Fixed components build. Renamed validations to permissions.

src/permissions/index.ts

@@ -0,0 +1,6 @@
+export * from './link';
+export * from './pixel';
+export * from './report';
+export * from './team';
+export * from './website';
+export * from './user';

src/permissions/link.ts

@@ -0,0 +1,64 @@
+import { Auth } from '@/lib/types';
+import { getLink, getTeamUser } from '@/queries';
+import { hasPermission } from '@/lib/auth';
+import { PERMISSIONS } from '@/lib/constants';
+
+export async function canViewLink({ user }: Auth, linkId: string) {
+  if (user?.isAdmin) {
+    return true;
+  }
+
+  const link = await getLink(linkId);
+
+  if (link.userId) {
+    return user.id === link.userId;
+  }
+
+  if (link.teamId) {
+    const teamUser = await getTeamUser(link.teamId, user.id);
+
+    return !!teamUser;
+  }
+
+  return false;
+}
+
+export async function canUpdateLink({ user }: Auth, linkId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const link = await getLink(linkId);
+
+  if (link.userId) {
+    return user.id === link.userId;
+  }
+
+  if (link.teamId) {
+    const teamUser = await getTeamUser(link.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
+  }
+
+  return false;
+}
+
+export async function canDeleteLink({ user }: Auth, linkId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const link = await getLink(linkId);
+
+  if (link.userId) {
+    return user.id === link.userId;
+  }
+
+  if (link.teamId) {
+    const teamUser = await getTeamUser(link.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
+  }
+
+  return false;
+}

src/permissions/pixel.ts

@@ -0,0 +1,64 @@
+import { Auth } from '@/lib/types';
+import { getPixel, getTeamUser } from '@/queries';
+import { hasPermission } from '@/lib/auth';
+import { PERMISSIONS } from '@/lib/constants';
+
+export async function canViewPixel({ user }: Auth, pixelId: string) {
+  if (user?.isAdmin) {
+    return true;
+  }
+
+  const pixel = await getPixel(pixelId);
+
+  if (pixel.userId) {
+    return user.id === pixel.userId;
+  }
+
+  if (pixel.teamId) {
+    const teamUser = await getTeamUser(pixel.teamId, user.id);
+
+    return !!teamUser;
+  }
+
+  return false;
+}
+
+export async function canUpdatePixel({ user }: Auth, pixelId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const pixel = await getPixel(pixelId);
+
+  if (pixel.userId) {
+    return user.id === pixel.userId;
+  }
+
+  if (pixel.teamId) {
+    const teamUser = await getTeamUser(pixel.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
+  }
+
+  return false;
+}
+
+export async function canDeletePixel({ user }: Auth, pixelId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const pixel = await getPixel(pixelId);
+
+  if (pixel.userId) {
+    return user.id === pixel.userId;
+  }
+
+  if (pixel.teamId) {
+    const teamUser = await getTeamUser(pixel.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
+  }
+
+  return false;
+}

src/permissions/report.ts

@@ -0,0 +1,27 @@
+import { Auth } from '@/lib/types';
+import { Report } from '@/generated/prisma/client';
+import { canViewWebsite } from './website';
+
+export async function canViewReport(auth: Auth, report: Report) {
+  if (auth.user.isAdmin) {
+    return true;
+  }
+
+  if (auth.user.id == report.userId) {
+    return true;
+  }
+
+  return !!(await canViewWebsite(auth, report.websiteId));
+}
+
+export async function canUpdateReport({ user }: Auth, report: Report) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  return user.id == report.userId;
+}
+
+export async function canDeleteReport(auth: Auth, report: Report) {
+  return canUpdateReport(auth, report);
+}

src/permissions/team.ts

@@ -0,0 +1,86 @@
+import { Auth } from '@/lib/types';
+import { PERMISSIONS } from '@/lib/constants';
+import { getTeamUser } from '@/queries';
+import { hasPermission } from '@/lib/auth';
+
+const cloudMode = !!process.env.CLOUD_MODE;
+
+export async function canViewTeam({ user }: Auth, teamId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  return getTeamUser(teamId, user.id);
+}
+
+export async function canCreateTeam({ user, grant }: Auth) {
+  if (cloudMode) {
+    return !!grant?.find(a => a === PERMISSIONS.teamCreate);
+  }
+
+  if (user.isAdmin) {
+    return true;
+  }
+
+  return !!user;
+}
+
+export async function canUpdateTeam({ user, grant }: Auth, teamId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  if (cloudMode) {
+    return !!grant?.find(a => a === PERMISSIONS.teamUpdate);
+  }
+
+  const teamUser = await getTeamUser(teamId, user.id);
+
+  return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
+}
+
+export async function canDeleteTeam({ user }: Auth, teamId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const teamUser = await getTeamUser(teamId, user.id);
+
+  return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamDelete);
+}
+
+export async function canAddUserToTeam({ user, grant }: Auth) {
+  if (cloudMode) {
+    return !!grant?.find(a => a === PERMISSIONS.teamUpdate);
+  }
+
+  return user.isAdmin;
+}
+
+export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUserId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  if (removeUserId === user.id) {
+    return true;
+  }
+
+  const teamUser = await getTeamUser(teamId, user.id);
+
+  return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
+}
+
+export async function canCreateTeamWebsite({ user }: Auth, teamId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const teamUser = await getTeamUser(teamId, user.id);
+
+  return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteCreate);
+}
+
+export async function canViewAllTeams({ user }: Auth) {
+  return user.isAdmin;
+}

src/permissions/user.ts

@@ -0,0 +1,29 @@
+import { Auth } from '@/lib/types';
+
+export async function canCreateUser({ user }: Auth) {
+  return user.isAdmin;
+}
+
+export async function canViewUser({ user }: Auth, viewedUserId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  return user.id === viewedUserId;
+}
+
+export async function canViewUsers({ user }: Auth) {
+  return user.isAdmin;
+}
+
+export async function canUpdateUser({ user }: Auth, viewedUserId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  return user.id === viewedUserId;
+}
+
+export async function canDeleteUser({ user }: Auth) {
+  return user.isAdmin;
+}

src/permissions/website.ts

@@ -0,0 +1,110 @@
+import { Auth } from '@/lib/types';
+import { PERMISSIONS } from '@/lib/constants';
+import { hasPermission } from '@/lib/auth';
+import { getTeamUser, getWebsite } from '@/queries';
+
+const cloudMode = !!process.env.CLOUD_MODE;
+
+export async function canViewWebsite({ user, shareToken }: Auth, websiteId: string) {
+  if (user?.isAdmin) {
+    return true;
+  }
+
+  if (shareToken?.websiteId === websiteId) {
+    return true;
+  }
+
+  const website = await getWebsite(websiteId);
+
+  if (website.userId) {
+    return user.id === website.userId;
+  }
+
+  if (website.teamId) {
+    const teamUser = await getTeamUser(website.teamId, user.id);
+
+    return !!teamUser;
+  }
+
+  return false;
+}
+
+export async function canViewAllWebsites({ user }: Auth) {
+  return user.isAdmin;
+}
+
+export async function canCreateWebsite({ user, grant }: Auth) {
+  if (cloudMode) {
+    return !!grant?.find(a => a === PERMISSIONS.websiteCreate);
+  }
+
+  if (user.isAdmin) {
+    return true;
+  }
+
+  return hasPermission(user.role, PERMISSIONS.websiteCreate);
+}
+
+export async function canUpdateWebsite({ user }: Auth, websiteId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const website = await getWebsite(websiteId);
+
+  if (website.userId) {
+    return user.id === website.userId;
+  }
+
+  if (website.teamId) {
+    const teamUser = await getTeamUser(website.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
+  }
+
+  return false;
+}
+
+export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const website = await getWebsite(websiteId);
+
+  if (website.userId) {
+    return user.id === website.userId;
+  }
+
+  if (website.teamId) {
+    const teamUser = await getTeamUser(website.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
+  }
+
+  return false;
+}
+
+export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string, userId: string) {
+  const website = await getWebsite(websiteId);
+
+  if (website.teamId && user.id === userId) {
+    const teamUser = await getTeamUser(website.teamId, userId);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteTransferToUser);
+  }
+
+  return false;
+}
+
+export async function canTransferWebsiteToTeam({ user }: Auth, websiteId: string, teamId: string) {
+  const website = await getWebsite(websiteId);
+
+  if (website.userId && website.userId === user.id) {
+    const teamUser = await getTeamUser(teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteTransferToTeam);
+  }
+
+  return false;
+}