Sign upLogin

hadmean/hadmean

View on GitHub
Star
src/shared/logic/permissions/index.ts

Summary

Maintainability
A
2 hrs
Test Coverage
C
70%
import {
  CAN_ACCESS_ENTITY,
  META_USER_PERMISSIONS,
  UserPermissions,
} from "shared/constants/user";
import { GranularEntityPermissions, SystemRoles } from "shared/types/user";
import { replaceGranular } from "shared/constants/user/shared";
import { portalMetaPermissionCheck } from "./portal";

const doMetaPermissionCheck =
  (permissions: string[], requiredPermission: string) =>
  (metaCheck: string, allPermission: string): boolean | void => {
    if (
      requiredPermission.startsWith(metaCheck) &&
      permissions.includes(allPermission)
    ) {
      return true;
    }
  };

export const doesPermissionAllowPermission = (
  permissions: string[],
  requiredPermission: string,
  checkGranular: boolean
): boolean => {
  if (requiredPermission === META_USER_PERMISSIONS.NO_PERMISSION_REQUIRED) {
    return true;
  }

  if (permissions.length === 0) {
    return false;
  }
  const doMetaPermissionCheck$1 = doMetaPermissionCheck(
    permissions,
    requiredPermission
  );

  const portalMetaPermissionCheckResponse = portalMetaPermissionCheck(
    doMetaPermissionCheck$1
  );

  if (typeof portalMetaPermissionCheckResponse === "boolean") {
    return portalMetaPermissionCheckResponse;
  }

  const entitiesMetaCheck = doMetaPermissionCheck$1(
    CAN_ACCESS_ENTITY,
    UserPermissions.CAN_MANAGE_ALL_ENTITIES
  );

  if (typeof entitiesMetaCheck === "boolean") {
    return entitiesMetaCheck;
  }

  if (requiredPermission.startsWith(CAN_ACCESS_ENTITY) && !checkGranular) {
    // eslint-disable-next-line no-param-reassign
    requiredPermission = replaceGranular(
      requiredPermission,
      GranularEntityPermissions.Show
    );
  }

  return permissions.includes(requiredPermission);
};

const doSystemRoleCheck = (
  role: string,
  requiredPermission: string
): boolean | void => {
  if (role === SystemRoles.Creator) {
    return true;
  }

  if (role === SystemRoles.Viewer) {
    return requiredPermission.startsWith(CAN_ACCESS_ENTITY);
  }
};

export const canRoleDoThisAsync = async (
  userRole: string,
  permission: string,
  checkGranular: boolean,
  getRolePermission: (role: string) => Promise<string[]>
): Promise<boolean> => {
  const systemRoleCheck = doSystemRoleCheck(userRole, permission);

  if (typeof systemRoleCheck === "boolean") {
    return systemRoleCheck;
  }

  const rolePermissions = await getRolePermission(userRole);

  return doesPermissionAllowPermission(
    rolePermissions,
    permission,
    checkGranular
  );
};

export const canRoleDoThisSync = (
  userRole: string,
  permission: string,
  rolePermissions: string[],
  checkGranular = false
): boolean => {
  const systemRoleCheck = doSystemRoleCheck(userRole, permission);

  if (typeof systemRoleCheck === "boolean") {
    return systemRoleCheck;
  }

  return doesPermissionAllowPermission(
    rolePermissions,
    permission,
    checkGranular
  );
};