526 lines
18 KiB
TypeScript
526 lines
18 KiB
TypeScript
import { UserRole, ROLE_PERMISSIONS } from '../types/auth';
|
|
import { useAuth } from '../hooks/useAuth';
|
|
|
|
interface Permission {
|
|
id: string;
|
|
name: string;
|
|
description: string;
|
|
resource: string;
|
|
action: string;
|
|
category: 'ADMIN' | 'GESTION' | 'COMMERCIAL' | 'TECHNIQUE' | 'CONSULTATION';
|
|
}
|
|
|
|
interface Role {
|
|
id: string;
|
|
name: string;
|
|
displayName: string;
|
|
description: string;
|
|
permissions: string[];
|
|
level: number; // Niveau hiérarchique (plus élevé = plus de permissions)
|
|
}
|
|
|
|
class PermissionService {
|
|
/**
|
|
* Obtenir toutes les permissions disponibles
|
|
*/
|
|
getAllPermissions(): Permission[] {
|
|
return [
|
|
// Permissions administratives
|
|
{
|
|
id: 'users:read',
|
|
name: 'Consulter utilisateurs',
|
|
description: 'Voir la liste des utilisateurs',
|
|
resource: 'users',
|
|
action: 'read',
|
|
category: 'ADMIN'
|
|
},
|
|
{
|
|
id: 'users:write',
|
|
name: 'Gérer utilisateurs',
|
|
description: 'Créer, modifier les utilisateurs',
|
|
resource: 'users',
|
|
action: 'write',
|
|
category: 'ADMIN'
|
|
},
|
|
{
|
|
id: 'users:delete',
|
|
name: 'Supprimer utilisateurs',
|
|
description: 'Supprimer des utilisateurs',
|
|
resource: 'users',
|
|
action: 'delete',
|
|
category: 'ADMIN'
|
|
},
|
|
{
|
|
id: 'attribution:read',
|
|
name: 'Consulter attributions',
|
|
description: 'Voir les attributions client-gestionnaire',
|
|
resource: 'attribution',
|
|
action: 'read',
|
|
category: 'ADMIN'
|
|
},
|
|
{
|
|
id: 'attribution:write',
|
|
name: 'Gérer attributions',
|
|
description: 'Modifier les attributions client-gestionnaire',
|
|
resource: 'attribution',
|
|
action: 'write',
|
|
category: 'ADMIN'
|
|
},
|
|
|
|
// Permissions de gestion
|
|
{
|
|
id: 'clients:read',
|
|
name: 'Consulter clients',
|
|
description: 'Voir la liste des clients',
|
|
resource: 'clients',
|
|
action: 'read',
|
|
category: 'GESTION'
|
|
},
|
|
{
|
|
id: 'clients:write',
|
|
name: 'Gérer clients',
|
|
description: 'Créer, modifier les clients',
|
|
resource: 'clients',
|
|
action: 'write',
|
|
category: 'GESTION'
|
|
},
|
|
{
|
|
id: 'clients:delete',
|
|
name: 'Supprimer clients',
|
|
description: 'Supprimer des clients',
|
|
resource: 'clients',
|
|
action: 'delete',
|
|
category: 'GESTION'
|
|
},
|
|
{
|
|
id: 'assigned_clients:read',
|
|
name: 'Consulter clients attribués',
|
|
description: 'Voir ses clients attribués',
|
|
resource: 'assigned_clients',
|
|
action: 'read',
|
|
category: 'GESTION'
|
|
},
|
|
{
|
|
id: 'assigned_clients:write',
|
|
name: 'Gérer clients attribués',
|
|
description: 'Modifier ses clients attribués',
|
|
resource: 'assigned_clients',
|
|
action: 'write',
|
|
category: 'GESTION'
|
|
},
|
|
|
|
// Permissions chantiers
|
|
{
|
|
id: 'chantiers:read',
|
|
name: 'Consulter chantiers',
|
|
description: 'Voir tous les chantiers',
|
|
resource: 'chantiers',
|
|
action: 'read',
|
|
category: 'TECHNIQUE'
|
|
},
|
|
{
|
|
id: 'chantiers:write',
|
|
name: 'Gérer chantiers',
|
|
description: 'Créer, modifier les chantiers',
|
|
resource: 'chantiers',
|
|
action: 'write',
|
|
category: 'TECHNIQUE'
|
|
},
|
|
{
|
|
id: 'chantiers:delete',
|
|
name: 'Supprimer chantiers',
|
|
description: 'Supprimer des chantiers',
|
|
resource: 'chantiers',
|
|
action: 'delete',
|
|
category: 'TECHNIQUE'
|
|
},
|
|
{
|
|
id: 'assigned_chantiers:read',
|
|
name: 'Consulter chantiers attribués',
|
|
description: 'Voir ses chantiers attribués',
|
|
resource: 'assigned_chantiers',
|
|
action: 'read',
|
|
category: 'TECHNIQUE'
|
|
},
|
|
{
|
|
id: 'assigned_chantiers:write',
|
|
name: 'Gérer chantiers attribués',
|
|
description: 'Modifier ses chantiers attribués',
|
|
resource: 'assigned_chantiers',
|
|
action: 'write',
|
|
category: 'TECHNIQUE'
|
|
},
|
|
|
|
// Permissions phases
|
|
{
|
|
id: 'phases:read',
|
|
name: 'Consulter phases',
|
|
description: 'Voir les phases des chantiers',
|
|
resource: 'phases',
|
|
action: 'read',
|
|
category: 'TECHNIQUE'
|
|
},
|
|
{
|
|
id: 'phases:write',
|
|
name: 'Gérer phases',
|
|
description: 'Modifier les phases des chantiers',
|
|
resource: 'phases',
|
|
action: 'write',
|
|
category: 'TECHNIQUE'
|
|
},
|
|
|
|
// Permissions commerciales
|
|
{
|
|
id: 'devis:read',
|
|
name: 'Consulter devis',
|
|
description: 'Voir tous les devis',
|
|
resource: 'devis',
|
|
action: 'read',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
{
|
|
id: 'devis:write',
|
|
name: 'Gérer devis',
|
|
description: 'Créer, modifier les devis',
|
|
resource: 'devis',
|
|
action: 'write',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
{
|
|
id: 'devis:delete',
|
|
name: 'Supprimer devis',
|
|
description: 'Supprimer des devis',
|
|
resource: 'devis',
|
|
action: 'delete',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
{
|
|
id: 'assigned_devis:read',
|
|
name: 'Consulter devis attribués',
|
|
description: 'Voir ses devis attribués',
|
|
resource: 'assigned_devis',
|
|
action: 'read',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
{
|
|
id: 'assigned_devis:write',
|
|
name: 'Gérer devis attribués',
|
|
description: 'Modifier ses devis attribués',
|
|
resource: 'assigned_devis',
|
|
action: 'write',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
|
|
// Permissions factures
|
|
{
|
|
id: 'factures:read',
|
|
name: 'Consulter factures',
|
|
description: 'Voir toutes les factures',
|
|
resource: 'factures',
|
|
action: 'read',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
{
|
|
id: 'factures:write',
|
|
name: 'Gérer factures',
|
|
description: 'Créer, modifier les factures',
|
|
resource: 'factures',
|
|
action: 'write',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
{
|
|
id: 'factures:delete',
|
|
name: 'Supprimer factures',
|
|
description: 'Supprimer des factures',
|
|
resource: 'factures',
|
|
action: 'delete',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
{
|
|
id: 'assigned_factures:read',
|
|
name: 'Consulter factures attribuées',
|
|
description: 'Voir ses factures attribuées',
|
|
resource: 'assigned_factures',
|
|
action: 'read',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
{
|
|
id: 'assigned_factures:write',
|
|
name: 'Gérer factures attribuées',
|
|
description: 'Modifier ses factures attribuées',
|
|
resource: 'assigned_factures',
|
|
action: 'write',
|
|
category: 'COMMERCIAL'
|
|
},
|
|
|
|
// Permissions budget
|
|
{
|
|
id: 'budget:read',
|
|
name: 'Consulter budgets',
|
|
description: 'Voir les informations budgétaires',
|
|
resource: 'budget',
|
|
action: 'read',
|
|
category: 'GESTION'
|
|
},
|
|
{
|
|
id: 'budget:write',
|
|
name: 'Gérer budgets',
|
|
description: 'Modifier les budgets',
|
|
resource: 'budget',
|
|
action: 'write',
|
|
category: 'GESTION'
|
|
},
|
|
|
|
// Permissions planning
|
|
{
|
|
id: 'planning:read',
|
|
name: 'Consulter planning',
|
|
description: 'Voir le planning des chantiers',
|
|
resource: 'planning',
|
|
action: 'read',
|
|
category: 'TECHNIQUE'
|
|
},
|
|
{
|
|
id: 'planning:write',
|
|
name: 'Gérer planning',
|
|
description: 'Modifier le planning',
|
|
resource: 'planning',
|
|
action: 'write',
|
|
category: 'TECHNIQUE'
|
|
},
|
|
|
|
// Permissions dashboard
|
|
{
|
|
id: 'dashboard:read',
|
|
name: 'Accès dashboard',
|
|
description: 'Accéder au tableau de bord',
|
|
resource: 'dashboard',
|
|
action: 'read',
|
|
category: 'CONSULTATION'
|
|
},
|
|
{
|
|
id: 'client_dashboard:read',
|
|
name: 'Accès espace client',
|
|
description: 'Accéder à l\'espace client',
|
|
resource: 'client_dashboard',
|
|
action: 'read',
|
|
category: 'CONSULTATION'
|
|
},
|
|
|
|
// Permissions spécifiques clients
|
|
{
|
|
id: 'own_chantiers:read',
|
|
name: 'Consulter ses chantiers',
|
|
description: 'Voir ses propres chantiers',
|
|
resource: 'own_chantiers',
|
|
action: 'read',
|
|
category: 'CONSULTATION'
|
|
},
|
|
{
|
|
id: 'own_phases:read',
|
|
name: 'Consulter ses phases',
|
|
description: 'Voir les phases de ses chantiers',
|
|
resource: 'own_phases',
|
|
action: 'read',
|
|
category: 'CONSULTATION'
|
|
},
|
|
{
|
|
id: 'own_devis:read',
|
|
name: 'Consulter ses devis',
|
|
description: 'Voir ses propres devis',
|
|
resource: 'own_devis',
|
|
action: 'read',
|
|
category: 'CONSULTATION'
|
|
},
|
|
{
|
|
id: 'own_factures:read',
|
|
name: 'Consulter ses factures',
|
|
description: 'Voir ses propres factures',
|
|
resource: 'own_factures',
|
|
action: 'read',
|
|
category: 'CONSULTATION'
|
|
},
|
|
{
|
|
id: 'own_documents:read',
|
|
name: 'Consulter ses documents',
|
|
description: 'Voir ses documents',
|
|
resource: 'own_documents',
|
|
action: 'read',
|
|
category: 'CONSULTATION'
|
|
},
|
|
|
|
// Permissions messages
|
|
{
|
|
id: 'messages:read',
|
|
name: 'Consulter messages',
|
|
description: 'Voir les messages',
|
|
resource: 'messages',
|
|
action: 'read',
|
|
category: 'CONSULTATION'
|
|
},
|
|
{
|
|
id: 'messages:write',
|
|
name: 'Envoyer messages',
|
|
description: 'Envoyer des messages',
|
|
resource: 'messages',
|
|
action: 'write',
|
|
category: 'CONSULTATION'
|
|
},
|
|
|
|
// Permissions documents
|
|
{
|
|
id: 'documents:read',
|
|
name: 'Consulter documents',
|
|
description: 'Voir tous les documents',
|
|
resource: 'documents',
|
|
action: 'read',
|
|
category: 'CONSULTATION'
|
|
},
|
|
{
|
|
id: 'documents:write',
|
|
name: 'Gérer documents',
|
|
description: 'Uploader, modifier les documents',
|
|
resource: 'documents',
|
|
action: 'write',
|
|
category: 'CONSULTATION'
|
|
},
|
|
|
|
// Permissions paramètres
|
|
{
|
|
id: 'settings:write',
|
|
name: 'Gérer paramètres',
|
|
description: 'Modifier les paramètres système',
|
|
resource: 'settings',
|
|
action: 'write',
|
|
category: 'ADMIN'
|
|
}
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Obtenir tous les rôles avec leurs descriptions
|
|
*/
|
|
getAllRoles(): Role[] {
|
|
return [
|
|
{
|
|
id: UserRole.ADMIN,
|
|
name: UserRole.ADMIN,
|
|
displayName: 'Administrateur',
|
|
description: 'Accès complet au système, gestion des utilisateurs et paramètres',
|
|
permissions: ROLE_PERMISSIONS[UserRole.ADMIN],
|
|
level: 100
|
|
},
|
|
{
|
|
id: UserRole.MANAGER,
|
|
name: UserRole.MANAGER,
|
|
displayName: 'Responsable',
|
|
description: 'Gestion opérationnelle, supervision des gestionnaires et chantiers',
|
|
permissions: ROLE_PERMISSIONS[UserRole.MANAGER],
|
|
level: 80
|
|
},
|
|
{
|
|
id: UserRole.GESTIONNAIRE_PROJET,
|
|
name: UserRole.GESTIONNAIRE_PROJET,
|
|
displayName: 'Gestionnaire de Projet',
|
|
description: 'Gestion des clients attribués et de leurs projets',
|
|
permissions: ROLE_PERMISSIONS[UserRole.GESTIONNAIRE_PROJET],
|
|
level: 60
|
|
},
|
|
{
|
|
id: UserRole.CHEF_CHANTIER,
|
|
name: UserRole.CHEF_CHANTIER,
|
|
displayName: 'Chef de Chantier',
|
|
description: 'Gestion opérationnelle des chantiers et des équipes',
|
|
permissions: ROLE_PERMISSIONS[UserRole.CHEF_CHANTIER],
|
|
level: 50
|
|
},
|
|
{
|
|
id: UserRole.COMPTABLE,
|
|
name: UserRole.COMPTABLE,
|
|
displayName: 'Comptable',
|
|
description: 'Gestion financière, devis, factures et budgets',
|
|
permissions: ROLE_PERMISSIONS[UserRole.COMPTABLE],
|
|
level: 40
|
|
},
|
|
{
|
|
id: UserRole.OUVRIER,
|
|
name: UserRole.OUVRIER,
|
|
displayName: 'Ouvrier',
|
|
description: 'Consultation des chantiers et mise à jour des phases',
|
|
permissions: ROLE_PERMISSIONS[UserRole.OUVRIER],
|
|
level: 30
|
|
},
|
|
{
|
|
id: UserRole.CLIENT,
|
|
name: UserRole.CLIENT,
|
|
displayName: 'Client',
|
|
description: 'Consultation de ses projets, devis et factures',
|
|
permissions: ROLE_PERMISSIONS[UserRole.CLIENT],
|
|
level: 10
|
|
}
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Vérifier si un utilisateur a une permission spécifique
|
|
*/
|
|
hasPermission(userRole: UserRole, permission: string): boolean {
|
|
const rolePermissions = ROLE_PERMISSIONS[userRole];
|
|
return rolePermissions.includes(permission);
|
|
}
|
|
|
|
/**
|
|
* Vérifier si un utilisateur a toutes les permissions requises
|
|
*/
|
|
hasAllPermissions(userRole: UserRole, permissions: string[]): boolean {
|
|
return permissions.every(permission => this.hasPermission(userRole, permission));
|
|
}
|
|
|
|
/**
|
|
* Vérifier si un utilisateur a au moins une des permissions
|
|
*/
|
|
hasAnyPermission(userRole: UserRole, permissions: string[]): boolean {
|
|
return permissions.some(permission => this.hasPermission(userRole, permission));
|
|
}
|
|
|
|
/**
|
|
* Obtenir les permissions d'un rôle groupées par catégorie
|
|
*/
|
|
getPermissionsByCategory(role: UserRole): Record<string, Permission[]> {
|
|
const allPermissions = this.getAllPermissions();
|
|
const rolePermissions = ROLE_PERMISSIONS[role];
|
|
|
|
const userPermissions = allPermissions.filter(p =>
|
|
rolePermissions.includes(p.id)
|
|
);
|
|
|
|
return userPermissions.reduce((acc, permission) => {
|
|
const category = permission.category;
|
|
if (!acc[category]) {
|
|
acc[category] = [];
|
|
}
|
|
acc[category].push(permission);
|
|
return acc;
|
|
}, {} as Record<string, Permission[]>);
|
|
}
|
|
|
|
/**
|
|
* Comparer deux rôles (retourne true si role1 >= role2 en niveau)
|
|
*/
|
|
compareRoles(role1: UserRole, role2: UserRole): boolean {
|
|
const roles = this.getAllRoles();
|
|
const level1 = roles.find(r => r.id === role1)?.level || 0;
|
|
const level2 = roles.find(r => r.id === role2)?.level || 0;
|
|
return level1 >= level2;
|
|
}
|
|
|
|
/**
|
|
* Obtenir le niveau hiérarchique d'un rôle
|
|
*/
|
|
getRoleLevel(role: UserRole): number {
|
|
const roles = this.getAllRoles();
|
|
return roles.find(r => r.id === role)?.level || 0;
|
|
}
|
|
}
|
|
|
|
export default new PermissionService(); |