import { GroupedPermissions, Permission } from "../features/auth/authSlice"; /** * Permission utility functions for checking user permissions */ /** * Check if user has a specific permission * @param permissions - User's grouped permissions from Redux store * @param permissionKey - The permission key to check (e.g., 'manage_activity_types') * @returns boolean - true if user has the permission */ export const hasPermission = ( permissions: GroupedPermissions, permissionKey: string ): boolean => { if (!permissions || Object.keys(permissions).length === 0) { return false; } // Search through all permission groups for (const groupKey in permissions) { const groupPermissions = permissions[groupKey]; if (Array.isArray(groupPermissions)) { const hasPermissionInGroup = groupPermissions.some( (permission: Permission) => permission.permission_key === permissionKey ); if (hasPermissionInGroup) { return true; } } } return false; }; /** * Check if user has any of the specified permissions (OR logic) * @param permissions - User's grouped permissions from Redux store * @param permissionKeys - Array of permission keys to check * @returns boolean - true if user has at least one of the permissions */ export const hasAnyPermission = ( permissions: GroupedPermissions, permissionKeys: string[] ): boolean => { return permissionKeys.some((key) => hasPermission(permissions, key)); }; /** * Check if user has all of the specified permissions (AND logic) * @param permissions - User's grouped permissions from Redux store * @param permissionKeys - Array of permission keys to check * @returns boolean - true if user has all the permissions */ export const hasAllPermissions = ( permissions: GroupedPermissions, permissionKeys: string[] ): boolean => { return permissionKeys.every((key) => hasPermission(permissions, key)); }; /** * Get all permission keys for a specific group * @param permissions - User's grouped permissions from Redux store * @param groupKey - The group key (e.g., 'activity_types', 'employees') * @returns string[] - Array of permission keys in the group */ export const getPermissionKeysForGroup = ( permissions: GroupedPermissions, groupKey: string ): string[] => { const groupPermissions = permissions[groupKey]; if (!Array.isArray(groupPermissions)) { return []; } return groupPermissions.map( (permission: Permission) => permission.permission_key ); }; /** * Check if user can view a specific module * @param permissions - User's grouped permissions from Redux store * @param module - The module name (e.g., 'activity_types', 'employees') * @returns boolean - true if user can view the module */ export const canView = ( permissions: GroupedPermissions, module: string ): boolean => { return hasPermission(permissions, `view_${module}`); }; /** * Check if user can manage (create/edit/delete) a specific module * @param permissions - User's grouped permissions from Redux store * @param module - The module name (e.g., 'activity_types', 'employees') * @returns boolean - true if user can manage the module */ export const canManage = ( permissions: GroupedPermissions, module: string ): boolean => { return hasPermission(permissions, `manage_${module}`); }; /** * Check if user can perform a specific action on a module * @param permissions - User's grouped permissions from Redux store * @param action - The action (e.g., 'view', 'manage', 'edit', 'delete') * @param module - The module name (e.g., 'activity_types', 'employees') * @returns boolean - true if user can perform the action */ export const canPerformAction = ( permissions: GroupedPermissions, action: string, module: string ): boolean => { return hasPermission(permissions, `${action}_${module}`); }; /** * Get user's permission level for a module * @param permissions - User's grouped permissions from Redux store * @param module - The module name (e.g., 'activity_types', 'employees') * @returns object with permission levels */ export const getModulePermissions = ( permissions: GroupedPermissions, module: string ) => { return { canView: canView(permissions, module), canManage: canManage(permissions, module), canCreate: canManage(permissions, module), // Usually same as manage canEdit: canManage(permissions, module), // Usually same as manage canDelete: canManage(permissions, module), // Usually same as manage }; }; /** * Permission constants for easy reference */ export const PERMISSIONS = { // Dashboard VIEW_DASHBOARD: "view_dashboard", // Activity Types VIEW_ACTIVITY_TYPES: "view_activity_types", MANAGE_ACTIVITY_TYPES: "manage_activity_types", // Categories VIEW_CATEGORIES: "view_categories", MANAGE_CATEGORIES: "manage_categories", // Clients VIEW_CLIENTS: "view_clients", MANAGE_CLIENTS: "manage_clients", // Vendors VIEW_VENDORS: "view_vendors", MANAGE_VENDORS: "manage_vendors", // Time Tracking VIEW_TIME_TRACKING: "view_time_tracking", MANAGE_TIME_TRACKING: "manage_time_tracking", VIEW_COST: "view_cost", // Settings VIEW_SETTINGS: "view_settings", MANAGE_SETTINGS: "manage_settings", // Salary Settings VIEW_SALARY_SETTINGS: "view_salary_settings", MANAGE_SALARY_SETTINGS: "manage_salary_settings", // Roles VIEW_ROLES: "view_roles", MANAGE_ROLES: "manage_roles", // Reports VIEW_REPORTS: "view_reports", MANAGE_REPORTS: "manage_reports", // Projects VIEW_PROJECTS: "view_projects", MANAGE_PROJECTS: "manage_projects", // Permissions VIEW_PERMISSIONS: "view_permissions", MANAGE_PERMISSIONS: "manage_permissions", // Party Types VIEW_PARTY_TYPES: "view_party_types", MANAGE_PARTY_TYPES: "manage_party_types", // Leaves VIEW_LEAVES: "view_leaves", MANAGE_MY_LEAVES: "manage_my_leaves", MANAGE_ALL_LEAVES: "manage_all_leaves", APPROVE_LEAVES: "approve_leaves", // Leave Types VIEW_LEAVE_TYPES: "view_leave_types", MANAGE_LEAVE_TYPES: "manage_leave_types", // Employees VIEW_EMPLOYEES: "view_employees", VIEW_EMPLOYEE_PROFILE: "view_employee_profile", MANAGE_EMPLOYEES: "manage_employees", EDIT_EMPLOYEE_PROFILE: "edit_employee_profile", // Departments VIEW_DEPARTMENTS: "view_departments", MANAGE_DEPARTMENTS: "manage_departments", // Contractors VIEW_CONTRACTORS: "view_contractors", MANAGE_CONTRACTORS: "manage_contractors", // Consultants VIEW_CONSULTANTS: "view_consultants", MANAGE_CONSULTANTS: "manage_consultants", // Company VIEW_COMPANY: "view_company", MANAGE_COMPANY: "manage_company", VIEW_COMPANY_SETTINGS: "view_company_settings", MANAGE_COMPANY_SETTINGS: "manage_company_settings", // Payroll VIEW_PAYROLL: "view_payroll", MANAGE_PAYROLL: "manage_payroll", VIEW_MY_SALARY_SLIP: "view_my_salary_slip", } as const; /** * Module permission mappings for easy reference */ export const MODULE_PERMISSIONS = { activity_types: { view: PERMISSIONS.VIEW_ACTIVITY_TYPES, manage: PERMISSIONS.MANAGE_ACTIVITY_TYPES, }, categories: { view: PERMISSIONS.VIEW_CATEGORIES, manage: PERMISSIONS.MANAGE_CATEGORIES, }, clients: { view: PERMISSIONS.VIEW_CLIENTS, manage: PERMISSIONS.MANAGE_CLIENTS, }, vendors: { view: PERMISSIONS.VIEW_VENDORS, manage: PERMISSIONS.MANAGE_VENDORS, }, employees: { view: PERMISSIONS.VIEW_EMPLOYEES, manage: PERMISSIONS.MANAGE_EMPLOYEES, }, departments: { view: PERMISSIONS.VIEW_DEPARTMENTS, manage: PERMISSIONS.MANAGE_DEPARTMENTS, }, roles: { view: PERMISSIONS.VIEW_ROLES, manage: PERMISSIONS.MANAGE_ROLES, }, projects: { view: PERMISSIONS.VIEW_PROJECTS, manage: PERMISSIONS.MANAGE_PROJECTS, }, contractors: { view: PERMISSIONS.VIEW_CONTRACTORS, manage: PERMISSIONS.MANAGE_CONTRACTORS, }, consultants: { view: PERMISSIONS.VIEW_CONSULTANTS, manage: PERMISSIONS.MANAGE_CONSULTANTS, }, company: { view: PERMISSIONS.VIEW_COMPANY, manage: PERMISSIONS.MANAGE_COMPANY, }, time_tracking: { view: PERMISSIONS.VIEW_TIME_TRACKING, manage: PERMISSIONS.MANAGE_TIME_TRACKING, }, payroll: { view: PERMISSIONS.VIEW_PAYROLL, manage: PERMISSIONS.MANAGE_PAYROLL, }, } as const;