Skip to content

feat: add usePermissions hook for role-based access control #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
surajmn1 wants to merge 1 commit into
base: feat/e2e-datasets-metadata
Choose a base branch
from
Open

feat: add usePermissions hook for role-based access control #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions web/src/app/projects/[projectId]/datasets/[datasetId]/page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ import { Tabs, TabsContent, TabsList, TabsTrigger } from "@/components/ui/tabs";
import { DatasetHeader } from "@/components/dataset/dataset-header";
import { useQueryClient } from "@tanstack/react-query";
import { useDataset } from "@/lib/queries/dataset/get-dataset";
import { useAuthStore } from "@/lib/stores/auth-store";
import { useSidebar } from "@/components/ui/sidebar";
import { useResourcePermissions } from "@/hooks/use-permissions";

export default function DatasetPage({
params,
Expand All @@ -19,7 +19,6 @@ export default function DatasetPage({
}) {
const { datasetId, projectId } = React.use(params);
const queryClient = useQueryClient();
const { role, user } = useAuthStore();
const { setOpen } = useSidebar();

const { data: dataset, isLoading } = useDataset({
Expand All @@ -29,6 +28,8 @@ export default function DatasetPage({
},
});

const permissions = useResourcePermissions(dataset?.created_by);

const tableSchema = dataset?.columns || [];

// Close sidebar only on initial mount
Expand Down Expand Up @@ -125,7 +126,7 @@ export default function DatasetPage({
dataset={dataset}
projectId={projectId}
onUpdate={handleUpdate}
canEdit={role === "admin" || dataset.created_by === user?.id}
canEdit={permissions.canEdit}
/>
</motion.div>

Expand Down
61 changes: 61 additions & 0 deletions web/src/hooks/use-permissions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
import { useAuthStore } from "@/lib/stores/auth-store";

export interface PermissionCheck {
canRead: boolean;
canCreate: boolean;
canEdit: boolean;
canDelete: boolean;
isAdmin: boolean;
isMember: boolean;
role: string | null;
}

/**
* Hook to check user permissions based on organization role
*
* Access Matrix:
* - Member: Read only
* - Admin: Create, Read, Edit, Delete
*/
export function usePermissions(): PermissionCheck {
const { role } = useAuthStore();
const isAuthDisabled = String(process.env.NEXT_PUBLIC_ENABLE_AUTH).trim() !== "true";

const effectiveRole = isAuthDisabled ? "admin" : role;

const isAdmin = effectiveRole === "admin";
const isMember = effectiveRole === "member" || !effectiveRole;

return {
canRead: true,
canCreate: isAdmin,
canEdit: isAdmin,
canDelete: isAdmin,
isAdmin,
isMember,
role: effectiveRole,
};
}

/**
* Hook to check if user has permissions for a specific resource
* Combines role-based permissions with creator ownership
*
* @param createdBy - The user ID of the resource creator
* @returns Permission checks including creator-specific permissions
*/
export function useResourcePermissions(createdBy?: string | null): PermissionCheck & {
isCreator: boolean;
} {
const { user } = useAuthStore();
const permissions = usePermissions();

const isCreator = !!createdBy && user?.id === createdBy;

return {
...permissions,
canEdit: permissions.canEdit || isCreator,
canDelete: permissions.canDelete || isCreator,
isCreator,
};
}
Loading