forked from baron/baron-sso
42 lines
1.1 KiB
TypeScript
42 lines
1.1 KiB
TypeScript
import { useQuery } from "@tanstack/react-query";
|
|
import { fetchMe, fetchTenant } from "../../../lib/adminApi";
|
|
import { normalizeAdminRole } from "../../../lib/roles";
|
|
|
|
export type TenantPermissionKey =
|
|
| "view"
|
|
| "manage"
|
|
| "manage_admins"
|
|
| "view_profile"
|
|
| "manage_profile"
|
|
| "view_permissions"
|
|
| "manage_permissions"
|
|
| "view_organization"
|
|
| "manage_organization"
|
|
| "view_schema"
|
|
| "manage_schema"
|
|
| "view_worksmobile"
|
|
| "manage_worksmobile";
|
|
|
|
export function useTenantPermission(tenantId: string) {
|
|
const { data: profile } = useQuery({
|
|
queryKey: ["me"],
|
|
queryFn: fetchMe,
|
|
});
|
|
|
|
const { data: tenant } = useQuery({
|
|
queryKey: ["tenant", tenantId],
|
|
queryFn: () => fetchTenant(tenantId),
|
|
enabled: !!tenantId,
|
|
});
|
|
|
|
const hasPermission = (requiredRelation: TenantPermissionKey): boolean => {
|
|
// Super Admin always has full bypass access
|
|
if (normalizeAdminRole(profile?.role) === "super_admin") {
|
|
return true;
|
|
}
|
|
return !!tenant?.userPermissions?.[requiredRelation];
|
|
};
|
|
|
|
return { hasPermission, isLoading: !tenant };
|
|
}
|