Hardik
fc6f3146d4
MANAGER had the Vessels link in the sidebar but lacked the permission, causing a redirect to dashboard on click. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
85 lines
2.1 KiB
TypeScript
85 lines
2.1 KiB
TypeScript
import type { Role } from "@prisma/client";
|
|
|
|
export type Permission =
|
|
| "create_po"
|
|
| "submit_po"
|
|
| "edit_own_draft_po"
|
|
| "view_own_pos"
|
|
| "view_all_pos"
|
|
| "approve_po"
|
|
| "reject_po"
|
|
| "request_edits"
|
|
| "request_vendor_id"
|
|
| "process_payment"
|
|
| "confirm_receipt"
|
|
| "view_analytics"
|
|
| "export_reports"
|
|
| "manage_users"
|
|
| "manage_vendors"
|
|
| "manage_vessels_accounts"
|
|
| "manage_products"
|
|
| "manage_sites";
|
|
|
|
const ROLE_PERMISSIONS: Record<Role, Permission[]> = {
|
|
TECHNICAL: ["create_po", "submit_po", "edit_own_draft_po", "view_own_pos", "confirm_receipt"],
|
|
MANNING: ["create_po", "submit_po", "edit_own_draft_po", "view_own_pos", "confirm_receipt"],
|
|
ACCOUNTS: ["view_all_pos", "process_payment", "manage_vendors"],
|
|
MANAGER: [
|
|
"create_po",
|
|
"submit_po",
|
|
"edit_own_draft_po",
|
|
"view_own_pos",
|
|
"view_all_pos",
|
|
"approve_po",
|
|
"reject_po",
|
|
"request_edits",
|
|
"request_vendor_id",
|
|
"view_analytics",
|
|
"export_reports",
|
|
"manage_vendors",
|
|
"manage_vessels_accounts",
|
|
"manage_products",
|
|
"manage_sites",
|
|
],
|
|
SUPERUSER: [
|
|
"create_po",
|
|
"submit_po",
|
|
"edit_own_draft_po",
|
|
"view_own_pos",
|
|
"view_all_pos",
|
|
"approve_po",
|
|
"reject_po",
|
|
"request_edits",
|
|
"request_vendor_id",
|
|
"process_payment",
|
|
"confirm_receipt",
|
|
"view_analytics",
|
|
"export_reports",
|
|
],
|
|
AUDITOR: ["view_own_pos", "view_all_pos", "view_analytics", "export_reports"],
|
|
ADMIN: [
|
|
"view_own_pos",
|
|
"view_all_pos",
|
|
"view_analytics",
|
|
"export_reports",
|
|
"manage_users",
|
|
"manage_vendors",
|
|
"manage_vessels_accounts",
|
|
"manage_products",
|
|
"manage_sites",
|
|
],
|
|
};
|
|
|
|
export function hasPermission(role: Role, permission: Permission): boolean {
|
|
return ROLE_PERMISSIONS[role]?.includes(permission) ?? false;
|
|
}
|
|
|
|
export function requirePermission(role: Role, permission: Permission): void {
|
|
if (!hasPermission(role, permission)) {
|
|
throw new Error(`Forbidden: role ${role} lacks permission ${permission}`);
|
|
}
|
|
}
|
|
|
|
export function getPermissions(role: Role): Permission[] {
|
|
return ROLE_PERMISSIONS[role] ?? [];
|
|
}
|