diff options
Diffstat (limited to 'src/permissions/website.ts')
| -rw-r--r-- | src/permissions/website.ts | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/src/permissions/website.ts b/src/permissions/website.ts new file mode 100644 index 0000000..97952ee --- /dev/null +++ b/src/permissions/website.ts @@ -0,0 +1,128 @@ +import { hasPermission } from '@/lib/auth'; +import { PERMISSIONS } from '@/lib/constants'; +import type { Auth } from '@/lib/types'; +import { getLink, getPixel, getTeamUser, getWebsite } from '@/queries/prisma'; + +export async function canViewWebsite({ user, shareToken }: Auth, websiteId: string) { + if (user?.isAdmin) { + return true; + } + + if (shareToken?.websiteId === websiteId) { + return true; + } + + const website = await getWebsite(websiteId); + const link = await getLink(websiteId); + const pixel = await getPixel(websiteId); + + const entity = website || link || pixel; + + if (!entity) { + return false; + } + + if (entity.userId) { + return user.id === entity.userId; + } + + if (entity.teamId) { + const teamUser = await getTeamUser(entity.teamId, user.id); + + return !!teamUser; + } + + return false; +} + +export async function canViewAllWebsites({ user }: Auth) { + return user.isAdmin; +} + +export async function canCreateWebsite({ user }: Auth) { + if (user.isAdmin) { + return true; + } + + return hasPermission(user.role, PERMISSIONS.websiteCreate); +} + +export async function canUpdateWebsite({ user }: Auth, websiteId: string) { + if (user.isAdmin) { + return true; + } + + const website = await getWebsite(websiteId); + + if (!website) { + return false; + } + + if (website.userId) { + return user.id === website.userId; + } + + if (website.teamId) { + const teamUser = await getTeamUser(website.teamId, user.id); + + return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate); + } + + return false; +} + +export async function canDeleteWebsite({ user }: Auth, websiteId: string) { + if (user.isAdmin) { + return true; + } + + const website = await getWebsite(websiteId); + + if (!website) { + return false; + } + + if (website.userId) { + return user.id === website.userId; + } + + if (website.teamId) { + const teamUser = await getTeamUser(website.teamId, user.id); + + return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete); + } + + return false; +} + +export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string, userId: string) { + const website = await getWebsite(websiteId); + + if (!website) { + return false; + } + + if (website.teamId && user.id === userId) { + const teamUser = await getTeamUser(website.teamId, userId); + + return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteTransferToUser); + } + + return false; +} + +export async function canTransferWebsiteToTeam({ user }: Auth, websiteId: string, teamId: string) { + const website = await getWebsite(websiteId); + + if (!website) { + return false; + } + + if (website.userId && website.userId === user.id) { + const teamUser = await getTeamUser(teamId, user.id); + + return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteTransferToTeam); + } + + return false; +} |