blyzer/fasto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add backend policy tests and API client split
All checks were successful
Build and Deploy / build-and-push (push) Successful in 3m8s
Details

Browse Source
This commit is contained in:
Cauê Faleiros
2026-05-28 16:00:30 -03:00
parent 5648dc7986
commit aa59e642af
11 changed files with 298 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
backend/policies/accessPolicy.js Normal file
View File

@@ -0,0 +1,42 @@
const sameTenant = (actor, resource) => actor.role === 'super_admin' || actor.tenant_id === resource.tenant_id;
const canReadUser = (actor, targetUser) => {
if (!actor || !targetUser || !sameTenant(actor, targetUser)) return false;
if (actor.role === 'super_admin' || actor.role === 'admin') return true;
if (actor.role === 'agent') return targetUser.id === actor.id;
if (actor.role === 'manager') {
return targetUser.id === actor.id || Boolean(actor.team_id && targetUser.team_id === actor.team_id);
}
return false;
};
const canUpdateUser = (actor, targetUser) => {
if (!actor || !targetUser || !sameTenant(actor, targetUser)) return false;
if (actor.id === targetUser.id) return true;
if (actor.role === 'super_admin' || actor.role === 'admin') return true;
if (actor.role === 'manager') {
return Boolean(actor.team_id && targetUser.team_id === actor.team_id && targetUser.role === 'agent');
}
return false;
};
const canManageUserStatus = (actor) => actor.role === 'super_admin' || actor.role === 'admin';
const canChangeUserEmail = (actor, targetUser) => actor.id === targetUser.id || actor.role === 'super_admin' || actor.role === 'admin';
const canManageUserRoleOrTeam = (actor) => actor.role === 'super_admin' || actor.role === 'admin';
const canReadAttendance = (actor, attendance) => {
if (!actor || !attendance || !sameTenant(actor, attendance)) return false;
if (actor.role === 'super_admin' || actor.role === 'admin') return true;
if (actor.role === 'agent') return attendance.user_id === actor.id;
if (actor.role === 'manager') return Boolean(actor.team_id && attendance.team_id === actor.team_id);
return false;
};
module.exports = {
canReadUser,
canUpdateUser,
canManageUserStatus,
canChangeUserEmail,
canManageUserRoleOrTeam,
canReadAttendance,
};