garage-erp/apps/dashboard/shared/hooks/use-permissions.ts
humam kerdiah 3c55be5052 feat: add payroll, time clocks, and leave request modules
- Implemented PayrollPage for managing payroll runs with CRUD operations.
- Created TimeClocksPage for tracking employee clock-ins and clock-outs.
- Developed TimeSheetsPage for displaying employee timesheets.
- Added EmployeeCertificationForm and EmployeeDocumentForm for managing employee certifications and documents.
- Introduced LeaveRequestForm for submitting and managing leave requests.
- Added usePermissions hook for UI-side permission checks.
- Created LeaveRequestsClient and PayrollClient for API interactions.
2026-05-21 13:30:06 +04:00

39 lines
1.5 KiB
TypeScript

"use client"
import { useMemo } from "react"
import { useAuthStore } from "@/shared/stores/auth-store"
/**
* UI-side permission checks. The backend `permission.check` middleware is the
* authoritative guard (returns 403 on missing permission); this hook only hides
* controls so the UI doesn't dead-end users.
*
* Permission flags arrive on the authenticated user payload as boolean columns
* (e.g. `can_view_employees`, `can_create_payroll`). Unknown keys default to
* `true` so the UI doesn't accidentally hide everything when the payload shape
* changes — backend stays the source of truth.
*/
export function usePermissions() {
const user = useAuthStore((s) => s.user)
return useMemo(() => {
const flags = (user ?? {}) as Record<string, unknown>
function check(action: "view" | "create" | "update" | "delete", resource: string): boolean {
const key = `can_${action}_${resource}`
const value = flags[key]
// Default to true when the flag is absent — backend is the source of truth.
if (value === undefined || value === null) return true
return Boolean(value)
}
return {
can: check,
canView: (resource: string) => check("view", resource),
canCreate: (resource: string) => check("create", resource),
canUpdate: (resource: string) => check("update", resource),
canDelete: (resource: string) => check("delete", resource),
}
}, [user])
}