borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d65862b839759608a1af21ff0cb99651315e8c26
drone-detector/client/src/utils/rbac.js
Alexander Borg 8a6a0a472c Fix jwt-token
2025-09-13 15:42:55 +02:00

171 lines
4.6 KiB
JavaScript
Raw Blame History

/**
* Frontend RBAC Utility
* Client-side permission checking to match server-side RBAC system
*/
// Define the same permissions as the server
export const PERMISSIONS = {
// General tenant management
'tenant.view': 'View tenant information',
'tenant.edit': 'Edit basic tenant settings',
// Branding permissions
'branding.view': 'View branding settings',
'branding.edit': 'Edit branding and appearance',
// Security permissions
'security.view': 'View security settings',
'security.edit': 'Edit security settings and IP restrictions',
// User management permissions
'users.view': 'View user list',
'users.create': 'Create new users',
'users.edit': 'Edit user details',
'users.delete': 'Delete or deactivate users',
'users.manage_roles': 'Change user roles',
// Authentication permissions
'auth.view': 'View authentication settings',
'auth.edit': 'Edit authentication provider settings',
// Operational permissions
'dashboard.view': 'View dashboard',
'devices.view': 'View devices',
'devices.manage': 'Add, edit, delete devices',
'detections.view': 'View detections',
'alerts.view': 'View alerts',
'alerts.manage': 'Manage alert configurations',
'debug.access': 'Access debug information'
};
// Define roles and their permissions (must match server-side)
export const ROLES = {
// Full tenant administrator
'admin': [
'tenant.view', 'tenant.edit',
'branding.view', 'branding.edit',
'security.view', 'security.edit',
'users.view', 'users.create', 'users.edit', 'users.delete', 'users.manage_roles',
'auth.view', 'auth.edit',
'dashboard.view',
'devices.view', 'devices.manage',
'detections.view',
'alerts.view', 'alerts.manage',
'debug.access'
],
// User management specialist
'user_admin': [
'tenant.view',
'users.view', 'users.create', 'users.edit', 'users.delete', 'users.manage_roles',
'dashboard.view',
'devices.view',
'detections.view',
'alerts.view'
],
// Security specialist
'security_admin': [
'tenant.view',
'security.view', 'security.edit',
'auth.view', 'auth.edit',
'users.view',
'dashboard.view',
'devices.view',
'detections.view',
'alerts.view'
],
// Branding/marketing specialist
'branding_admin': [
'tenant.view',
'branding.view', 'branding.edit',
'dashboard.view',
'devices.view',
'detections.view',
'alerts.view'
],
// Operations manager
'operator': [
'tenant.view',
'dashboard.view',
'devices.view', 'devices.manage',
'detections.view',
'alerts.view', 'alerts.manage'
],
// Read-only user
'viewer': [
'dashboard.view',
'devices.view',
'detections.view',
'alerts.view'
]
};
/**
* Check if a user has a specific permission
* @param {string} userRole - The user's role
* @param {string} permission - The permission to check
* @returns {boolean} True if the user has the permission
*/
export function hasPermission(userRole, permission) {
if (!userRole || !permission) return false;
const rolePermissions = ROLES[userRole];
if (!rolePermissions) return false;
return rolePermissions.includes(permission);
}
/**
* Check if a user has any of the provided permissions
* @param {string} userRole - The user's role
* @param {string[]} permissions - Array of permissions to check
* @returns {boolean} True if the user has at least one permission
*/
export function hasAnyPermission(userRole, permissions) {
if (!userRole || !permissions || !Array.isArray(permissions)) return false;
return permissions.some(permission => hasPermission(userRole, permission));
}
/**
* Check if a user has all of the provided permissions
* @param {string} userRole - The user's role
* @param {string[]} permissions - Array of permissions to check
* @returns {boolean} True if the user has all permissions
*/
export function hasAllPermissions(userRole, permissions) {
if (!userRole || !permissions || !Array.isArray(permissions)) return false;
return permissions.every(permission => hasPermission(userRole, permission));
}
/**
* Get all permissions for a role
* @param {string} userRole - The user's role
* @returns {string[]} Array of permissions for the role
*/
export function getRolePermissions(userRole) {
if (!userRole) return [];
return ROLES[userRole] || [];
}
/**
* Check if user can access settings at all
* @param {string} userRole - The user's role
* @returns {boolean} True if user can access any settings
*/
export function canAccessSettings(userRole) {
return hasAnyPermission(userRole, [
'tenant.view',
'branding.view',
'security.view',
'auth.view',
'users.view'
]);
}
Reference in New Issue View Git Blame Copy Permalink