| 21 | * @returns boolean |
| 22 | */ |
| 23 | export function hasPermission( |
| 24 | user: UserWithRoles, |
| 25 | requiredPermissions: Permission | Permission[], |
| 26 | requireAll: boolean = true |
| 27 | ): boolean { |
| 28 | // Admins have all permissions |
| 29 | if (user?.isAdmin) { |
| 30 | return true; |
| 31 | } |
| 32 | |
| 33 | // Convert single permission to array for consistent handling |
| 34 | const permissions = Array.isArray(requiredPermissions) |
| 35 | ? requiredPermissions |
| 36 | : [requiredPermissions]; |
| 37 | |
| 38 | // Combine all permissions from user's roles and default role |
| 39 | const userPermissions = new Set<Permission>(); |
| 40 | |
| 41 | // Add permissions from default role if it exists |
| 42 | const defaultRole = user.roles.find((role) => role.isDefault); |
| 43 | if (defaultRole) { |
| 44 | defaultRole.permissions.forEach((perm) => |
| 45 | userPermissions.add(perm as Permission) |
| 46 | ); |
| 47 | } |
| 48 | |
| 49 | // Add permissions from additional roles |
| 50 | user.roles.forEach((role) => { |
| 51 | role.permissions.forEach((perm) => userPermissions.add(perm as Permission)); |
| 52 | }); |
| 53 | |
| 54 | if (requireAll) { |
| 55 | // Check if user has ALL required permissions |
| 56 | return permissions.every((permission) => userPermissions.has(permission)); |
| 57 | } else { |
| 58 | // Check if user has AT LEAST ONE of the required permissions |
| 59 | return permissions.some((permission) => userPermissions.has(permission)); |
| 60 | } |
| 61 | } |
| 62 | |
| 63 | /** |
| 64 | * Authorization middleware that checks for required permissions |