Home Explore Help
Register Sign In
Code_Uwe
/
rhl-lieferscheine
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: eecc7ed247
Branches Tags
rhl-lieferschei...
/
lib
/
auth
/
permissions.js

permissions.js 1.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. /**
    2. 

  2.  * Role-Based Access Control (RBAC) helpers.
    3. 

  3.  *
    4. 

  4.  * @typedef {Object} Session
    5. 

  5.  * @property {"branch"|"admin"|"dev"|string} role
    6. 

  6.  * @property {string=} branchId
    7. 

  7.  */
    8. 

  8. 

  9. /**
    10. 

  10.  * Returns true if the given session is allowed to access the requested branch.
    11. 

  11.  *
    12. 

  12.  * Rules:
    13. 

  13.  * - No session => not allowed (caller should return 401)
    14. 

  14.  * - role "branch" => allowed only for session.branchId === branchId
    15. 

  15.  * - role "admin" / "dev" => allowed for any branch
    16. 

  16.  *
    17. 

  17.  * @param {Session|null} session
    18. 

  18.  * @param {string} branchId
    19. 

  19.  * @returns {boolean}
    20. 

  20.  */
    21. 

  21. export function canAccessBranch(session, branchId) {
    22. 

  22. 	if (!session) return false;
    23. 

  23. 	if (!branchId) return false;
    24. 

  24. 

  25. 	if (session.role === "branch") {
    26. 

  26. 		return session.branchId === branchId;
    27. 

  27. 	}
    28. 

  28. 

  29. 	if (session.role === "admin" || session.role === "dev") {
    30. 

  30. 		return true;
    31. 

  31. 	}
    32. 

  32. 

  33. 	return false;
    34. 

  34. }
    35. 

  35. 

  36. /**
    37. 

  37.  * Filters a list of branch IDs for a session.
    38. 

  38.  *
    39. 

  39.  * - No session => []
    40. 

  40.  * - role "branch" => [session.branchId] if present in branchIds, else []
    41. 

  41.  * - role "admin" / "dev" => all branchIds
    42. 

  42.  *
    43. 

  43.  * @param {Session|null} session
    44. 

  44.  * @param {string[]} branchIds
    45. 

  45.  * @returns {string[]}
    46. 

  46.  */
    47. 

  47. export function filterBranchesForSession(session, branchIds) {
    48. 

  48. 	if (!session) return [];
    49. 

  49. 	if (!Array.isArray(branchIds)) return [];
    50. 

  50. 

  51. 	if (session.role === "branch") {
    52. 

  52. 		const own = session.branchId;
    53. 

  53. 		if (!own) return [];
    54. 

  54. 		return branchIds.includes(own) ? [own] : [];
    55. 

  55. 	}
    56. 

  56. 

  57. 	if (session.role === "admin" || session.role === "dev") {
    58. 

  58. 		return branchIds;
    59. 

  59. 	}
    60. 

  60. 

  61. 	return [];
    62. 

  62. }
    63.