code: shared,packages,lua (3 files)

2026-04-24 13:54:57 +00:00 · 2025-12-30 23:15:03 +00:00
parent 483169a680
commit 0d23b7684b
3 changed files with 81 additions and 4 deletions
--- a/frontends/nextjs/src/lib/routing/auth/index.ts
+++ b/frontends/nextjs/src/lib/routing/auth/index.ts
@@ -13,13 +13,22 @@ export {
  clearPackageCache,
  getAccessiblePackages,
  getPackageEntities,
+  getPackagePermissions,
  getPackageRoutes,
+  getUserPermissions,
+  hasPermission,
  isPackageAccessible,
  loadPackageMetadata,
  packageClaimsRoute,
  validatePackageRoute,
 } from './validate-package-route'
-export type { PackageMetadata, PackageRoute, RouteClaimResult } from './validate-package-route'
+export type {
+  PackageMetadata,
+  PackagePermissionDef,
+  PackagePermissions,
+  PackageRoute,
+  RouteClaimResult,
+} from './validate-package-route'

 export { executeDbalOperation, executePackageAction } from './execute-dbal-operation'
 export type { ExecuteOptions, ExecuteResult } from './execute-dbal-operation'
--- a/packages/shared/seed/scripts/permissions/init.lua
+++ b/packages/shared/seed/scripts/permissions/init.lua
@@ -52,4 +52,59 @@ function M.check_component_access(userLevel, componentPermissions)
  return M.check_access(userLevel, componentPermissions, featureFlags, databaseEnabled)
 end

+---Check if user has a specific permission (new-style permissions map)
+---@param userLevel PermissionLevel User's permission level
+---@param permissions PackagePermissions The permissions map from metadata.json
+---@param permission string The permission key to check (e.g., "forum.post.create")
+---@return PermissionCheckResult
+function M.has_permission(userLevel, permissions, permission)
+  if not permissions then
+    return { allowed = false, reason = "No permissions defined" }
+  end
+  
+  local permDef = permissions[permission]
+  if not permDef then
+    return { allowed = false, reason = "Permission not found: " .. permission }
+  end
+  
+  if userLevel < permDef.minLevel then
+    return {
+      allowed = false,
+      reason = "Insufficient level for " .. permission,
+      requiredLevel = permDef.minLevel
+    }
+  end
+  
+  -- Check feature flags if defined
+  if permDef.featureFlags then
+    local flagsOk = M.check_required_flags(permDef.featureFlags)
+    if not flagsOk.allowed then
+      return flagsOk
+    end
+  end
+  
+  -- Check database if required
+  if permDef.requireDatabase and not M.is_database_enabled() then
+    return { allowed = false, reason = "Database required for " .. permission }
+  end
+  
+  return { allowed = true }
+end
+
+---Get all permissions a user has from a permissions map
+---@param userLevel PermissionLevel User's permission level
+---@param permissions PackagePermissions The permissions map from metadata.json
+---@return string[] List of permission keys the user has
+function M.get_user_permissions(userLevel, permissions)
+  if not permissions then return {} end
+  
+  local result = {}
+  for permKey, permDef in pairs(permissions) do
+    if userLevel >= permDef.minLevel then
+      table.insert(result, permKey)
+    end
+  end
+  return result
+end
+
 return M
--- a/packages/shared/seed/scripts/permissions/types.lua
+++ b/packages/shared/seed/scripts/permissions/types.lua
@@ -15,7 +15,7 @@
 ---| 6 # SUPERGOD - System owner

 --------------------------------------------------------------------------------
-- Component Permission
+-- Component Permission (Legacy)
 --------------------------------------------------------------------------------

 ---@class ComponentPermission
@@ -25,15 +25,28 @@
 ---@field requireDatabase? boolean Whether this component requires database (optional)

 --------------------------------------------------------------------------------
-- Package Permissions
+-- Package Permissions (Legacy Style)
 --------------------------------------------------------------------------------

---@class PackagePermissions
+---@class PackagePermissionsLegacy
 ---@field enabled boolean Package enabled/disabled
 ---@field minLevel PermissionLevel Minimum level to access package (0-6)
 ---@field databaseRequired? boolean Whether package needs database connection
 ---@field components? table<string, ComponentPermission> Per-component permissions

+--------------------------------------------------------------------------------
+-- Permission Definition (New Style)
+-- Each permission is a key like "forum.post.create" with a definition
+--------------------------------------------------------------------------------
+
+---@class PermissionDef
+---@field minLevel PermissionLevel Minimum level required for this permission
+---@field description string Human-readable description
+---@field featureFlags? string[] Optional feature flags required
+---@field requireDatabase? boolean Whether database connection is required
+
+---@alias PackagePermissions table<string, PermissionDef>
+
 --------------------------------------------------------------------------------
 -- Permission Check Result
 --------------------------------------------------------------------------------