Finish Video

praveentrigent · Oct 28, 2024 · 4569fe4 · 4569fe4
1 parent 7863e94
commit 4569fe4
Show file tree

Hide file tree

Showing 2 changed files with 150 additions and 0 deletions.
diff --git a/auth-abac.ts b/auth-abac.ts
@@ -0,0 +1,120 @@
+type Comment = {
+  id: string
+  body: string
+  authorId: string
+  createdAt: Date
+}
+
+type Todo = {
+  id: string
+  title: string
+  userId: string
+  completed: boolean
+  invitedUsers: string[]
+}
+
+type Role = "admin" | "moderator" | "user"
+type User = { blockedBy: string[]; roles: Role[]; id: string }
+
+type PermissionCheck<Key extends keyof Permissions> =
+  | boolean
+  | ((user: User, data: Permissions[Key]["dataType"]) => boolean)
+
+type RolesWithPermissions = {
+  [R in Role]: Partial<{
+    [Key in keyof Permissions]: Partial<{
+      [Action in Permissions[Key]["action"]]: PermissionCheck<Key>
+    }>
+  }>
+}
+
+type Permissions = {
+  comments: {
+    dataType: Comment
+    action: "view" | "create" | "update"
+  }
+  todos: {
+    // Can do something like Pick<Todo, "userId"> to get just the rows you use
+    dataType: Todo
+    action: "view" | "create" | "update" | "delete"
+  }
+}
+
+const ROLES = {
+  admin: {
+    comments: {
+      view: true,
+      create: true,
+      update: true,
+    },
+    todos: {
+      view: true,
+      create: true,
+      update: true,
+      delete: true,
+    },
+  },
+  moderator: {
+    comments: {
+      view: true,
+      create: true,
+      update: true,
+    },
+    todos: {
+      view: true,
+      create: true,
+      update: true,
+      delete: (user, todo) => todo.completed,
+    },
+  },
+  user: {
+    comments: {
+      view: (user, comment) => !user.blockedBy.includes(comment.authorId),
+      create: true,
+      update: (user, comment) => comment.authorId === user.id,
+    },
+    todos: {
+      view: (user, todo) => !user.blockedBy.includes(todo.userId),
+      create: true,
+      update: (user, todo) =>
+        todo.userId === user.id || todo.invitedUsers.includes(user.id),
+      delete: (user, todo) =>
+        (todo.userId === user.id || todo.invitedUsers.includes(user.id)) &&
+        todo.completed,
+    },
+  },
+} as const satisfies RolesWithPermissions
+
+export function hasPermission<Resource extends keyof Permissions>(
+  user: User,
+  resource: Resource,
+  action: Permissions[Resource]["action"],
+  data?: Permissions[Resource]["dataType"]
+) {
+  return user.roles.some(role => {
+    const permission = (ROLES as RolesWithPermissions)[role][resource]?.[action]
+    if (permission == null) return false
+
+    if (typeof permission === "boolean") return permission
+    return data != null && permission(user, data)
+  })
+}
+
+// USAGE:
+const user: User = { blockedBy: ["2"], id: "1", roles: ["user"] }
+const todo: Todo = {
+  completed: false,
+  id: "3",
+  invitedUsers: [],
+  title: "Test Todo",
+  userId: "1",
+}
+
+// Can create a comment
+hasPermission(user, "comments", "create")
+
+// Can view the `todo` Todo
+hasPermission(user, "todos", "view", todo)
+
+// Can view all todos
+hasPermission(user, "todos", "view")
diff --git a/auth-rbac.ts b/auth-rbac.ts
@@ -0,0 +1,30 @@
+export type User = { roles: Role[]; id: string }
+
+type Role = keyof typeof ROLES
+type Permission = (typeof ROLES)[Role][number]
+
+const ROLES = {
+  admin: [
+    "view:comments",
+    "create:comments",
+    "update:comments",
+    "delete:comments",
+  ],
+  moderator: ["view:comments", "create:comments", "delete:comments"],
+  user: ["view:comments", "create:comments"],
+} as const
+
+export function hasPermission(user: User, permission: Permission) {
+  return user.roles.some(role =>
+    (ROLES[role] as readonly Permission[]).includes(permission)
+  )
+}
+
+// USAGE:
+const user: User = { id: "1", roles: ["user"] }
+
+// Can create a comment
+hasPermission(user, "create:comments")
+
+// Can view all comments
+hasPermission(user, "view:comments")