Files
talk/src/core/client/admin/permissions.tsx
T
KiwiandWyatt Johnson f9114ef4be [CORL-318] Overhaul Permissions Checks on the Client (#2246)
* feat: overhaul admin permission checks

* feat: overhaul stream permission checks
2019-03-29 18:55:32 +00:00

38 lines
1.2 KiB
TypeScript

import { mapValues } from "lodash";
import { GQLUSER_ROLE, GQLUSER_ROLE_RL } from "talk-framework/schema";
/**
* permissionMap describes what abilities certain roles have.
*
* This list is currently manually managed. We want to
* get to a point where this is generated from the schema.
*
* We currently specify in the comments which endpoints of
* the graph is important for the ability, which we can later
* used to auto generate the map making the schema become
* the single point of truth.
*/
const permissionMap = {
// Mutation.updateSettings
CHANGE_CONFIGURATION: [GQLUSER_ROLE.ADMIN],
// Mutation.updateUserRole
CHANGE_ROLE: [GQLUSER_ROLE.ADMIN],
// Mutation.openStory
// Mutation.closeStory
CHANGE_STORY_STATUS: [GQLUSER_ROLE.ADMIN],
};
export type AbilityType = keyof typeof permissionMap;
export const Ability = mapValues(permissionMap, (_, key) => key) as {
[P in AbilityType]: P
};
/**
* can is used to check if the `viewer` has permission for `ability`.
*
* Example: `can(props.me, Ability.CHANGE_ROLE)`.
*/
export function can(viewer: { role: GQLUSER_ROLE_RL }, ability: AbilityType) {
return permissionMap[ability].includes(viewer.role as GQLUSER_ROLE);
}