Spaces:

nothingworry
/

IntegraChat

Sleeping

App Files Files Community

IntegraChat / frontend /lib /permissions.ts

nothingworry

feat: Add real-time reasoning visualizer, tool timeline, and tenant heatmap components

1d2a779 18 days ago

raw

history blame

2.05 kB

	/**
	* Permission utilities for role-based access control
	* Maps frontend roles to backend permission actions
	*/

	export type UserRole = "viewer" \| "editor" \| "admin" \| "owner";

	/**
	* Permission actions that match backend definitions
	*/
	type PermissionAction =
	\| "manage_rules" // Admin/Owner only
	\| "ingest_documents" // Editor/Admin/Owner
	\| "delete_documents" // Admin/Owner only
	\| "view_analytics"; // Admin/Owner only

	/**
	* Permission matrix matching backend access_control.py
	*/
	const PERMISSIONS: Record<PermissionAction, UserRole[]> = {
	manage_rules: ["admin", "owner"],
	ingest_documents: ["editor", "admin", "owner"],
	delete_documents: ["admin", "owner"],
	view_analytics: ["viewer", "editor", "admin", "owner"],
	};

	/**
	* Check if a role has permission for an action
	*/
	export function hasPermission(role: UserRole, action: PermissionAction): boolean {
	const allowedRoles = PERMISSIONS[action];
	return allowedRoles.includes(role);
	}

	/**
	* Check if user can manage rules (admin/owner only)
	*/
	export function canManageRules(role: UserRole): boolean {
	return hasPermission(role, "manage_rules");
	}

	/**
	* Check if user can ingest documents (editor/admin/owner)
	*/
	export function canIngestDocuments(role: UserRole): boolean {
	return hasPermission(role, "ingest_documents");
	}

	/**
	* Check if user can delete documents (admin/owner only)
	*/
	export function canDeleteDocuments(role: UserRole): boolean {
	return hasPermission(role, "delete_documents");
	}

	/**
	* Check if user can view analytics (admin/owner only)
	*/
	export function canViewAnalytics(role: UserRole): boolean {
	return hasPermission(role, "view_analytics");
	}

	/**
	* Check if user has admin-level access (admin or owner)
	*/
	export function isAdminOrOwner(role: UserRole): boolean {
	return role === "admin" \|\| role === "owner";
	}

	/**
	* Check if user has editor-level access or higher
	*/
	export function isEditorOrAbove(role: UserRole): boolean {
	return role === "editor" \|\| role === "admin" \|\| role === "owner";
	}