"use client" import { useMemo } from "react" import { useAuthStore } from "@/shared/stores/auth-store" /** * UI-side permission checks. The backend `permission.check` middleware is the * authoritative guard (returns 403 on missing permission); this hook only hides * controls so the UI doesn't dead-end users. * * Permission flags arrive on the authenticated user payload as boolean columns * (e.g. `can_view_employees`, `can_create_payroll`). Unknown keys default to * `true` so the UI doesn't accidentally hide everything when the payload shape * changes — backend stays the source of truth. */ export function usePermissions() { const user = useAuthStore((s) => s.user) return useMemo(() => { const flags = (user ?? {}) as Record function check(action: "view" | "create" | "update" | "delete", resource: string): boolean { const key = `can_${action}_${resource}` const value = flags[key] // Default to true when the flag is absent — backend is the source of truth. if (value === undefined || value === null) return true return Boolean(value) } return { can: check, canView: (resource: string) => check("view", resource), canCreate: (resource: string) => check("create", resource), canUpdate: (resource: string) => check("update", resource), canDelete: (resource: string) => check("delete", resource), } }, [user]) }