46 lines
1.2 KiB
TypeScript
46 lines
1.2 KiB
TypeScript
import { resolvePermissions, type PermissionKey, type PermissionOverrides, SystemRole } from "@capakraken/shared";
|
|
import {
|
|
canonicalizeSseAudiences,
|
|
permissionAudience,
|
|
resourceAudience,
|
|
roleAudience,
|
|
type SseAudience,
|
|
type SseSubscriptionOptions,
|
|
userAudience,
|
|
} from "./event-bus.js";
|
|
|
|
export interface SseSubscriberIdentity {
|
|
userId: string;
|
|
systemRole: SystemRole;
|
|
permissionOverrides?: PermissionOverrides | null;
|
|
resourceId?: string | null;
|
|
}
|
|
|
|
export interface DerivedSseSubscription extends SseSubscriptionOptions {
|
|
audiences: SseAudience[];
|
|
permissions: Set<PermissionKey>;
|
|
includeUnscoped: false;
|
|
}
|
|
|
|
export function deriveUserSseSubscription(
|
|
identity: SseSubscriberIdentity,
|
|
roleDefaults?: Record<string, PermissionKey[]>,
|
|
): DerivedSseSubscription {
|
|
const permissions = resolvePermissions(
|
|
identity.systemRole,
|
|
identity.permissionOverrides ?? null,
|
|
roleDefaults,
|
|
);
|
|
|
|
return {
|
|
audiences: canonicalizeSseAudiences([
|
|
userAudience(identity.userId),
|
|
roleAudience(identity.systemRole),
|
|
...(identity.resourceId ? [resourceAudience(identity.resourceId)] : []),
|
|
...Array.from(permissions, (permission) => permissionAudience(permission)),
|
|
]),
|
|
permissions,
|
|
includeUnscoped: false,
|
|
};
|
|
}
|