43 lines
1.8 KiB
JavaScript
43 lines
1.8 KiB
JavaScript
const sameTenant = (actor, resource) => actor.role === 'super_admin' || actor.tenant_id === resource.tenant_id;
|
|
|
|
const canReadUser = (actor, targetUser) => {
|
|
if (!actor || !targetUser || !sameTenant(actor, targetUser)) return false;
|
|
if (actor.role === 'super_admin' || actor.role === 'admin') return true;
|
|
if (actor.role === 'agent') return targetUser.id === actor.id;
|
|
if (actor.role === 'manager') {
|
|
return targetUser.id === actor.id || Boolean(actor.team_id && targetUser.team_id === actor.team_id);
|
|
}
|
|
return false;
|
|
};
|
|
|
|
const canUpdateUser = (actor, targetUser) => {
|
|
if (!actor || !targetUser || !sameTenant(actor, targetUser)) return false;
|
|
if (actor.id === targetUser.id) return true;
|
|
if (actor.role === 'super_admin' || actor.role === 'admin') return true;
|
|
if (actor.role === 'manager') {
|
|
return Boolean(actor.team_id && targetUser.team_id === actor.team_id && targetUser.role === 'agent');
|
|
}
|
|
return false;
|
|
};
|
|
|
|
const canManageUserStatus = (actor) => actor.role === 'super_admin' || actor.role === 'admin';
|
|
const canChangeUserEmail = (actor, targetUser) => actor.id === targetUser.id || actor.role === 'super_admin' || actor.role === 'admin';
|
|
const canManageUserRoleOrTeam = (actor) => actor.role === 'super_admin' || actor.role === 'admin';
|
|
|
|
const canReadAttendance = (actor, attendance) => {
|
|
if (!actor || !attendance || !sameTenant(actor, attendance)) return false;
|
|
if (actor.role === 'super_admin' || actor.role === 'admin') return true;
|
|
if (actor.role === 'agent') return attendance.user_id === actor.id;
|
|
if (actor.role === 'manager') return Boolean(actor.team_id && attendance.team_id === actor.team_id);
|
|
return false;
|
|
};
|
|
|
|
module.exports = {
|
|
canReadUser,
|
|
canUpdateUser,
|
|
canManageUserStatus,
|
|
canChangeUserEmail,
|
|
canManageUserRoleOrTeam,
|
|
canReadAttendance,
|
|
};
|