feat: implement role-based access control for KYC workflows and add permissions documentation

2026-05-09 12:51:28 +06:00
parent 4f58fba36d
commit c0916cd3a2
4 changed files with 129 additions and 22 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -1,3 +1,14 @@
+const ROLE_PERMISSIONS: Record<string, string[]> = {
+  super_admin: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user', 'dashboard.view'],
+  admin_manager: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user', 'dashboard.view'],
+  staff: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'dashboard.view'],
+  accountant: ['dashboard.view', 'accounting.view', 'accounting.create', 'accounting.edit', 'accounting.delete'],
+  investor: ['dashboard.view', 'kyc.request', 'kyc.view'],
+  biker: ['dashboard.view', 'kyc.request', 'kyc.view', 'rentals.view', 'rentals.create'],
+  'swap-station': ['dashboard.view', 'kyc.request', 'kyc.view'],
+  merchant: ['dashboard.view', 'kyc.request', 'kyc.view', 'merchants.view'],
+};
+
 export const isAuthenticated = (): boolean => {
  return typeof window !== 'undefined' && !!sessionStorage.getItem('authToken');
 };
@@ -10,10 +21,36 @@ export const getUserName = (): string | null => {
  return typeof window !== 'undefined' ? sessionStorage.getItem('userName') : null;
 };

+export const getUserPermissions = (): string[] => {
+  if (typeof window === 'undefined') return [];
+  const stored = sessionStorage.getItem('userPermissions');
+  if (stored) return JSON.parse(stored);
+  const role = getUserRole();
+  return role ? (ROLE_PERMISSIONS[role] || []) : [];
+};
+
+export const hasPermission = (permission: string): boolean => {
+  const permissions = getUserPermissions();
+  return permissions.includes(permission);
+};
+
+export const canApproveKycDocument = (): boolean => {
+  return hasPermission('kyc.doc_approve');
+};
+
+export const canRejectKycDocument = (): boolean => {
+  return hasPermission('kyc.doc_reject');
+};
+
+export const canMakeValidUser = (): boolean => {
+  return hasPermission('kyc.make_valid_user');
+};
+
 export const logout = () => {
  if (typeof window !== 'undefined') {
    sessionStorage.removeItem('authToken');
    sessionStorage.removeItem('userRole');
    sessionStorage.removeItem('userName');
+    sessionStorage.removeItem('userPermissions');
  }
 };