115 lines
3.2 KiB
TypeScript
115 lines
3.2 KiB
TypeScript
export const SYSTEM_ROLES = ['super_admin', 'user'] as const;
|
|
export const MEMBERSHIP_ROLES = ['admin', 'user'] as const;
|
|
export const BUSINESS_ROLES = [
|
|
'it_admin',
|
|
'helpdesk',
|
|
'infrastructure',
|
|
'application',
|
|
'auditor',
|
|
'viewer'
|
|
] as const;
|
|
|
|
export type SystemRole = (typeof SYSTEM_ROLES)[number];
|
|
export type MembershipRole = (typeof MEMBERSHIP_ROLES)[number];
|
|
export type BusinessRole = (typeof BUSINESS_ROLES)[number];
|
|
|
|
export const PERMISSIONS = {
|
|
productsRead: 'products:read',
|
|
productsWrite: 'products:write',
|
|
organizationManage: 'organization:manage',
|
|
usersManage: 'users:manage',
|
|
masterDataManage: 'master_data:manage',
|
|
assetRead: 'asset:read',
|
|
assetCreate: 'asset:create',
|
|
assetUpdate: 'asset:update',
|
|
assetAssign: 'asset:assign',
|
|
assetTransfer: 'asset:transfer',
|
|
assetReturn: 'asset:return',
|
|
assetRepair: 'asset:repair',
|
|
assetAudit: 'asset:audit',
|
|
reportRead: 'report:read'
|
|
} as const;
|
|
|
|
export type Permission = (typeof PERMISSIONS)[keyof typeof PERMISSIONS];
|
|
|
|
function getMembershipBasePermissions(role: MembershipRole): Permission[] {
|
|
if (role === 'admin') {
|
|
return [
|
|
PERMISSIONS.productsRead,
|
|
PERMISSIONS.productsWrite,
|
|
PERMISSIONS.organizationManage,
|
|
PERMISSIONS.usersManage
|
|
];
|
|
}
|
|
|
|
return [PERMISSIONS.productsRead];
|
|
}
|
|
|
|
export function getBusinessRolePermissions(role: BusinessRole): Permission[] {
|
|
switch (role) {
|
|
case 'it_admin':
|
|
return [
|
|
PERMISSIONS.masterDataManage,
|
|
PERMISSIONS.assetRead,
|
|
PERMISSIONS.assetCreate,
|
|
PERMISSIONS.assetUpdate,
|
|
PERMISSIONS.assetAssign,
|
|
PERMISSIONS.assetTransfer,
|
|
PERMISSIONS.assetReturn,
|
|
PERMISSIONS.assetRepair,
|
|
PERMISSIONS.assetAudit,
|
|
PERMISSIONS.reportRead
|
|
];
|
|
case 'helpdesk':
|
|
return [
|
|
PERMISSIONS.assetRead,
|
|
PERMISSIONS.assetAssign,
|
|
PERMISSIONS.assetTransfer,
|
|
PERMISSIONS.assetReturn
|
|
];
|
|
case 'infrastructure':
|
|
return [
|
|
PERMISSIONS.assetRead,
|
|
PERMISSIONS.assetCreate,
|
|
PERMISSIONS.assetUpdate,
|
|
PERMISSIONS.assetRepair,
|
|
PERMISSIONS.reportRead
|
|
];
|
|
case 'application':
|
|
return [
|
|
PERMISSIONS.assetRead,
|
|
PERMISSIONS.assetCreate,
|
|
PERMISSIONS.assetUpdate,
|
|
PERMISSIONS.reportRead
|
|
];
|
|
case 'auditor':
|
|
return [PERMISSIONS.assetRead, PERMISSIONS.assetAudit, PERMISSIONS.reportRead];
|
|
case 'viewer':
|
|
default:
|
|
return [PERMISSIONS.assetRead];
|
|
}
|
|
}
|
|
|
|
export function getDefaultBusinessRole(role: MembershipRole): BusinessRole {
|
|
return role === 'admin' ? 'it_admin' : 'viewer';
|
|
}
|
|
|
|
export function getDefaultPermissions(
|
|
role: MembershipRole,
|
|
businessRole: BusinessRole = getDefaultBusinessRole(role)
|
|
): Permission[] {
|
|
return [...new Set([...getMembershipBasePermissions(role), ...getBusinessRolePermissions(businessRole)])];
|
|
}
|
|
|
|
export function isSystemRole(value: string): value is SystemRole {
|
|
return SYSTEM_ROLES.includes(value as SystemRole);
|
|
}
|
|
|
|
export function isMembershipRole(value: string): value is MembershipRole {
|
|
return MEMBERSHIP_ROLES.includes(value as MembershipRole);
|
|
}
|
|
|
|
export function isBusinessRole(value: string): value is BusinessRole {
|
|
return BUSINESS_ROLES.includes(value as BusinessRole);
|
|
}
|