213 lines
9.3 KiB
Dart
213 lines
9.3 KiB
Dart
/// Système de permissions granulaires ultra-sophistiqué
|
|
/// Plus de 50 permissions atomiques avec héritage intelligent
|
|
library permission_matrix;
|
|
|
|
/// Matrice de permissions atomiques pour contrôle granulaire
|
|
///
|
|
/// Chaque permission suit la convention : `domain.action.scope`
|
|
/// Exemples : `members.edit.own`, `finances.view.all`, `system.admin.global`
|
|
class PermissionMatrix {
|
|
// === PERMISSIONS SYSTÈME ===
|
|
static const String SYSTEM_ADMIN = 'system.admin.global';
|
|
static const String SYSTEM_CONFIG = 'system.config.global';
|
|
static const String SYSTEM_MONITORING = 'system.monitoring.view';
|
|
static const String SYSTEM_BACKUP = 'system.backup.manage';
|
|
static const String SYSTEM_SECURITY = 'system.security.manage';
|
|
static const String SYSTEM_AUDIT = 'system.audit.view';
|
|
static const String SYSTEM_LOGS = 'system.logs.view';
|
|
static const String SYSTEM_MAINTENANCE = 'system.maintenance.execute';
|
|
|
|
// === PERMISSIONS ORGANISATION ===
|
|
static const String ORG_CREATE = 'organization.create.global';
|
|
static const String ORG_DELETE = 'organization.delete.own';
|
|
static const String ORG_CONFIG = 'organization.config.own';
|
|
static const String ORG_BRANDING = 'organization.branding.manage';
|
|
static const String ORG_SETTINGS = 'organization.settings.manage';
|
|
static const String ORG_PERMISSIONS = 'organization.permissions.manage';
|
|
static const String ORG_WORKFLOWS = 'organization.workflows.manage';
|
|
static const String ORG_INTEGRATIONS = 'organization.integrations.manage';
|
|
|
|
// === PERMISSIONS DASHBOARD ===
|
|
static const String DASHBOARD_VIEW = 'dashboard.view.own';
|
|
static const String DASHBOARD_ADMIN = 'dashboard.admin.view';
|
|
static const String DASHBOARD_ANALYTICS = 'dashboard.analytics.view';
|
|
static const String DASHBOARD_REPORTS = 'dashboard.reports.generate';
|
|
static const String DASHBOARD_EXPORT = 'dashboard.export.data';
|
|
static const String DASHBOARD_CUSTOMIZE = 'dashboard.customize.layout';
|
|
|
|
// === PERMISSIONS MEMBRES ===
|
|
static const String MEMBERS_VIEW_ALL = 'members.view.all';
|
|
static const String MEMBERS_VIEW_OWN = 'members.view.own';
|
|
static const String MEMBERS_CREATE = 'members.create.organization';
|
|
static const String MEMBERS_EDIT_ALL = 'members.edit.all';
|
|
static const String MEMBERS_EDIT_OWN = 'members.edit.own';
|
|
static const String MEMBERS_EDIT_BASIC = 'members.edit.basic';
|
|
static const String MEMBERS_DELETE = 'members.delete.organization';
|
|
static const String MEMBERS_DELETE_ALL = 'members.delete.all';
|
|
static const String MEMBERS_APPROVE = 'members.approve.requests';
|
|
static const String MEMBERS_SUSPEND = 'members.suspend.organization';
|
|
static const String MEMBERS_EXPORT = 'members.export.data';
|
|
static const String MEMBERS_IMPORT = 'members.import.data';
|
|
static const String MEMBERS_COMMUNICATE = 'members.communicate.all';
|
|
|
|
// === PERMISSIONS FINANCES ===
|
|
static const String FINANCES_VIEW_ALL = 'finances.view.all';
|
|
static const String FINANCES_VIEW_OWN = 'finances.view.own';
|
|
static const String FINANCES_EDIT_ALL = 'finances.edit.all';
|
|
static const String FINANCES_MANAGE = 'finances.manage.organization';
|
|
static const String FINANCES_APPROVE = 'finances.approve.transactions';
|
|
static const String FINANCES_REPORTS = 'finances.reports.generate';
|
|
static const String FINANCES_BUDGET = 'finances.budget.manage';
|
|
static const String FINANCES_AUDIT = 'finances.audit.access';
|
|
|
|
// === PERMISSIONS ÉVÉNEMENTS ===
|
|
static const String EVENTS_VIEW_ALL = 'events.view.all';
|
|
static const String EVENTS_VIEW_PUBLIC = 'events.view.public';
|
|
static const String EVENTS_CREATE = 'events.create.organization';
|
|
static const String EVENTS_EDIT_ALL = 'events.edit.all';
|
|
static const String EVENTS_EDIT_OWN = 'events.edit.own';
|
|
static const String EVENTS_DELETE = 'events.delete.organization';
|
|
static const String EVENTS_PARTICIPATE = 'events.participate.public';
|
|
static const String EVENTS_MODERATE = 'events.moderate.organization';
|
|
static const String EVENTS_ANALYTICS = 'events.analytics.view';
|
|
|
|
// === PERMISSIONS SOLIDARITÉ ===
|
|
static const String SOLIDARITY_VIEW_ALL = 'solidarity.view.all';
|
|
static const String SOLIDARITY_VIEW_OWN = 'solidarity.view.own';
|
|
static const String SOLIDARITY_VIEW_PUBLIC = 'solidarity.view.public';
|
|
static const String SOLIDARITY_CREATE = 'solidarity.create.request';
|
|
static const String SOLIDARITY_EDIT_ALL = 'solidarity.edit.all';
|
|
static const String SOLIDARITY_APPROVE = 'solidarity.approve.requests';
|
|
static const String SOLIDARITY_PARTICIPATE = 'solidarity.participate.actions';
|
|
static const String SOLIDARITY_MANAGE = 'solidarity.manage.organization';
|
|
static const String SOLIDARITY_FUND = 'solidarity.fund.manage';
|
|
|
|
// === PERMISSIONS COMMUNICATION ===
|
|
static const String COMM_SEND_ALL = 'communication.send.all';
|
|
static const String COMM_SEND_MEMBERS = 'communication.send.members';
|
|
static const String COMM_MODERATE = 'communication.moderate.organization';
|
|
static const String COMM_BROADCAST = 'communication.broadcast.organization';
|
|
static const String COMM_TEMPLATES = 'communication.templates.manage';
|
|
|
|
// === PERMISSIONS RAPPORTS ===
|
|
static const String REPORTS_VIEW_ALL = 'reports.view.all';
|
|
static const String REPORTS_GENERATE = 'reports.generate.organization';
|
|
static const String REPORTS_EXPORT = 'reports.export.data';
|
|
static const String REPORTS_SCHEDULE = 'reports.schedule.automated';
|
|
|
|
// === PERMISSIONS MODÉRATION ===
|
|
static const String MODERATION_CONTENT = 'moderation.content.manage';
|
|
static const String MODERATION_USERS = 'moderation.users.manage';
|
|
static const String MODERATION_REPORTS = 'moderation.reports.handle';
|
|
|
|
/// Toutes les permissions disponibles dans le système
|
|
static const List<String> ALL_PERMISSIONS = [
|
|
// Système
|
|
SYSTEM_ADMIN, SYSTEM_CONFIG, SYSTEM_MONITORING, SYSTEM_BACKUP,
|
|
SYSTEM_SECURITY, SYSTEM_AUDIT, SYSTEM_LOGS, SYSTEM_MAINTENANCE,
|
|
|
|
// Organisation
|
|
ORG_CREATE, ORG_DELETE, ORG_CONFIG, ORG_BRANDING, ORG_SETTINGS,
|
|
ORG_PERMISSIONS, ORG_WORKFLOWS, ORG_INTEGRATIONS,
|
|
|
|
// Dashboard
|
|
DASHBOARD_VIEW, DASHBOARD_ADMIN, DASHBOARD_ANALYTICS, DASHBOARD_REPORTS,
|
|
DASHBOARD_EXPORT, DASHBOARD_CUSTOMIZE,
|
|
|
|
// Membres
|
|
MEMBERS_VIEW_ALL, MEMBERS_VIEW_OWN, MEMBERS_CREATE, MEMBERS_EDIT_ALL,
|
|
MEMBERS_EDIT_OWN, MEMBERS_DELETE, MEMBERS_APPROVE, MEMBERS_SUSPEND,
|
|
MEMBERS_EXPORT, MEMBERS_IMPORT, MEMBERS_COMMUNICATE,
|
|
|
|
// Finances
|
|
FINANCES_VIEW_ALL, FINANCES_VIEW_OWN, FINANCES_MANAGE, FINANCES_APPROVE,
|
|
FINANCES_REPORTS, FINANCES_BUDGET, FINANCES_AUDIT,
|
|
|
|
// Événements
|
|
EVENTS_VIEW_ALL, EVENTS_VIEW_PUBLIC, EVENTS_CREATE, EVENTS_EDIT_ALL,
|
|
EVENTS_EDIT_OWN, EVENTS_DELETE, EVENTS_MODERATE, EVENTS_ANALYTICS,
|
|
|
|
// Solidarité
|
|
SOLIDARITY_VIEW_ALL, SOLIDARITY_VIEW_OWN, SOLIDARITY_CREATE,
|
|
SOLIDARITY_APPROVE, SOLIDARITY_MANAGE, SOLIDARITY_FUND,
|
|
|
|
// Communication
|
|
COMM_SEND_ALL, COMM_SEND_MEMBERS, COMM_MODERATE, COMM_BROADCAST,
|
|
COMM_TEMPLATES,
|
|
|
|
// Rapports
|
|
REPORTS_VIEW_ALL, REPORTS_GENERATE, REPORTS_EXPORT, REPORTS_SCHEDULE,
|
|
|
|
// Modération
|
|
MODERATION_CONTENT, MODERATION_USERS, MODERATION_REPORTS,
|
|
];
|
|
|
|
/// Permissions publiques (accessibles sans authentification)
|
|
static const List<String> PUBLIC_PERMISSIONS = [
|
|
EVENTS_VIEW_PUBLIC,
|
|
];
|
|
|
|
/// Vérifie si une permission est publique
|
|
static bool isPublicPermission(String permission) {
|
|
return PUBLIC_PERMISSIONS.contains(permission);
|
|
}
|
|
|
|
/// Obtient le domaine d'une permission (partie avant le premier point)
|
|
static String getDomain(String permission) {
|
|
return permission.split('.').first;
|
|
}
|
|
|
|
/// Obtient l'action d'une permission (partie du milieu)
|
|
static String getAction(String permission) {
|
|
final parts = permission.split('.');
|
|
return parts.length > 1 ? parts[1] : '';
|
|
}
|
|
|
|
/// Obtient la portée d'une permission (partie après le dernier point)
|
|
static String getScope(String permission) {
|
|
return permission.split('.').last;
|
|
}
|
|
|
|
/// Vérifie si une permission implique une autre (héritage)
|
|
static bool implies(String higherPermission, String lowerPermission) {
|
|
// Exemple : 'members.edit.all' implique 'members.view.all'
|
|
final higherParts = higherPermission.split('.');
|
|
final lowerParts = lowerPermission.split('.');
|
|
|
|
if (higherParts.length != 3 || lowerParts.length != 3) return false;
|
|
|
|
// Même domaine requis
|
|
if (higherParts[0] != lowerParts[0]) return false;
|
|
|
|
// Vérification des implications d'actions
|
|
return _actionImplies(higherParts[1], lowerParts[1]) &&
|
|
_scopeImplies(higherParts[2], lowerParts[2]);
|
|
}
|
|
|
|
/// Vérifie si une action implique une autre
|
|
static bool _actionImplies(String higherAction, String lowerAction) {
|
|
const actionHierarchy = {
|
|
'admin': ['manage', 'edit', 'create', 'delete', 'view'],
|
|
'manage': ['edit', 'create', 'delete', 'view'],
|
|
'edit': ['view'],
|
|
'create': ['view'],
|
|
'delete': ['view'],
|
|
};
|
|
|
|
return actionHierarchy[higherAction]?.contains(lowerAction) ??
|
|
higherAction == lowerAction;
|
|
}
|
|
|
|
/// Vérifie si une portée implique une autre
|
|
static bool _scopeImplies(String higherScope, String lowerScope) {
|
|
const scopeHierarchy = {
|
|
'global': ['all', 'organization', 'own'],
|
|
'all': ['organization', 'own'],
|
|
'organization': ['own'],
|
|
};
|
|
|
|
return scopeHierarchy[higherScope]?.contains(lowerScope) ??
|
|
higherScope == lowerScope;
|
|
}
|
|
}
|