forked from alan2207/bulletproof-react
-
Notifications
You must be signed in to change notification settings - Fork 0
/
authorization.tsx
83 lines (65 loc) · 1.58 KB
/
authorization.tsx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import * as React from 'react';
import { Comment } from '@/features/comments';
import { User } from '@/features/users';
import { useAuth } from './auth';
export enum ROLES {
ADMIN = 'ADMIN',
USER = 'USER',
}
type RoleTypes = keyof typeof ROLES;
export const POLICIES = {
'comment:delete': (user: User, comment: Comment) => {
if (user.role === 'ADMIN') {
return true;
}
if (user.role === 'USER' && comment.authorId === user.id) {
return true;
}
return false;
},
};
export const useAuthorization = () => {
const { user } = useAuth();
if (!user) {
throw Error('User does not exist!');
}
const checkAccess = React.useCallback(
({ allowedRoles }: { allowedRoles: RoleTypes[] }) => {
if (allowedRoles && allowedRoles.length > 0) {
return allowedRoles?.includes(user.role);
}
return true;
},
[user.role]
);
return { checkAccess, role: user.role };
};
type AuthorizationProps = {
forbiddenFallback?: React.ReactNode;
children: React.ReactNode;
} & (
| {
allowedRoles: RoleTypes[];
policyCheck?: never;
}
| {
allowedRoles?: never;
policyCheck: boolean;
}
);
export const Authorization = ({
policyCheck,
allowedRoles,
forbiddenFallback = null,
children,
}: AuthorizationProps) => {
const { checkAccess } = useAuthorization();
let canAccess = false;
if (allowedRoles) {
canAccess = checkAccess({ allowedRoles });
}
if (typeof policyCheck !== 'undefined') {
canAccess = policyCheck;
}
return <>{canAccess ? children : forbiddenFallback}</>;
};