Fix jwt-token
This commit is contained in:
170
client/src/utils/rbac.js
Normal file
170
client/src/utils/rbac.js
Normal file
@@ -0,0 +1,170 @@
|
||||
/**
|
||||
* Frontend RBAC Utility
|
||||
* Client-side permission checking to match server-side RBAC system
|
||||
*/
|
||||
|
||||
// Define the same permissions as the server
|
||||
export const PERMISSIONS = {
|
||||
// General tenant management
|
||||
'tenant.view': 'View tenant information',
|
||||
'tenant.edit': 'Edit basic tenant settings',
|
||||
|
||||
// Branding permissions
|
||||
'branding.view': 'View branding settings',
|
||||
'branding.edit': 'Edit branding and appearance',
|
||||
|
||||
// Security permissions
|
||||
'security.view': 'View security settings',
|
||||
'security.edit': 'Edit security settings and IP restrictions',
|
||||
|
||||
// User management permissions
|
||||
'users.view': 'View user list',
|
||||
'users.create': 'Create new users',
|
||||
'users.edit': 'Edit user details',
|
||||
'users.delete': 'Delete or deactivate users',
|
||||
'users.manage_roles': 'Change user roles',
|
||||
|
||||
// Authentication permissions
|
||||
'auth.view': 'View authentication settings',
|
||||
'auth.edit': 'Edit authentication provider settings',
|
||||
|
||||
// Operational permissions
|
||||
'dashboard.view': 'View dashboard',
|
||||
'devices.view': 'View devices',
|
||||
'devices.manage': 'Add, edit, delete devices',
|
||||
'detections.view': 'View detections',
|
||||
'alerts.view': 'View alerts',
|
||||
'alerts.manage': 'Manage alert configurations',
|
||||
'debug.access': 'Access debug information'
|
||||
};
|
||||
|
||||
// Define roles and their permissions (must match server-side)
|
||||
export const ROLES = {
|
||||
// Full tenant administrator
|
||||
'admin': [
|
||||
'tenant.view', 'tenant.edit',
|
||||
'branding.view', 'branding.edit',
|
||||
'security.view', 'security.edit',
|
||||
'users.view', 'users.create', 'users.edit', 'users.delete', 'users.manage_roles',
|
||||
'auth.view', 'auth.edit',
|
||||
'dashboard.view',
|
||||
'devices.view', 'devices.manage',
|
||||
'detections.view',
|
||||
'alerts.view', 'alerts.manage',
|
||||
'debug.access'
|
||||
],
|
||||
|
||||
// User management specialist
|
||||
'user_admin': [
|
||||
'tenant.view',
|
||||
'users.view', 'users.create', 'users.edit', 'users.delete', 'users.manage_roles',
|
||||
'dashboard.view',
|
||||
'devices.view',
|
||||
'detections.view',
|
||||
'alerts.view'
|
||||
],
|
||||
|
||||
// Security specialist
|
||||
'security_admin': [
|
||||
'tenant.view',
|
||||
'security.view', 'security.edit',
|
||||
'auth.view', 'auth.edit',
|
||||
'users.view',
|
||||
'dashboard.view',
|
||||
'devices.view',
|
||||
'detections.view',
|
||||
'alerts.view'
|
||||
],
|
||||
|
||||
// Branding/marketing specialist
|
||||
'branding_admin': [
|
||||
'tenant.view',
|
||||
'branding.view', 'branding.edit',
|
||||
'dashboard.view',
|
||||
'devices.view',
|
||||
'detections.view',
|
||||
'alerts.view'
|
||||
],
|
||||
|
||||
// Operations manager
|
||||
'operator': [
|
||||
'tenant.view',
|
||||
'dashboard.view',
|
||||
'devices.view', 'devices.manage',
|
||||
'detections.view',
|
||||
'alerts.view', 'alerts.manage'
|
||||
],
|
||||
|
||||
// Read-only user
|
||||
'viewer': [
|
||||
'dashboard.view',
|
||||
'devices.view',
|
||||
'detections.view',
|
||||
'alerts.view'
|
||||
]
|
||||
};
|
||||
|
||||
/**
|
||||
* Check if a user has a specific permission
|
||||
* @param {string} userRole - The user's role
|
||||
* @param {string} permission - The permission to check
|
||||
* @returns {boolean} True if the user has the permission
|
||||
*/
|
||||
export function hasPermission(userRole, permission) {
|
||||
if (!userRole || !permission) return false;
|
||||
|
||||
const rolePermissions = ROLES[userRole];
|
||||
if (!rolePermissions) return false;
|
||||
|
||||
return rolePermissions.includes(permission);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a user has any of the provided permissions
|
||||
* @param {string} userRole - The user's role
|
||||
* @param {string[]} permissions - Array of permissions to check
|
||||
* @returns {boolean} True if the user has at least one permission
|
||||
*/
|
||||
export function hasAnyPermission(userRole, permissions) {
|
||||
if (!userRole || !permissions || !Array.isArray(permissions)) return false;
|
||||
|
||||
return permissions.some(permission => hasPermission(userRole, permission));
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a user has all of the provided permissions
|
||||
* @param {string} userRole - The user's role
|
||||
* @param {string[]} permissions - Array of permissions to check
|
||||
* @returns {boolean} True if the user has all permissions
|
||||
*/
|
||||
export function hasAllPermissions(userRole, permissions) {
|
||||
if (!userRole || !permissions || !Array.isArray(permissions)) return false;
|
||||
|
||||
return permissions.every(permission => hasPermission(userRole, permission));
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all permissions for a role
|
||||
* @param {string} userRole - The user's role
|
||||
* @returns {string[]} Array of permissions for the role
|
||||
*/
|
||||
export function getRolePermissions(userRole) {
|
||||
if (!userRole) return [];
|
||||
|
||||
return ROLES[userRole] || [];
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user can access settings at all
|
||||
* @param {string} userRole - The user's role
|
||||
* @returns {boolean} True if user can access any settings
|
||||
*/
|
||||
export function canAccessSettings(userRole) {
|
||||
return hasAnyPermission(userRole, [
|
||||
'tenant.view',
|
||||
'branding.view',
|
||||
'security.view',
|
||||
'auth.view',
|
||||
'users.view'
|
||||
]);
|
||||
}
|
||||
Reference in New Issue
Block a user