kincses/service-finder
1
0
Fork 0
Code Issues 7 Pull Requests Packages Projects 2 Releases Wiki Activity

admin firs step

Browse Source
This commit is contained in:
Roo
2026-03-23 21:43:40 +00:00
parent 309a72cc0b
commit cddcd34ba9
47 changed files with 22698 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

237
frontend/admin/composables/useRBAC.ts Normal file
View File

@@ -0,0 +1,237 @@
import { useAuthStore } from '~/stores/auth'
// Role definitions with hierarchical ranks
export enum Role {
SUPERADMIN = 'superadmin',
ADMIN = 'admin',
MODERATOR = 'moderator',
SALESPERSON = 'salesperson'
}
// Scope level definitions
export enum ScopeLevel {
GLOBAL = 'global',
COUNTRY = 'country',
REGION = 'region',
CITY = 'city',
DISTRICT = 'district'
}
// Role rank mapping (higher number = higher authority)
export const RoleRank: Record<Role, number> = {
[Role.SUPERADMIN]: 10,
[Role.ADMIN]: 7,
[Role.MODERATOR]: 5,
[Role.SALESPERSON]: 3
}
// Tile permissions mapping
export interface TilePermission {
id: string
title: string
description: string
requiredRole: Role[]
minRank?: number
requiredPermission?: string
scopeLevel?: ScopeLevel[]
}
// Available tiles with RBAC requirements
export const AdminTiles: TilePermission[] = [
{
id: 'ai-logs',
title: 'AI Logs Monitor',
description: 'Real-time tracking of AI robot pipelines',
requiredRole: [Role.SUPERADMIN, Role.ADMIN, Role.MODERATOR],
minRank: 5,
requiredPermission: 'view:dashboard'
},
{
id: 'financial-dashboard',
title: 'Financial Dashboard',
description: 'Revenue, expenses, ROI metrics with geographical filtering',
requiredRole: [Role.SUPERADMIN, Role.ADMIN],
minRank: 7,
requiredPermission: 'view:finance',
scopeLevel: [ScopeLevel.GLOBAL, ScopeLevel.COUNTRY, ScopeLevel.REGION]
},
{
id: 'salesperson-hub',
title: 'Salesperson Hub',
description: 'Performance metrics, leads, conversions for sales teams',
requiredRole: [Role.SUPERADMIN, Role.ADMIN, Role.SALESPERSON],
minRank: 3,
requiredPermission: 'view:sales'
},
{
id: 'user-management',
title: 'User Management',
description: 'Active users, registration trends, moderation queue',
requiredRole: [Role.SUPERADMIN, Role.ADMIN, Role.MODERATOR],
minRank: 5,
requiredPermission: 'view:users',
scopeLevel: [ScopeLevel.GLOBAL, ScopeLevel.COUNTRY, ScopeLevel.REGION, ScopeLevel.CITY]
},
{
id: 'service-moderation-map',
title: 'Service Moderation Map',
description: 'Geographical view of pending/flagged services',
requiredRole: [Role.SUPERADMIN, Role.ADMIN, Role.MODERATOR],
minRank: 5,
requiredPermission: 'moderate:services',
scopeLevel: [ScopeLevel.CITY, ScopeLevel.DISTRICT]
},
{
id: 'gamification-control',
title: 'Gamification Control',
description: 'XP levels, badges, penalty system administration',
requiredRole: [Role.SUPERADMIN, Role.ADMIN],
minRank: 7,
requiredPermission: 'manage:settings'
},
{
id: 'system-health',
title: 'System Health',
description: 'API status, database metrics, uptime monitoring',
requiredRole: [Role.SUPERADMIN, Role.ADMIN],
minRank: 7,
requiredPermission: 'view:dashboard'
}
]
// Composable for RBAC checks
export function useRBAC() {
const authStore = useAuthStore()
// Check if user can access a specific tile
function canAccessTile(tileId: string): boolean {
const tile = AdminTiles.find(t => t.id === tileId)
if (!tile) return false
// Check role
if (!tile.requiredRole.includes(authStore.getUserRole as Role)) {
return false
}
// Check rank
if (tile.minRank && !authStore.hasRank(tile.minRank)) {
return false
}
// Check permission
if (tile.requiredPermission && !authStore.hasPermission(tile.requiredPermission)) {
return false
}
// Check scope level
if (tile.scopeLevel && tile.scopeLevel.length > 0) {
const userScopeLevel = authStore.getScopeLevel as ScopeLevel
if (!tile.scopeLevel.includes(userScopeLevel)) {
return false
}
}
return true
}
// Get filtered tiles for current user
function getFilteredTiles(): TilePermission[] {
return AdminTiles.filter(tile => canAccessTile(tile.id))
}
// Check if user can perform action
function canPerformAction(permission: string, minRank?: number): boolean {
if (!authStore.hasPermission(permission)) {
return false
}
if (minRank && !authStore.hasRank(minRank)) {
return false
}
return true
}
// Check if user can access scope
function canAccessScope(scopeLevel: ScopeLevel, scopeId?: number, regionCode?: string): boolean {
const userScopeLevel = authStore.getScopeLevel as ScopeLevel
// Superadmin can access everything
if (authStore.getUserRole === Role.SUPERADMIN) {
return true
}
// Check scope level hierarchy
const scopeHierarchy = [
ScopeLevel.GLOBAL,
ScopeLevel.COUNTRY,
ScopeLevel.REGION,
ScopeLevel.CITY,
ScopeLevel.DISTRICT
]
const userLevelIndex = scopeHierarchy.indexOf(userScopeLevel)
const requestedLevelIndex = scopeHierarchy.indexOf(scopeLevel)
// User can only access their level or lower (more specific) levels
if (requestedLevelIndex < userLevelIndex) {
return false
}
// Check specific scope ID or region code if provided
if (scopeId || regionCode) {
return authStore.canAccessScope(scopeId || 0, regionCode)
}
return true
}
// Get user's accessible scope levels
function getAccessibleScopeLevels(): ScopeLevel[] {
const userScopeLevel = authStore.getScopeLevel as ScopeLevel
const scopeHierarchy = [
ScopeLevel.GLOBAL,
ScopeLevel.COUNTRY,
ScopeLevel.REGION,
ScopeLevel.CITY,
ScopeLevel.DISTRICT
]
const userLevelIndex = scopeHierarchy.indexOf(userScopeLevel)
return scopeHierarchy.slice(userLevelIndex)
}
// Get role color for UI
function getRoleColor(role?: string): string {
const userRole = role || authStore.getUserRole
switch (userRole) {
case Role.SUPERADMIN:
return 'purple'
case Role.ADMIN:
return 'blue'
case Role.MODERATOR:
return 'green'
case Role.SALESPERSON:
return 'orange'
default:
return 'gray'
}
}
return {
// Data
Role,
ScopeLevel,
RoleRank,
AdminTiles,
// Functions
canAccessTile,
getFilteredTiles,
canPerformAction,
canAccessScope,
getAccessibleScopeLevels,
getRoleColor
}
}