git server — caroster.git (27332dc9778a133a03349f1ebc56af222fff16f0): frontend/hooks/usePermissions.ts

frontend/hooks/usePermissions.ts (view raw)
  1import {PassengerEntity, TravelEntity} from '../generated/graphql';
  2import useEventStore from '../stores/useEventStore';
  3import useProfile from './useProfile';
  4
  5interface UserPermissions {
  6  canEditEventOptions: () => boolean;
  7  canEditEventDetails: () => boolean;
  8  canEditWaitingList: () => boolean;
  9  canSeeAdminWaitingList: () => boolean;
 10  canSetAlert: () => boolean;
 11  canAddTravel: () => boolean;
 12  canEditTravel: (travel: TravelEntity) => boolean;
 13  canSeeTravelDetails: (travel: TravelEntity) => boolean;
 14  canJoinTravels: () => boolean;
 15  canAddToTravel: () => boolean;
 16  canDeletePassenger: (passenger: PassengerEntity) => boolean;
 17  canSeePassengerDetails: (passenger: PassengerEntity) => boolean;
 18  canSeeFullName: () => boolean;
 19}
 20
 21const noPermissions = {
 22  canEditEventOptions: () => false,
 23  canEditEventDetails: () => false,
 24  canEditWaitingList: () => false,
 25  canSeeAdminWaitingList: () => false,
 26  canSetAlert: () => false,
 27  canAddTravel: () => false,
 28  canEditTravel: () => false,
 29  canSeeTravelDetails: () => false,
 30  canJoinTravels: () => false,
 31  canAddToTravel: () => false,
 32  canDeletePassenger: () => false,
 33  canSeePassengerDetails: () => false,
 34  canSeeFullName: () => false,
 35};
 36
 37const usePermissions = (): {userPermissions: UserPermissions} => {
 38  const {event} = useEventStore();
 39  const {profile, connected, userId} = useProfile();
 40
 41  const carosterPlus = event?.enabled_modules?.includes('caroster-plus');
 42  const userIsAnonymous = !connected;
 43  const userIsEventCreator = event && profile?.email === event.email;
 44  const userIsEventAdmin =
 45    userIsEventCreator || event?.administrators?.includes(profile?.email);
 46
 47  const allPermissions: UserPermissions = {
 48    canEditEventOptions: () => true,
 49    canEditEventDetails: () => true,
 50    canEditWaitingList: () => true,
 51    canSeeAdminWaitingList: () => true,
 52    canSetAlert: () => true,
 53    canAddTravel: () => true,
 54    canSeeTravelDetails: () => true,
 55    canEditTravel: () => true,
 56    canJoinTravels: () => true,
 57    canAddToTravel: () => true,
 58    canDeletePassenger: () => true,
 59    canSeePassengerDetails: () => true,
 60    canSeeFullName: () => userIsEventAdmin,
 61  };
 62
 63  if (carosterPlus) {
 64    if (userIsAnonymous) return {userPermissions: noPermissions};
 65    else if (userIsEventAdmin)
 66      return {
 67        userPermissions: {...allPermissions, canAddToTravel: () => false},
 68      };
 69    else {
 70      const carosterPlusPermissions: UserPermissions = {
 71        ...noPermissions,
 72        canEditTravel: travel => {
 73          const travelCreatorId =
 74            travel.attributes.user?.data?.id || travel.attributes.user;
 75          return travelCreatorId === userId;
 76        },
 77
 78        canJoinTravels: () => true,
 79        canAddTravel: () => true,
 80        canSeeTravelDetails: travel => {
 81          const travelCreatorId =
 82            travel.attributes.user?.data?.id || travel.attributes.user;
 83          if (travelCreatorId === userId) return true;
 84          const isInPassengersList = travel.attributes.passengers.data?.some(
 85            passenger => passenger.attributes.user?.data?.id === userId
 86          );
 87          return isInPassengersList;
 88        },
 89        canSetAlert: () => true,
 90        canDeletePassenger: passenger => {
 91          const travel = event?.travels?.data?.find(travel =>
 92            travel.attributes.passengers.data.some(
 93              travelPassenger => travelPassenger.id === passenger.id
 94            )
 95          );
 96          const isTravelCreator = travel?.attributes.user?.data?.id === userId;
 97          const isCurrentPassenger =
 98            passenger.attributes.user?.data?.id === userId;
 99          return isTravelCreator || isCurrentPassenger;
100        },
101        canSeePassengerDetails: passenger => {
102          const travel = event?.travels?.data?.find(
103            travel => travel?.id === passenger.attributes.travel.data?.id
104          );
105          const userIsDriver = travel?.attributes.user?.data?.id === userId;
106          return userIsDriver || passenger.attributes.user?.data?.id === userId;
107        },
108      };
109      return {userPermissions: carosterPlusPermissions};
110    }
111  }
112  // Caroster Vanilla permissions
113  else
114    return {
115      userPermissions: {
116        ...allPermissions,
117        canSeePassengerDetails: () => false,
118        canDeletePassenger: () => true,
119        canEditEventOptions: () => userIsEventCreator,
120        canSetAlert: () => false,
121        canJoinTravels: () => connected,
122        canSeeTravelDetails: () => true,
123      },
124    };
125};
126
127export default usePermissions;
all repos — caroster @ 27332dc9778a133a03349f1ebc56af222fff16f0

[Octree] Group carpool to your event https://caroster.io
