/** * Permission utilities for role-based access control * Maps frontend roles to backend permission actions */ export type UserRole = "viewer" | "editor" | "admin" | "owner"; /** * Permission actions that match backend definitions */ type PermissionAction = | "manage_rules" // Admin/Owner only | "ingest_documents" // Editor/Admin/Owner | "delete_documents" // Admin/Owner only | "view_analytics"; // Admin/Owner only /** * Permission matrix matching backend access_control.py */ const PERMISSIONS: Record = { manage_rules: ["admin", "owner"], ingest_documents: ["editor", "admin", "owner"], delete_documents: ["admin", "owner"], view_analytics: ["viewer", "editor", "admin", "owner"], }; /** * Check if a role has permission for an action */ export function hasPermission(role: UserRole, action: PermissionAction): boolean { const allowedRoles = PERMISSIONS[action]; return allowedRoles.includes(role); } /** * Check if user can manage rules (admin/owner only) */ export function canManageRules(role: UserRole): boolean { return hasPermission(role, "manage_rules"); } /** * Check if user can ingest documents (editor/admin/owner) */ export function canIngestDocuments(role: UserRole): boolean { return hasPermission(role, "ingest_documents"); } /** * Check if user can delete documents (admin/owner only) */ export function canDeleteDocuments(role: UserRole): boolean { return hasPermission(role, "delete_documents"); } /** * Check if user can view analytics (admin/owner only) */ export function canViewAnalytics(role: UserRole): boolean { return hasPermission(role, "view_analytics"); } /** * Check if user has admin-level access (admin or owner) */ export function isAdminOrOwner(role: UserRole): boolean { return role === "admin" || role === "owner"; } /** * Check if user has editor-level access or higher */ export function isEditorOrAbove(role: UserRole): boolean { return role === "editor" || role === "admin" || role === "owner"; }