myxelium/Toju
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects 2 Releases 28 Wiki Activity
Files
0152ed9dd26709e3e55e68478742b418b294563b
Toju/toju-app/src/app/domains/access-control/README.md

3.6 KiB
Raw Blame History

Access Control Domain

Role and permission rules for servers, including default system roles, role assignment normalization, permission resolution, legacy compatibility mapping, and room-level access-control hydration.

Module map

access-control/
├── domain/
│   ├── models/
│   │   └── access-control.model.ts         MemberIdentity and RoomPermissionDefinition domain types
│   ├── constants/
│   │   └── access-control.constants.ts     SYSTEM_ROLE_IDS and permission metadata
│   ├── util/
│   │   └── access-control.util.ts          Internal helpers (normalization, identity matching, sorting)
│   └── rules/
│       ├── role.rules.ts                   Role defaults, normalization, ordering, create/update helpers
│       ├── role-assignment.rules.ts        Assignment normalization and member-role lookups
│       ├── permission.rules.ts             Permission resolution and moderation hierarchy checks
│       ├── room.rules.ts                   Legacy compatibility, room hydration, room-level normalization
│       └── ban.rules.ts                    Ban matching and user-ban resolution
│
└── index.ts                                Domain barrel used by other layers

Domain rules

Function Purpose
normalizeRoomRoles(room.roles, room.permissions) Repairs missing/default roles and keeps role ordering stable
normalizeRoomRoleAssignments(...) Deduplicates and backfills member role assignments from legacy member role fields
normalizeChannelPermissionOverrides(...) Deduplicates valid channel overrides and drops invalid references
resolveRoomPermission(room, identity, permission, channelId?) Resolves effective permission state including overrides
canManageMember(...) Applies both permission checks and role hierarchy checks
canManageRole(...) Prevents editing roles at or above the actor's highest role
normalizeRoomAccessControl(room) Produces a fully hydrated room with normalized roles, assignments, overrides, and legacy compatibility fields
hasRoomBanForUser(bans, user, persistedUserId?) Returns true when any active ban entry targets the provided user
isRoomBanMatch(ban, user, persistedUserId?) Returns true when a single ban entry targets the provided user

Layering

  • Domain rules stay pure and only depend on shared-kernel contracts plus other files in this domain.
  • Renderer shells and NgRx effects should keep importing from src/app/domains/access-control/ instead of internal files.
  • Legacy room.permissions booleans remain compatibility output only; normalized data lives on roles, roleAssignments, channelPermissions, and slowModeInterval.
Reference in New Issue View Git Blame Copy Permalink