d25d482dc2
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
106 lines
3.3 KiB
TypeScript
106 lines
3.3 KiB
TypeScript
import { useMemo } from 'react'
|
|
import { createLogger } from '@sim/logger'
|
|
import { useSession } from '@/lib/auth/auth-client'
|
|
import type { WorkspacePermissions } from '@/hooks/queries/workspace'
|
|
|
|
export type PermissionType = 'admin' | 'write' | 'read'
|
|
|
|
const logger = createLogger('useUserPermissions')
|
|
|
|
export interface WorkspaceUserPermissions {
|
|
// Core permission checks
|
|
canRead: boolean
|
|
canEdit: boolean
|
|
canAdmin: boolean
|
|
|
|
// Utility properties
|
|
userPermissions: PermissionType
|
|
isLoading: boolean
|
|
error: string | null
|
|
}
|
|
|
|
/**
|
|
* Custom hook to check current user's permissions within a workspace
|
|
* This version accepts workspace permissions to avoid duplicate API calls
|
|
*
|
|
* @param workspacePermissions - The workspace permissions data
|
|
* @param permissionsLoading - Whether permissions are currently loading
|
|
* @param permissionsError - Any error from fetching permissions
|
|
* @returns Object containing permission flags and utility properties
|
|
*/
|
|
export function useUserPermissions(
|
|
workspacePermissions: WorkspacePermissions | null,
|
|
permissionsLoading = false,
|
|
permissionsError: string | null = null
|
|
): WorkspaceUserPermissions {
|
|
const { data: session, isPending: sessionLoading } = useSession()
|
|
|
|
const userPermissions = useMemo((): WorkspaceUserPermissions => {
|
|
const sessionEmail = session?.user?.email
|
|
if (permissionsLoading || sessionLoading || !sessionEmail) {
|
|
return {
|
|
canRead: false,
|
|
canEdit: false,
|
|
canAdmin: false,
|
|
userPermissions: 'read',
|
|
isLoading: permissionsLoading || sessionLoading,
|
|
error: permissionsError,
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Prefer the server-resolved `viewer.permissionType` — it already accounts for workspace
|
|
* owners and organization owners/admins who have no explicit `permissions` row but are
|
|
* effectively admins. Falls back to scanning `users` only if the server response predates
|
|
* the viewer field (rolling deploy).
|
|
*/
|
|
const viewerPerms = workspacePermissions?.viewer?.permissionType
|
|
if (viewerPerms) {
|
|
return {
|
|
canRead: true,
|
|
canEdit: viewerPerms === 'write' || viewerPerms === 'admin',
|
|
canAdmin: viewerPerms === 'admin',
|
|
userPermissions: viewerPerms,
|
|
isLoading: false,
|
|
error: permissionsError,
|
|
}
|
|
}
|
|
|
|
const currentUser = workspacePermissions?.users?.find(
|
|
(user) => user.email.toLowerCase() === sessionEmail.toLowerCase()
|
|
)
|
|
|
|
if (!currentUser) {
|
|
logger.warn('User not found in workspace permissions', {
|
|
userEmail: sessionEmail,
|
|
hasPermissions: !!workspacePermissions,
|
|
userCount: workspacePermissions?.users?.length || 0,
|
|
})
|
|
|
|
return {
|
|
canRead: false,
|
|
canEdit: false,
|
|
canAdmin: false,
|
|
userPermissions: 'read',
|
|
isLoading: false,
|
|
error: permissionsError || 'User not found in workspace',
|
|
}
|
|
}
|
|
|
|
const userPerms = currentUser.permissionType || 'read'
|
|
const canAdmin = userPerms === 'admin'
|
|
const canEdit = userPerms === 'write' || userPerms === 'admin'
|
|
|
|
return {
|
|
canRead: true,
|
|
canEdit,
|
|
canAdmin,
|
|
userPermissions: userPerms,
|
|
isLoading: false,
|
|
error: permissionsError,
|
|
}
|
|
}, [session, sessionLoading, workspacePermissions, permissionsLoading, permissionsError])
|
|
|
|
return userPermissions
|
|
}
|