talk/client/coral-framework/services/perms.js

import get from 'lodash/get';
import includes from 'lodash/includes';
import { ADMIN, MODERATOR, STAFF } from '../constants/roles';
import { UNSET, REJECTED, CHANGED } from '../constants/usernameStatus';

// =========================================================================
// BASIC PERMISSIONS
// =========================================================================

const basicPerms = {
  INTERACT_WITH_COMMUNITY: user => {
    const usernameChangeInProgress = includes(
      [UNSET, REJECTED, CHANGED],
      get(user, 'status.username.status')
    );
    const banned = get(user, 'status.banned.status');
    const suspensionUntil = get(user, 'status.suspension.until');
    const suspended = suspensionUntil && new Date(suspensionUntil) > new Date();

    return !usernameChangeInProgress && !banned && !suspended;
  },
  EDIT_NAME: user => {
    return includes([UNSET, REJECTED], get(user, 'status.username.status'));
  },
};

// =========================================================================
// PERMISSIONS BY ROLE
// =========================================================================

const basicRoles = {
  HAS_STAFF_TAG: [ADMIN, MODERATOR, STAFF],
};

const queryRoles = {
  UPDATE_ASSET_CONFIG: [ADMIN, MODERATOR],
  UPDATE_CONFIG: [ADMIN],
  ACCESS_ADMIN: [ADMIN, MODERATOR],
  VIEW_USER_EMAILS: [ADMIN],
};

const mutationRoles = {
  CHANGE_ROLES: [ADMIN],
  MODERATE_COMMENTS: [ADMIN, MODERATOR],
};

const roles = { ...basicRoles, ...queryRoles, ...mutationRoles };

export const can = (user, ...perms) => {
  if (!user) {
    return false;
  }

  return perms.every(perm => {
    // Basic Permissions
    const permAction = basicPerms[perm];
    if (typeof permAction !== 'undefined') {
      return permAction(user);
    }

    // Permissions by Role
    const role = roles[perm];
    if (typeof role === 'undefined') {
      throw new Error(`${perm} is not a valid role or permission`);
    }

    return role.includes(user.role);
  });
};