All checks were successful
Build and Publish Docker Image / build-and-push (push) Successful in 2m52s
35 lines
1.1 KiB
TypeScript
35 lines
1.1 KiB
TypeScript
import { type AuthPayload, type Role } from "../model/interfaces.ts";
|
|
|
|
// Named capabilities checked at enforcement points. Extend this union as new
|
|
// gated capabilities are added (e.g. "invite:manage").
|
|
export type Permission =
|
|
| "dump:moderate"
|
|
| "comment:moderate"
|
|
| "playlist:moderate"
|
|
| "user:manage"
|
|
| "category:manage";
|
|
|
|
const ALL_PERMISSIONS: readonly Permission[] = [
|
|
"dump:moderate",
|
|
"comment:moderate",
|
|
"playlist:moderate",
|
|
"user:manage",
|
|
"category:manage",
|
|
];
|
|
|
|
// Roles are fixed in code. `admin` is a superset of every permission (current
|
|
// and future); `moderator` gets the content-moderation permissions only.
|
|
export const ROLE_PERMISSIONS: Record<Role, readonly Permission[]> = {
|
|
admin: ALL_PERMISSIONS,
|
|
moderator: ["dump:moderate", "comment:moderate", "playlist:moderate"],
|
|
user: [],
|
|
};
|
|
|
|
export function hasPermission(role: Role, permission: Permission): boolean {
|
|
return ROLE_PERMISSIONS[role].includes(permission);
|
|
}
|
|
|
|
export function can(payload: AuthPayload, permission: Permission): boolean {
|
|
return hasPermission(payload.role, permission);
|
|
}
|