mirror of
https://github.com/umami-software/umami.git
synced 2026-02-05 13:17:19 +01:00
110 lines
2.6 KiB
TypeScript
110 lines
2.6 KiB
TypeScript
import { Auth } from '@/lib/types';
|
|
import { PERMISSIONS } from '@/lib/constants';
|
|
import { hasPermission } from '@/lib/auth';
|
|
import { getTeamUser, getWebsite } from '@/queries';
|
|
|
|
const cloudMode = !!process.env.CLOUD_URL;
|
|
|
|
export async function canViewWebsite({ user, shareToken }: Auth, websiteId: string) {
|
|
if (user?.isAdmin) {
|
|
return true;
|
|
}
|
|
|
|
if (shareToken?.websiteId === websiteId) {
|
|
return true;
|
|
}
|
|
|
|
const website = await getWebsite(websiteId);
|
|
|
|
if (website.userId) {
|
|
return user.id === website.userId;
|
|
}
|
|
|
|
if (website.teamId) {
|
|
const teamUser = await getTeamUser(website.teamId, user.id);
|
|
|
|
return !!teamUser;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
export async function canViewAllWebsites({ user }: Auth) {
|
|
return user.isAdmin;
|
|
}
|
|
|
|
export async function canCreateWebsite({ user, grant }: Auth) {
|
|
if (cloudMode) {
|
|
return !!grant?.find(a => a === PERMISSIONS.websiteCreate);
|
|
}
|
|
|
|
if (user.isAdmin) {
|
|
return true;
|
|
}
|
|
|
|
return hasPermission(user.role, PERMISSIONS.websiteCreate);
|
|
}
|
|
|
|
export async function canUpdateWebsite({ user }: Auth, websiteId: string) {
|
|
if (user.isAdmin) {
|
|
return true;
|
|
}
|
|
|
|
const website = await getWebsite(websiteId);
|
|
|
|
if (website.userId) {
|
|
return user.id === website.userId;
|
|
}
|
|
|
|
if (website.teamId) {
|
|
const teamUser = await getTeamUser(website.teamId, user.id);
|
|
|
|
return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
|
|
if (user.isAdmin) {
|
|
return true;
|
|
}
|
|
|
|
const website = await getWebsite(websiteId);
|
|
|
|
if (website.userId) {
|
|
return user.id === website.userId;
|
|
}
|
|
|
|
if (website.teamId) {
|
|
const teamUser = await getTeamUser(website.teamId, user.id);
|
|
|
|
return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string, userId: string) {
|
|
const website = await getWebsite(websiteId);
|
|
|
|
if (website.teamId && user.id === userId) {
|
|
const teamUser = await getTeamUser(website.teamId, userId);
|
|
|
|
return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteTransferToUser);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
export async function canTransferWebsiteToTeam({ user }: Auth, websiteId: string, teamId: string) {
|
|
const website = await getWebsite(websiteId);
|
|
|
|
if (website.userId && website.userId === user.id) {
|
|
const teamUser = await getTeamUser(teamId, user.id);
|
|
|
|
return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteTransferToTeam);
|
|
}
|
|
|
|
return false;
|
|
}
|