Imporve the role based forntend protected roles

2025-09-09 07:32:59 +02:00
parent ddb75f8e55
commit 5269a083b6
15 changed files with 286 additions and 91 deletions
--- a/frontend/src/stores/auth.store.ts
+++ b/frontend/src/stores/auth.store.ts
@@ -1,5 +1,6 @@
 import { create } from 'zustand';
 import { persist, createJSONStorage } from 'zustand/middleware';
+import { GLOBAL_USER_ROLES, type GlobalUserRole } from '../types/roles';

 export interface User {
  id: string;
@@ -13,7 +14,7 @@ export interface User {
  language?: string;
  timezone?: string;
  tenant_id?: string;
-  role?: string;
+  role?: GlobalUserRole;
 }

 export interface AuthState {
@@ -191,15 +192,22 @@ export const useAuthStore = create<AuthState>()(
        set({ isLoading: loading });
      },

-      // Permission helpers - Simplified for backend compatibility
+      // Permission helpers - Global user permissions only
      hasPermission: (_permission: string): boolean => {
        const { user } = get();
        if (!user || !user.is_active) return false;
        
-        // Admin has all permissions
-        if (user.role === 'admin') return true;
+        // Super admin and admin have all global permissions
+        if (user.role === GLOBAL_USER_ROLES.SUPER_ADMIN || user.role === GLOBAL_USER_ROLES.ADMIN) {
+          return true;
+        }
        
-        // Basic role-based permissions
+        // Manager has limited permissions
+        if (user.role === GLOBAL_USER_ROLES.MANAGER) {
+          return ['user_management', 'system_settings'].includes(_permission);
+        }
+        
+        // Regular users have basic permissions
        return false;
      },

@@ -212,14 +220,15 @@ export const useAuthStore = create<AuthState>()(
        const { user } = get();
        if (!user || !user.is_active) return false;
        
-        // Role-based access control
+        // Global role-based access control (system-wide)
        switch (user.role) {
-          case 'admin':
+          case GLOBAL_USER_ROLES.SUPER_ADMIN:
+          case GLOBAL_USER_ROLES.ADMIN:
            return true;
-          case 'manager':
-            return ['inventory', 'production', 'sales', 'reports'].includes(resource);
-          case 'user':
-            return ['inventory', 'sales'].includes(resource) && action === 'read';
+          case GLOBAL_USER_ROLES.MANAGER:
+            return ['users', 'system'].includes(resource);
+          case GLOBAL_USER_ROLES.USER:
+            return action === 'read';
          default:
            return false;
        }