Spaces:

nothingworry
/

IntegraChat

Sleeping

File size: 2,048 Bytes

/**
 * Permission utilities for role-based access control
 * Maps frontend roles to backend permission actions
 */

export type UserRole = "viewer" | "editor" | "admin" | "owner";

/**
 * Permission actions that match backend definitions
 */
type PermissionAction = 
  | "manage_rules"      // Admin/Owner only
  | "ingest_documents"  // Editor/Admin/Owner
  | "delete_documents"  // Admin/Owner only
  | "view_analytics";   // Admin/Owner only

/**
 * Permission matrix matching backend access_control.py
 */
const PERMISSIONS: Record<PermissionAction, UserRole[]> = {
  manage_rules: ["admin", "owner"],
  ingest_documents: ["editor", "admin", "owner"],
  delete_documents: ["admin", "owner"],
  view_analytics: ["viewer", "editor", "admin", "owner"],
};

/**
 * Check if a role has permission for an action
 */
export function hasPermission(role: UserRole, action: PermissionAction): boolean {
  const allowedRoles = PERMISSIONS[action];
  return allowedRoles.includes(role);
}

/**
 * Check if user can manage rules (admin/owner only)
 */
export function canManageRules(role: UserRole): boolean {
  return hasPermission(role, "manage_rules");
}

/**
 * Check if user can ingest documents (editor/admin/owner)
 */
export function canIngestDocuments(role: UserRole): boolean {
  return hasPermission(role, "ingest_documents");
}

/**
 * Check if user can delete documents (admin/owner only)
 */
export function canDeleteDocuments(role: UserRole): boolean {
  return hasPermission(role, "delete_documents");
}

/**
 * Check if user can view analytics (admin/owner only)
 */
export function canViewAnalytics(role: UserRole): boolean {
  return hasPermission(role, "view_analytics");
}

/**
 * Check if user has admin-level access (admin or owner)
 */
export function isAdminOrOwner(role: UserRole): boolean {
  return role === "admin" || role === "owner";
}

/**
 * Check if user has editor-level access or higher
 */
export function isEditorOrAbove(role: UserRole): boolean {
  return role === "editor" || role === "admin" || role === "owner";
}