Add access control rework

2026-04-02 03:18:37 +02:00
parent 314a26325f
commit 37cac95b38
111 changed files with 5355 additions and 1892 deletions
--- a/toju-app/src/app/features/settings/settings-modal/settings-modal.component.ts
+++ b/toju-app/src/app/features/settings/settings-modal/settings-modal.component.ts
@@ -32,8 +32,8 @@ import { RealtimeSessionFacade } from '../../../core/realtime';
 import { selectSavedRooms, selectCurrentRoom } from '../../../store/rooms/rooms.selectors';
 import { selectCurrentUser } from '../../../store/users/users.selectors';
 import { Room, UserRole } from '../../../shared-kernel';
-import { findRoomMember } from '../../../store/rooms/room-members.helpers';
 import { NotificationsSettingsComponent } from '../../../domains/notifications/feature/settings/notifications-settings.component';
+import { resolveLegacyRole, resolveRoomPermission } from '../../../domains/access-control';

 import { GeneralSettingsComponent } from './general-settings/general-settings.component';
 import { NetworkSettingsComponent } from './network-settings/network-settings.component';
@@ -153,9 +153,16 @@ export class SettingsModalComponent {
      return [];

    return this.savedRooms().filter((room) => {
-      const role = this.getUserRoleForRoom(room, user.id, user.oderId, this.currentRoom()?.id === room.id ? user.role : null);
+      const viewedRoom = this.currentRoom()?.id === room.id ? this.currentRoom() ?? room : room;
+      const role = resolveLegacyRole(viewedRoom, user);

-      return role === 'host' || role === 'admin' || role === 'moderator';
+      return role === 'host'
+        || resolveRoomPermission(viewedRoom, user, 'manageServer')
+        || resolveRoomPermission(viewedRoom, user, 'manageRoles')
+        || resolveRoomPermission(viewedRoom, user, 'manageChannels')
+        || resolveRoomPermission(viewedRoom, user, 'manageBans')
+        || resolveRoomPermission(viewedRoom, user, 'kickMembers')
+        || resolveRoomPermission(viewedRoom, user, 'banMembers');
    });
  });

@@ -180,30 +187,55 @@ export class SettingsModalComponent {
    if (!server || !user)
      return null;

-    return this.getUserRoleForRoom(
-      server,
-      user.id,
-      user.oderId,
-      this.currentRoom()?.id === server.id ? user.role : null
-    );
+    return resolveLegacyRole(this.currentRoom()?.id === server.id ? this.currentRoom() ?? server : server, user);
  });

  canAccessSelectedServer = computed(() => {
-    const role = this.selectedServerRole();
+    const server = this.selectedServer();
+    const user = this.currentUser();

-    return role === 'host' || role === 'admin' || role === 'moderator';
+    return !!server && !!user && (
+      resolveLegacyRole(server, user) === 'host'
+      || resolveRoomPermission(server, user, 'manageServer')
+      || resolveRoomPermission(server, user, 'manageRoles')
+      || resolveRoomPermission(server, user, 'manageChannels')
+      || resolveRoomPermission(server, user, 'manageBans')
+      || resolveRoomPermission(server, user, 'kickMembers')
+      || resolveRoomPermission(server, user, 'banMembers')
+    );
  });

  canManageSelectedMembers = computed(() => {
-    const role = this.selectedServerRole();
+    const server = this.selectedServer();
+    const user = this.currentUser();

-    return role === 'host' || role === 'admin' || role === 'moderator';
+    return !!server && !!user && (
+      resolveLegacyRole(server, user) === 'host'
+      || resolveRoomPermission(server, user, 'manageRoles')
+      || resolveRoomPermission(server, user, 'kickMembers')
+      || resolveRoomPermission(server, user, 'banMembers')
+    );
  });

  canManageSelectedBans = computed(() => {
-    const role = this.selectedServerRole();
+    const server = this.selectedServer();
+    const user = this.currentUser();

-    return role === 'host' || role === 'admin';
+    return !!server && !!user && (
+      resolveLegacyRole(server, user) === 'host'
+      || resolveRoomPermission(server, user, 'manageBans')
+    );
+  });
+
+  canManageSelectedPermissions = computed(() => {
+    const server = this.selectedServer();
+    const user = this.currentUser();
+
+    return !!server && !!user && (
+      resolveLegacyRole(server, user) === 'host'
+      || resolveRoomPermission(server, user, 'manageRoles')
+      || resolveRoomPermission(server, user, 'manageServer')
+    );
  });

  isSelectedServerOwner = computed(() => {
@@ -283,23 +315,6 @@ export class SettingsModalComponent {
    });
  }

-  private getUserRoleForRoom(
-    room: Room,
-    userId: string,
-    userOderId: string,
-    currentRole: UserRole | null
-  ): UserRole | null {
-    if (room.hostId === userId || room.hostId === userOderId)
-      return 'host';
-
-    if (currentRole)
-      return currentRole;
-
-    return findRoomMember(room.members ?? [], userId)?.role
-      || findRoomMember(room.members ?? [], userOderId)?.role
-      || null;
-  }
-
  @HostListener('document:keydown.escape')
  onEscapeKey(): void {
    if (this.showThirdPartyLicenses()) {