src/lib/auth.ts

const ALL_PERMISSIONS = [
  'kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user',
  'settings.kyc_documents_view', 'settings.kyc_documents_config',
  'settings.plan_selection_with_condition_view', 'settings.plan_selection_with_condition_config',
  'settings.investment_plan_view', 'settings.investment_plan_config',
  'settings.battery_investment_plan_view', 'settings.battery_investment_plan_config',
  'settings.swap_station_plan_view', 'settings.swap_station_plan_config',
  'settings.rider_request_plan_for_merchant_view', 'settings.rider_request_plan_for_merchant_config',
  'settings.company_policy_view', 'settings.company_policy_config',
  'settings.es_templates_view', 'settings.es_templates_config',
  'settings.ev_parts_view', 'settings.ev_parts_config',
  'dashboard.view',
  'rental.requset', 'rental.accept', 'rental.reject', 'rental.view', 'rental.cancel', 'rental.edit', 'rental.image_approve', 'rental.lock', 'rental.unlock', 'rental.create',
  'biker.view', 'biker.create', 'biker.edit', 'biker.delete', 'biker.status_change', 'biker.membership_change', 'biker.kyc_view', 'biker.kyc_update', 'biker.activity_view', 'biker.document_view', 'biker.document_upload', 'biker.document_delete', 'biker.rental_history_view', 'biker.payment_history_view', 'biker.wallet_view', 'biker.note_add', 'biker.note_view', 'biker.export', 'biker.make_valid_user', 'biker.lock', 'biker.unlock',
  'investor.view', 'investor.create', 'investor.edit', 'investor.delete', 'investor.plan_assign', 'investor.bank_edit', 'investor.withdraw_request', 'investor.document_upload', 'investor.document_approve', 'investor.notification_view',
  'battery.view', 'battery.create', 'battery.edit', 'battery.delete', 'battery.export',
  'fleet.view', 'fleet.create', 'fleet.edit', 'fleet.delete', 'fleet.gps_config', 'fleet.export',
  'service_center.view', 'service_center.create', 'service_center.edit', 'service_center.delete',
  'maintenance.view', 'maintenance.create', 'maintenance.edit', 'maintenance.delete',
  'accounting.view', 'accounting.create', 'accounting.edit', 'accounting.delete', 'accounting.withdraw_process',
  'hub.view', 'hub.create', 'hub.edit', 'hub.delete',
  'reports.view', 'reports.export',
  'users.view', 'users.create', 'users.edit', 'users.delete',
  'roles.view', 'roles.config',
  'notifications.view', 'messaging.compose', 'messaging.broadcast', 'messaging.schedule'
];

const ROLE_PERMISSIONS: Record<string, string[]> = {
  super_admin: ALL_PERMISSIONS,
  admin_manager: ALL_PERMISSIONS.filter(p => !p.includes('delete') || p === 'biker.document_delete' || p === 'fleet.delete' || p === 'battery.delete'),
  staff: [
    'kyc.request', 'kyc.view', 'kyc.doc_upload',
    'settings.kyc_documents_view', 'settings.plan_selection_with_condition_view', 'settings.investment_plan_view', 'settings.battery_investment_plan_view', 'settings.swap_station_plan_view', 'settings.rider_request_plan_for_merchant_view', 'settings.company_policy_view', 'settings.es_templates_view', 'settings.ev_parts_view',
    'dashboard.view',
    'rental.view', 'rental.create', 'rental.image_approve',
    'biker.view', 'biker.edit', 'biker.kyc_view', 'biker.kyc_update', 'biker.activity_view', 'biker.document_view', 'biker.document_upload', 'biker.rental_history_view', 'biker.payment_history_view', 'biker.wallet_view', 'biker.note_add', 'biker.note_view',
    'investor.view', 'investor.document_upload',
    'battery.view', 'fleet.view', 'service_center.view', 'maintenance.view', 'maintenance.create', 'accounting.view', 'hub.view', 'reports.view', 'notifications.view'
  ],
  accountant: [
    'dashboard.view', 'accounting.view', 'accounting.create', 'accounting.edit', 'accounting.delete', 'accounting.withdraw_process', 'reports.view', 'reports.export'
  ],
  investor: [
    'dashboard.view', 'kyc.request', 'kyc.view', 'investor.view', 'investor.bank_edit', 'investor.withdraw_request', 'investor.document_upload', 'notifications.view'
  ],
  biker: [
    'dashboard.view', 'kyc.request', 'kyc.view', 'rental.requset', 'rental.accept', 'rental.reject', 'rental.view', 'biker.view', 'maintenance.create', 'maintenance.view', 'notifications.view'
  ],
  'swap-station': [
    'dashboard.view', 'kyc.request', 'kyc.view', 'notifications.view'
  ],
  merchant: [
    'dashboard.view', 'kyc.request', 'kyc.view', 'settings.rider_request_plan_for_merchant_view', 'notifications.view'
  ],
};

export const canRentalAccept = () => hasPermission('rental.accept');
export const canRentalReject = () => hasPermission('rental.reject');
export const canRentalCancel = () => hasPermission('rental.cancel');
export const canRentalEdit = () => hasPermission('rental.edit');
export const canRentalImageApprove = () => hasPermission('rental.image_approve');
export const canRentalLock = () => hasPermission('rental.lock');
export const canRentalUnlock = () => hasPermission('rental.unlock');
export const canRentalCreate = () => hasPermission('rental.create');

export const isAuthenticated = (): boolean => {
  return typeof window !== 'undefined' && !!sessionStorage.getItem('authToken');
};

export const getUserRole = (): string | null => {
  return typeof window !== 'undefined' ? sessionStorage.getItem('userRole') : null;
};

export const getUserName = (): string | null => {
  return typeof window !== 'undefined' ? sessionStorage.getItem('userName') : null;
};

export const getUserPermissions = (): string[] => {
  if (typeof window === 'undefined') return [];
  const role = getUserRole();
  if (role) return ROLE_PERMISSIONS[role] || [];
  return [];
};

export const hasPermission = (permission: string): boolean => {
  const permissions = getUserPermissions();
  return permissions.includes(permission);
};

export const canApproveKycDocument = (): boolean => {
  return hasPermission('kyc.doc_approve');
};

export const canRejectKycDocument = (): boolean => {
  return hasPermission('kyc.doc_reject');
};

export const canMakeValidUser = (): boolean => {
  return hasPermission('kyc.make_valid_user');
};

export const logout = () => {
  if (typeof window !== 'undefined') {
    sessionStorage.removeItem('authToken');
    sessionStorage.removeItem('userRole');
    sessionStorage.removeItem('userName');
    sessionStorage.removeItem('userPermissions');
  }
};
feat: expand RBAC system with granular permissions and update role definitions and UI configuration 2026-05-21 20:22:32 +06:00			`const ALL_PERMISSIONS = [`
			`'kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user',`
			`'settings.kyc_documents_view', 'settings.kyc_documents_config',`
			`'settings.plan_selection_with_condition_view', 'settings.plan_selection_with_condition_config',`
			`'settings.investment_plan_view', 'settings.investment_plan_config',`
			`'settings.battery_investment_plan_view', 'settings.battery_investment_plan_config',`
			`'settings.swap_station_plan_view', 'settings.swap_station_plan_config',`
			`'settings.rider_request_plan_for_merchant_view', 'settings.rider_request_plan_for_merchant_config',`
			`'settings.company_policy_view', 'settings.company_policy_config',`
			`'settings.es_templates_view', 'settings.es_templates_config',`
			`'settings.ev_parts_view', 'settings.ev_parts_config',`
			`'dashboard.view',`
			`'rental.requset', 'rental.accept', 'rental.reject', 'rental.view', 'rental.cancel', 'rental.edit', 'rental.image_approve', 'rental.lock', 'rental.unlock', 'rental.create',`
			`'biker.view', 'biker.create', 'biker.edit', 'biker.delete', 'biker.status_change', 'biker.membership_change', 'biker.kyc_view', 'biker.kyc_update', 'biker.activity_view', 'biker.document_view', 'biker.document_upload', 'biker.document_delete', 'biker.rental_history_view', 'biker.payment_history_view', 'biker.wallet_view', 'biker.note_add', 'biker.note_view', 'biker.export', 'biker.make_valid_user', 'biker.lock', 'biker.unlock',`
			`'investor.view', 'investor.create', 'investor.edit', 'investor.delete', 'investor.plan_assign', 'investor.bank_edit', 'investor.withdraw_request', 'investor.document_upload', 'investor.document_approve', 'investor.notification_view',`
			`'battery.view', 'battery.create', 'battery.edit', 'battery.delete', 'battery.export',`
			`'fleet.view', 'fleet.create', 'fleet.edit', 'fleet.delete', 'fleet.gps_config', 'fleet.export',`
			`'service_center.view', 'service_center.create', 'service_center.edit', 'service_center.delete',`
			`'maintenance.view', 'maintenance.create', 'maintenance.edit', 'maintenance.delete',`
			`'accounting.view', 'accounting.create', 'accounting.edit', 'accounting.delete', 'accounting.withdraw_process',`
			`'hub.view', 'hub.create', 'hub.edit', 'hub.delete',`
			`'reports.view', 'reports.export',`
			`'users.view', 'users.create', 'users.edit', 'users.delete',`
			`'roles.view', 'roles.config',`
			`'notifications.view', 'messaging.compose', 'messaging.broadcast', 'messaging.schedule'`
			`];`

feat: implement role-based access control for KYC workflows and add permissions documentation 2026-05-09 12:51:28 +06:00			`const ROLE_PERMISSIONS: Record<string, string[]> = {`
feat: expand RBAC system with granular permissions and update role definitions and UI configuration 2026-05-21 20:22:32 +06:00			`super_admin: ALL_PERMISSIONS,`
			`admin_manager: ALL_PERMISSIONS.filter(p => !p.includes('delete') \|\| p === 'biker.document_delete' \|\| p === 'fleet.delete' \|\| p === 'battery.delete'),`
			`staff: [`
			`'kyc.request', 'kyc.view', 'kyc.doc_upload',`
			`'settings.kyc_documents_view', 'settings.plan_selection_with_condition_view', 'settings.investment_plan_view', 'settings.battery_investment_plan_view', 'settings.swap_station_plan_view', 'settings.rider_request_plan_for_merchant_view', 'settings.company_policy_view', 'settings.es_templates_view', 'settings.ev_parts_view',`
			`'dashboard.view',`
			`'rental.view', 'rental.create', 'rental.image_approve',`
			`'biker.view', 'biker.edit', 'biker.kyc_view', 'biker.kyc_update', 'biker.activity_view', 'biker.document_view', 'biker.document_upload', 'biker.rental_history_view', 'biker.payment_history_view', 'biker.wallet_view', 'biker.note_add', 'biker.note_view',`
			`'investor.view', 'investor.document_upload',`
			`'battery.view', 'fleet.view', 'service_center.view', 'maintenance.view', 'maintenance.create', 'accounting.view', 'hub.view', 'reports.view', 'notifications.view'`
			`],`
			`accountant: [`
			`'dashboard.view', 'accounting.view', 'accounting.create', 'accounting.edit', 'accounting.delete', 'accounting.withdraw_process', 'reports.view', 'reports.export'`
			`],`
			`investor: [`
			`'dashboard.view', 'kyc.request', 'kyc.view', 'investor.view', 'investor.bank_edit', 'investor.withdraw_request', 'investor.document_upload', 'notifications.view'`
			`],`
			`biker: [`
			`'dashboard.view', 'kyc.request', 'kyc.view', 'rental.requset', 'rental.accept', 'rental.reject', 'rental.view', 'biker.view', 'maintenance.create', 'maintenance.view', 'notifications.view'`
			`],`
			`'swap-station': [`
			`'dashboard.view', 'kyc.request', 'kyc.view', 'notifications.view'`
			`],`
			`merchant: [`
			`'dashboard.view', 'kyc.request', 'kyc.view', 'settings.rider_request_plan_for_merchant_view', 'notifications.view'`
			`],`
feat: implement role-based access control for KYC workflows and add permissions documentation 2026-05-09 12:51:28 +06:00			`};`

feat: update rental data models, mock data, and auth access controls for enhanced tracking and management 2026-05-10 01:22:17 +06:00			`export const canRentalAccept = () => hasPermission('rental.accept');`
			`export const canRentalReject = () => hasPermission('rental.reject');`
			`export const canRentalCancel = () => hasPermission('rental.cancel');`
			`export const canRentalEdit = () => hasPermission('rental.edit');`
			`export const canRentalImageApprove = () => hasPermission('rental.image_approve');`
			`export const canRentalLock = () => hasPermission('rental.lock');`
			`export const canRentalUnlock = () => hasPermission('rental.unlock');`
			`export const canRentalCreate = () => hasPermission('rental.create');`

feat: implement authentication flow with login page, middleware protection, and session-based role management 2026-05-07 16:08:18 +06:00			`export const isAuthenticated = (): boolean => {`
			`return typeof window !== 'undefined' && !!sessionStorage.getItem('authToken');`
			`};`

			`export const getUserRole = (): string \| null => {`
			`return typeof window !== 'undefined' ? sessionStorage.getItem('userRole') : null;`
			`};`

			`export const getUserName = (): string \| null => {`
			`return typeof window !== 'undefined' ? sessionStorage.getItem('userName') : null;`
			`};`

feat: implement role-based access control for KYC workflows and add permissions documentation 2026-05-09 12:51:28 +06:00			`export const getUserPermissions = (): string[] => {`
			`if (typeof window === 'undefined') return [];`
			`const role = getUserRole();`
feat: update rental data models, mock data, and auth access controls for enhanced tracking and management 2026-05-10 01:22:17 +06:00			`if (role) return ROLE_PERMISSIONS[role] \|\| [];`
			`return [];`
feat: implement role-based access control for KYC workflows and add permissions documentation 2026-05-09 12:51:28 +06:00			`};`

			`export const hasPermission = (permission: string): boolean => {`
			`const permissions = getUserPermissions();`
			`return permissions.includes(permission);`
			`};`

			`export const canApproveKycDocument = (): boolean => {`
			`return hasPermission('kyc.doc_approve');`
			`};`

			`export const canRejectKycDocument = (): boolean => {`
			`return hasPermission('kyc.doc_reject');`
			`};`

			`export const canMakeValidUser = (): boolean => {`
			`return hasPermission('kyc.make_valid_user');`
			`};`

feat: implement authentication flow with login page, middleware protection, and session-based role management 2026-05-07 16:08:18 +06:00			`export const logout = () => {`
			`if (typeof window !== 'undefined') {`
			`sessionStorage.removeItem('authToken');`
			`sessionStorage.removeItem('userRole');`
			`sessionStorage.removeItem('userName');`
feat: implement role-based access control for KYC workflows and add permissions documentation 2026-05-09 12:51:28 +06:00			`sessionStorage.removeItem('userPermissions');`
feat: implement authentication flow with login page, middleware protection, and session-based role management 2026-05-07 16:08:18 +06:00			`}`
			`};`