frontend/hooks/usePermissions.ts (view raw)
1import {PassengerEntity, TravelEntity} from '../generated/graphql';
2import useEventStore from '../stores/useEventStore';
3import useProfile from './useProfile';
4
5interface UserPermissions {
6 canEditEventOptions: () => boolean;
7 canEditEventDetails: () => boolean;
8 canEditWaitingList: () => boolean;
9 canSeeAdminWaitingList: () => boolean;
10 canSetAlert: () => boolean;
11 canEditTravel: (travel: TravelEntity) => boolean;
12 canSeeTravelDetails: (travel: TravelEntity) => boolean;
13 canDeletePassenger: (passenger: PassengerEntity) => boolean;
14 canSeePassengerDetails: (passenger: PassengerEntity) => boolean;
15 canSeeFullName: () => boolean;
16}
17
18const noPermissions = {
19 canEditEventOptions: () => false,
20 canEditEventDetails: () => false,
21 canEditWaitingList: () => false,
22 canSeeAdminWaitingList: () => false,
23 canSetAlert: () => false,
24 canEditTravel: () => false,
25 canSeeTravelDetails: () => false,
26 canDeletePassenger: () => false,
27 canSeePassengerDetails: () => false,
28 canSeeFullName: () => false,
29};
30
31const usePermissions = (): {userPermissions: UserPermissions} => {
32 const {event} = useEventStore();
33 const {profile, connected, userId} = useProfile();
34
35 const carosterPlus = event?.enabled_modules?.includes('caroster-plus');
36 const userIsAnonymous = !connected;
37 const userIsEventCreator = event && profile?.email === event.email;
38 const userIsEventAdmin =
39 userIsEventCreator || event?.administrators?.includes(profile?.email);
40
41 const allPermissions: UserPermissions = {
42 canEditEventOptions: () => true,
43 canEditEventDetails: () => true,
44 canEditWaitingList: () => true,
45 canSeeAdminWaitingList: () => true,
46 canSetAlert: () => true,
47 canSeeTravelDetails: () => true,
48 canEditTravel: () => true,
49 canDeletePassenger: () => true,
50 canSeePassengerDetails: () => true,
51 canSeeFullName: () => userIsEventAdmin,
52 };
53
54 if (carosterPlus) {
55 if (userIsAnonymous) return {userPermissions: noPermissions};
56 else if (userIsEventAdmin)
57 return {
58 userPermissions: allPermissions,
59 };
60 else {
61 const carosterPlusPermissions: UserPermissions = {
62 ...noPermissions,
63 canEditTravel: travel => {
64 const travelCreatorId =
65 travel.attributes.user?.data?.id || travel.attributes.user;
66 return travelCreatorId === userId;
67 },
68
69 canSeeTravelDetails: travel => {
70 const travelCreatorId =
71 travel.attributes.user?.data?.id || travel.attributes.user;
72 if (travelCreatorId === userId) return true;
73 const isInPassengersList = travel.attributes.passengers.data?.some(
74 passenger => passenger.attributes.user?.data?.id === userId
75 );
76 return isInPassengersList;
77 },
78 canSetAlert: () => true,
79 canDeletePassenger: passenger => {
80 const travel = event?.travels?.data?.find(travel =>
81 travel.attributes.passengers.data.some(
82 travelPassenger => travelPassenger.id === passenger.id
83 )
84 );
85 const isTravelCreator = travel?.attributes.user?.data?.id === userId;
86 const isCurrentPassenger =
87 passenger.attributes.user?.data?.id === userId;
88 return isTravelCreator || isCurrentPassenger;
89 },
90 canSeePassengerDetails: passenger => {
91 const travel = event?.travels?.data?.find(
92 travel => travel?.id === passenger.attributes.travel.data?.id
93 );
94 const userIsDriver = travel?.attributes.user?.data?.id === userId;
95 return userIsDriver || passenger.attributes.user?.data?.id === userId;
96 },
97 };
98 return {userPermissions: carosterPlusPermissions};
99 }
100 }
101 // Caroster Vanilla permissions
102 else
103 return {
104 userPermissions: {
105 ...allPermissions,
106 canSeePassengerDetails: () => false,
107 canDeletePassenger: () => true,
108 canEditEventOptions: () => userIsEventCreator,
109 canSetAlert: () => false,
110 canSeeTravelDetails: () => true,
111 },
112 };
113};
114
115export default usePermissions;