permissions based rendering

permissions.ts

import { AdminUserRole } from 'gto-patterns'

/**
 * A string combined of resource and method separated by a colon `:` e.g. 'user:get'
 * Desired to keep resource as a singular word
 * Nested resources can be separated by a slash `/` e.g. 'user/account-type:edit'
 * A resource can contain one of owned fields separated by `@` e.g. 'user@registrationDate:get'
 * Default methods are list, get, create, update, delete (https://cloud.google.com/apis/design/standard_methods)
 * Custom methods can be added e.g. block, import, assign, generate
 * These rules are invented, if anyone has a better idea how to categorize actions, please suggest.
 */
export type Action =
  | 'user-admin:create'
  | 'user-admin:edit'
  | 'user-admin:delete'
  | 'user-admin:reset-password'
  | 'user-admin/event-logs:list'
  | 'user-admin-administrator:list'
  | 'user-admin-agent:list'
  | 'user-admin-assistant:list'

  | 'user:get'
  | 'user:edit'
  | 'user:delete'
  | 'user@registrationDate:get'
  | 'user@visible:edit'
  | 'user/account-type:edit'
  | 'user/business:edit'
  | 'user/personal:edit'
  | 'user/contract:edit'
  | 'user/signing-authority:edit'
  | 'user/training:edit'
  | 'user/password:edit'
  | 'user/api:edit'
  | 'user/limit-rules:edit'
  | 'user/notification:list'
  | 'user/card:list'
  | 'user/transaction:list'
  | 'user/sub-account-retailer:list'
  | 'user/sub-account-cashier:list'
  | 'user/event-logs:list'
  | 'user:block'
  | 'user-merchant:get'
  | 'user-merchant:list'
  | 'user-card-seller:get'
  | 'user-pending:list'

  | 'user-sub-account:get'
  | 'user-sub-account:reset-password'
  | 'user-sub-account/transaction:list'
  | 'user-sub-account-cashier:list'
  | 'user-sub-account-cashier:get'
  | 'user-sub-account-retailer:list'
  | 'user-sub-account-retailer:get'

  | 'card:get'
  | 'card:import'
  | 'card:block'
  | 'card:assign'
  | 'card:un-assign'

  | 'assignment:get'
  | 'assignment:list'
  | 'assignment:cancel'

  | 'payout:list'
  | 'settings:get'
  | 'settings/fee:get'
  | 'notification:list'
  | 'dashboard:get'
  | 'report:list'
  | 'system-notification:get'
  | 'system-notification:edit'
  | 'profile/personal:edit'
  | 'profile/password:edit'
  | 'profile/event-logs:list'

type ActionsMap = {
  [key in AdminUserRole]: Action[]
}

const actionsMap: ActionsMap = {
  [AdminUserRole.SUPERVISOR]: [
    'user-admin:create',
    'user-admin:edit',
    'user-admin:delete',
    'user-admin:reset-password',
    'user-admin/event-logs:list',
    'user-admin-administrator:list',
    'user-admin-agent:list',
    'user-admin-assistant:list',
    'user:block',
    'user:get',
    'user:edit',
    'user:delete',
    'user@registrationDate:get',
    'user@visible:edit',
    'user/account-type:edit',
    'user/business:edit',
    'user/personal:edit',
    'user/contract:edit',
    'user/signing-authority:edit',
    'user/training:edit',
    'user/password:edit',
    'user/api:edit',
    'user/limit-rules:edit',
    'user/notification:list',
    'user/card:list',
    'user/transaction:list',
    'user/sub-account-retailer:list',
    'user/sub-account-cashier:list',
    'user/event-logs:list',
    'user-merchant:get',
    'user-merchant:list',
    'user-card-seller:get',
    'user-sub-account:get',
    'user-sub-account/transaction:list',
    'user-sub-account:reset-password',
    'user-sub-account-cashier:list',
    'user-sub-account-cashier:get',
    'user-sub-account-retailer:list',
    'user-sub-account-retailer:get',
    'user-pending:list',
    'card:get',
    'card:import',
    'card:block',
    'assignment:get',
    'assignment:list',
    'assignment:cancel',
    'card:assign',
    'card:un-assign',
    'payout:list',
    'settings:get',
    'settings/fee:get',
    'notification:list',
    'dashboard:get',
    'report:list',
    'system-notification:get',
    'system-notification:edit',
    'profile/personal:edit',
    'profile/password:edit',
    'profile/event-logs:list',
  ],
  [AdminUserRole.GTO_SUPER_ADMIN]: [
    'user-admin:create',
    'user-admin:edit',
    'user-admin:delete',
    'user-admin:reset-password',
    'user-admin/event-logs:list',
    'user-admin-administrator:list',
    'user-admin-agent:list',
    'user-admin-assistant:list',
    'user:block',
    'user:get',
    'user:edit',
    'user:delete',
    'user@registrationDate:get',
    'user@visible:edit',
    'user/account-type:edit',
    'user/business:edit',
    'user/personal:edit',
    'user/contract:edit',
    'user/signing-authority:edit',
    'user/training:edit',
    'user/password:edit',
    'user/api:edit',
    'user/limit-rules:edit',
    'user/notification:list',
    'user/card:list',
    'user/transaction:list',
    'user/sub-account-retailer:list',
    'user/sub-account-cashier:list',
    'user/event-logs:list',
    'user-merchant:get',
    'user-merchant:list',
    'user-card-seller:get',
    'user-sub-account:get',
    'user-sub-account/transaction:list',
    'user-sub-account:reset-password',
    'user-sub-account-cashier:list',
    'user-sub-account-cashier:get',
    'user-sub-account-retailer:list',
    'user-sub-account-retailer:get',
    'user-pending:list',
    'card:get',
    'card:import',
    'card:block',
    'assignment:get',
    'assignment:list',
    'assignment:cancel',
    'card:assign',
    'card:un-assign',
    'payout:list',
    'settings:get',
    'notification:list',
    'dashboard:get',
    'report:list',
    'system-notification:get',
    'system-notification:edit',
    'profile/personal:edit',
    'profile/password:edit',
    'profile/event-logs:list',
  ],
  [AdminUserRole.GTO_SUPERVISOR]: [
    'user-admin:create',
    'user-admin:edit',
    'user-admin/event-logs:list',
    'user-admin-administrator:list',
    'user-admin-agent:list',
    'user-admin-assistant:list',
    'user:block',
    'user:get',
    'user:edit',
    'user@registrationDate:get',
    'user@visible:edit',
    'user/card:list',
    'user/transaction:list',
    'user/sub-account-retailer:list',
    'user/sub-account-cashier:list',
    'user/event-logs:list',
    'user-merchant:get',
    'user-merchant:list',
    'user-card-seller:get',
    'user-sub-account-cashier:list',
    'user-sub-account-retailer:list',
    'card:get',
    'card:import',
    'card:block',
    'assignment:get',
    'assignment:list',
    'card:assign',
    'payout:list',
    'dashboard:get',
    'report:list',
    'system-notification:get',
    'system-notification:edit',
    'profile/personal:edit',
    'profile/password:edit',
    'profile/event-logs:list',
  ],
  [AdminUserRole.GTO_AUDITOR]: [
    'user-admin:create',
    'user-admin:edit',
    'user-admin:delete',
    'user-admin:reset-password',
    'user-admin-administrator:list',
    'user-admin-agent:list',
    'user-admin-assistant:list',
    'user:block',
    'user:get',
    'user:edit',
    'user:delete',
    'user/account-type:edit',
    'user/business:edit',
    'user/personal:edit',
    'user/contract:edit',
    'user/signing-authority:edit',
    'user/training:edit',
    'user/password:edit',
    'user/card:list',
    'user/transaction:list',
    'user/sub-account-retailer:list',
    'user/sub-account-cashier:list',
    'user-merchant:get',
    'user-merchant:list',
    'user-card-seller:get',
    'user-sub-account:get',
    'user-sub-account/transaction:list',
    'user-sub-account:reset-password',
    'user-sub-account-cashier:list',
    'user-sub-account-cashier:get',
    'user-sub-account-retailer:list',
    'user-sub-account-retailer:get',
    'user-pending:list',
    'card:import',
    'card:block',
    'assignment:list',
    'assignment:cancel',
    'card:assign',
    'card:un-assign',
    'profile/personal:edit',
    'profile/password:edit',
  ],
  [AdminUserRole.GTO_AGENT]: [
    'user@registrationDate:get',
    'user@visible:edit',
    'card:get',
    'dashboard:get',
    'report:list',
    'system-notification:get',
    'profile/personal:edit',
    'profile/password:edit',
    'profile/event-logs:list',
  ],
}

export function check(roles: AdminUserRole[], can: Action): boolean {
  return roles.some(role => actionsMap[role]?.includes(can))
}