83 lines
2.1 KiB
TypeScript
83 lines
2.1 KiB
TypeScript
|
/**
|
||
|
|
* RBAC Permissions
|
||
|
|
*
|
||
|
|
* Defines the permission constants and role-permission mappings
|
||
|
|
* for the customer portal authorization system.
|
||
|
|
*/
|
||
|
|
|
||
|
|
export const PERMISSIONS = {
|
||
|
|
// Account permissions
|
||
|
|
ACCOUNT_READ: "account:read",
|
||
|
|
ACCOUNT_UPDATE: "account:update",
|
||
|
|
|
||
|
|
// Billing permissions
|
||
|
|
BILLING_READ: "billing:read",
|
||
|
|
BILLING_PAY: "billing:pay",
|
||
|
|
|
||
|
|
// Orders permissions
|
||
|
|
ORDERS_READ: "orders:read",
|
||
|
|
ORDERS_CREATE: "orders:create",
|
||
|
|
|
||
|
|
// Services permissions
|
||
|
|
SERVICES_READ: "services:read",
|
||
|
|
SERVICES_MANAGE: "services:manage",
|
||
|
|
|
||
|
|
// Support permissions
|
||
|
|
SUPPORT_READ: "support:read",
|
||
|
|
SUPPORT_CREATE: "support:create",
|
||
|
|
|
||
|
|
// Admin permissions
|
||
|
|
ADMIN_USERS: "admin:users",
|
||
|
|
ADMIN_AUDIT: "admin:audit",
|
||
|
|
} as const;
|
||
|
|
|
||
|
|
export type Permission = (typeof PERMISSIONS)[keyof typeof PERMISSIONS];
|
||
|
|
|
||
|
|
export const ROLE_PERMISSIONS: Record<string, Permission[]> = {
|
||
|
|
USER: [
|
||
|
|
PERMISSIONS.ACCOUNT_READ,
|
||
|
|
PERMISSIONS.ACCOUNT_UPDATE,
|
||
|
|
PERMISSIONS.BILLING_READ,
|
||
|
|
PERMISSIONS.BILLING_PAY,
|
||
|
|
PERMISSIONS.ORDERS_READ,
|
||
|
|
PERMISSIONS.ORDERS_CREATE,
|
||
|
|
PERMISSIONS.SERVICES_READ,
|
||
|
|
PERMISSIONS.SERVICES_MANAGE,
|
||
|
|
PERMISSIONS.SUPPORT_READ,
|
||
|
|
PERMISSIONS.SUPPORT_CREATE,
|
||
|
|
],
|
||
|
|
ADMIN: Object.values(PERMISSIONS) as Permission[],
|
||
|
|
};
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Check if a role has a specific permission
|
||
|
|
*/
|
||
|
|
export function hasPermission(role: string, permission: Permission): boolean {
|
||
|
|
const rolePermissions = ROLE_PERMISSIONS[role];
|
||
|
|
if (!rolePermissions) {
|
||
|
|
return false;
|
||
|
|
}
|
||
|
|
return rolePermissions.includes(permission);
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Check if a role has any of the specified permissions
|
||
|
|
*/
|
||
|
|
export function hasAnyPermission(role: string, permissions: Permission[]): boolean {
|
||
|
|
return permissions.some(permission => hasPermission(role, permission));
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Check if a role has all of the specified permissions
|
||
|
|
*/
|
||
|
|
export function hasAllPermissions(role: string, permissions: Permission[]): boolean {
|
||
|
|
return permissions.every(permission => hasPermission(role, permission));
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Get all permissions for a role
|
||
|
|
*/
|
||
|
|
export function getPermissionsForRole(role: string): Permission[] {
|
||
|
|
return ROLE_PERMISSIONS[role] ?? [];
|
||
|
|
}
|