chore: initial project import
Some checks failed
CI - Production Readiness / Verify (push) Has been cancelled

This commit is contained in:
Wira Basalamah
2026-04-21 09:29:29 +07:00
commit adde003fba
222 changed files with 37657 additions and 0 deletions

71
lib/permissions.ts Normal file
View File

@ -0,0 +1,71 @@
import type { UserRole } from "@/lib/auth";
export type ActionPermission =
| "admin:read"
| "admin:manage"
| "agent:read"
| "agent:manage"
| "inbox:read"
| "inbox:assign"
| "inbox:status"
| "inbox:reply"
| "inbox:notes"
| "inbox:tags"
| "tenant:read"
| "profile:manage_self";
type AllPermission = ActionPermission | "*";
const rolePermissions: Record<UserRole, readonly AllPermission[]> = {
super_admin: ["*", "admin:read", "admin:manage", "agent:read", "agent:manage", "inbox:read", "inbox:assign", "inbox:status", "inbox:reply", "inbox:notes", "inbox:tags", "tenant:read"],
admin_client: [
"admin:read",
"admin:manage",
"inbox:read",
"inbox:assign",
"inbox:status",
"inbox:reply",
"inbox:notes",
"inbox:tags",
"agent:read",
"tenant:read",
"profile:manage_self"
],
agent: [
"agent:read",
"inbox:read",
"inbox:assign",
"inbox:status",
"inbox:reply",
"inbox:notes",
"inbox:tags",
"profile:manage_self"
]
};
function toPermissionSet(role: UserRole) {
return new Set<AllPermission | string>(rolePermissions[role]);
}
export function hasPermission(role: UserRole, permission: ActionPermission) {
const permissionSet = toPermissionSet(role);
return permissionSet.has("*") || permissionSet.has(permission);
}
export function hasPermissionWithGrants(role: UserRole, permission: ActionPermission, extraPermissions?: Iterable<string>) {
const permissionSet = toPermissionSet(role);
if (extraPermissions) {
for (const value of extraPermissions) {
permissionSet.add(value);
}
}
return permissionSet.has("*") || permissionSet.has(permission);
}
export function assertPermission(role: UserRole, permission: ActionPermission, extraPermissions?: Iterable<string>) {
if (!hasPermissionWithGrants(role, permission, extraPermissions)) {
return false;
}
return true;
}