accountManagementAccess.ts
2.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import {
ALL_ROLE_ACCESS_PERMISSION_CODES,
hasAllRoleAccessPermissions,
} from "../types/role";
export const ROLE_ACCESS_MANAGE_PEOPLE = "manage_people";
export type AccountManagementAccessParams = {
roleCodes?: string[] | null;
permissionCodes?: string[] | null;
userName?: string | null;
/** `/auth-session/my-menus` 人类可读角色名,如 Company Admin */
roleDisplay?: string | null;
/** 当前用户角色勾选的访问权限(manage_people 等) */
roleAccessPermissionCodes?: string[] | null;
};
function normalizeRoleKey(token: string): string {
return token.trim().toLowerCase().replace(/[\s_-]+/g, "");
}
function roleTokenIsCompanyAdmin(token: string): boolean {
const key = normalizeRoleKey(token);
if (!key) return false;
if (key === "companyadmin" || key.includes("companyadmin")) return true;
return key.includes("partner");
}
/**
* Company Admin(RoleCode=CompanyAdmin)或历史 Partner Admin。
*/
export function isCompanyAdminRole(params: AccountManagementAccessParams): boolean {
const display = (params.roleDisplay ?? "").trim();
if (display && roleTokenIsCompanyAdmin(display)) return true;
for (const r of params.roleCodes ?? []) {
if (roleTokenIsCompanyAdmin(String(r ?? ""))) return true;
}
return false;
}
export function hasManagePeopleRoleAccess(params: AccountManagementAccessParams): boolean {
const codes = params.roleAccessPermissionCodes ?? [];
if (hasAllRoleAccessPermissions(codes)) return true;
return codes.some((c) => c.trim() === ROLE_ACCESS_MANAGE_PEOPLE);
}
/**
* Account Management:公司 / 角色 等结构类变更,仅平台管理员可操作。
*/
export function canMutateAccountManagementStructure(params: AccountManagementAccessParams): boolean {
const un = (params.userName ?? "").trim().toLowerCase();
if (un === "admin") return true;
for (const p of params.permissionCodes ?? []) {
const t = (p ?? "").trim();
if (t === "*:*:*" || t === "*") return true;
}
const adminRoles = new Set(["admin", "ccadmin"]);
for (const r of params.roleCodes ?? []) {
const t = (r ?? "").trim().toLowerCase();
if (adminRoles.has(t)) return true;
}
return false;
}
/**
* Region / Location 新增、编辑、删除:平台管理员、Company Admin 角色,或具备 Manage People 访问权限。
*/
export function canMutateRegionAndLocationStructure(params: AccountManagementAccessParams): boolean {
return (
canMutateAccountManagementStructure(params) ||
isCompanyAdminRole(params) ||
hasManagePeopleRoleAccess(params)
);
}
/** Support 页全局客服电话/邮箱:仅平台管理员可编辑保存 */
export function canEditSupportContactSettings(params: AccountManagementAccessParams): boolean {
return canMutateAccountManagementStructure(params);
}
/** 与后端 RoleAccessPermissionCodes.All 一致,供测试或其它模块引用 */
export { ALL_ROLE_ACCESS_PERMISSION_CODES };