@bigfishtv/cockpit/src/utils/roleUtils.js

/**
 * Role Utilities
 * @module Utilities/roleUtils
 */

/**
 * Returns true if user can access at least one of the supplied resources.
 *
 * @param  {Object[]} resources
 * @param  {String} resources[].model
 * @param  {String} resources[].foreign_key
 * @param  {String} resources[].alias
 * @param  {Object} user
 * @param  {Boolean} user.admin
 * @param  {Object[]} user.permissions
 * @param  {String} user.permissions[].model
 * @param  {String} user.permissions[].foreign_key
 * @param  {String} user.permissions[].alias
 * @return {Boolean}
 */
export function userCanAccess(resources = [], user) {
	if (!Array.isArray(resources)) {
		resources = [resources]
	}

	if (user.admin) {
		return true
	}

	if (!resources.length) {
		return true
	}

	for (let r = 0; r < resources.length; r++) {
		const resource = resources[r]
		for (let p = 0; p < user.permissions.length; p++) {
			const permission = user.permissions[p]

			// skip permission if scoped to foreign key that does not match resource
			if (permission.foreign_key && resource.foreign_key && resource.foreign_key != permission.foreign_key) {
				continue
			}

			// skip permission if scoped to model key that does not match resource
			if (permission.model && resource.model != permission.model) {
				continue
			}

			// normalise permission actions to an array
			const permissionActions = ensureArray(permission.actions)

			// skip permission if scoped to actions and action does not match resource
			if (permissionActions.length) {
				if (!resource.action) {
					continue
				}

				if (typeof resource.action === 'string' && permissionActions.indexOf(resource.action) === -1) {
					continue
				}
			}

			return true
		}
	}

	return false
}

function ensureArray(value) {
	if (Array.isArray(value)) {
		return value
	}
	return value ? [value] : []
}