crmCustomerRead,
PERMISSIONS.crmContactRead,
PERMISSIONS.crmEnquiryRead,
PERMISSIONS.crmEnquiryFollowupRead
];
}
export function getBusinessRolePermissions(role: BusinessRole): Permission[] {
switch (role) {
case 'it_admin':
return [PERMISSIONS.reportRead];
case 'helpdesk':
return [];
case 'infrastructure':
return [PERMISSIONS.reportRead];
case 'application':
return [PERMISSIONS.reportRead];
case 'auditor':
return [PERMISSIONS.reportRead];
case 'viewer':
default:
return [];
}
}
export function getDefaultBusinessRole(role: MembershipRole): BusinessRole {
return role === 'admin' ? 'it_admin' : 'viewer';
}
export function getDefaultPermissions(
role: MembershipRole,
businessRole: BusinessRole = getDefaultBusinessRole(role)
): Permission[] {
return [
...new Set([...getMembershipBasePermissions(role), ...getBusinessRolePermissions(businessRole)])
];
}
export function isSystemRole(value: string): value is SystemRole {
return SYSTEM_ROLES.includes(value as SystemRole);
}
export function isMembershipRole(value: string): value is MembershipRole {
return MEMBERSHIP_ROLES.includes(value as MembershipRole);
}
export function isBusinessRole(value: string): value is BusinessRole {
return BUSINESS_ROLES.includes(value as BusinessRole);
}