RBAC, Permissions, and Export/Import
This commit is contained in:
Koncept Kit
@@ -9,6 +9,7 @@ export const AuthProvider = ({ children }) => {
|
||||
const [user, setUser] = useState(null);
|
||||
const [loading, setLoading] = useState(true);
|
||||
const [token, setToken] = useState(localStorage.getItem('token'));
|
||||
const [permissions, setPermissions] = useState([]);
|
||||
|
||||
useEffect(() => {
|
||||
const initAuth = async () => {
|
||||
@@ -20,9 +21,13 @@ export const AuthProvider = ({ children }) => {
|
||||
});
|
||||
setUser(response.data);
|
||||
setToken(storedToken);
|
||||
|
||||
// Fetch user permissions
|
||||
await fetchPermissions(storedToken);
|
||||
} catch (error) {
|
||||
localStorage.removeItem('token');
|
||||
setToken(null);
|
||||
setPermissions([]);
|
||||
}
|
||||
}
|
||||
setLoading(false);
|
||||
@@ -30,12 +35,34 @@ export const AuthProvider = ({ children }) => {
|
||||
initAuth();
|
||||
}, []);
|
||||
|
||||
const fetchPermissions = async (authToken) => {
|
||||
try {
|
||||
const tokenToUse = authToken || token || localStorage.getItem('token');
|
||||
if (!tokenToUse) {
|
||||
setPermissions([]);
|
||||
return;
|
||||
}
|
||||
|
||||
const response = await axios.get(`${API_URL}/api/auth/permissions`, {
|
||||
headers: { Authorization: `Bearer ${tokenToUse}` }
|
||||
});
|
||||
setPermissions(response.data.permissions || []);
|
||||
} catch (error) {
|
||||
console.error('Failed to fetch permissions:', error);
|
||||
setPermissions([]);
|
||||
}
|
||||
};
|
||||
|
||||
const login = async (email, password) => {
|
||||
const response = await axios.post(`${API_URL}/api/auth/login`, { email, password });
|
||||
const { access_token, user: userData } = response.data;
|
||||
localStorage.setItem('token', access_token);
|
||||
setToken(access_token);
|
||||
setUser(userData);
|
||||
|
||||
// Fetch user permissions
|
||||
await fetchPermissions(access_token);
|
||||
|
||||
return userData;
|
||||
};
|
||||
|
||||
@@ -43,6 +70,7 @@ export const AuthProvider = ({ children }) => {
|
||||
localStorage.removeItem('token');
|
||||
setToken(null);
|
||||
setUser(null);
|
||||
setPermissions([]);
|
||||
};
|
||||
|
||||
const register = async (userData) => {
|
||||
@@ -124,10 +152,18 @@ export const AuthProvider = ({ children }) => {
|
||||
return response.data;
|
||||
};
|
||||
|
||||
const hasPermission = (permissionCode) => {
|
||||
if (!user) return false;
|
||||
// Superadmin always has all permissions
|
||||
if (user.role === 'superadmin') return true;
|
||||
return permissions.includes(permissionCode);
|
||||
};
|
||||
|
||||
return (
|
||||
<AuthContext.Provider value={{
|
||||
user,
|
||||
token,
|
||||
permissions,
|
||||
login,
|
||||
logout,
|
||||
register,
|
||||
@@ -136,6 +172,7 @@ export const AuthProvider = ({ children }) => {
|
||||
resetPassword,
|
||||
changePassword,
|
||||
resendVerificationEmail,
|
||||
hasPermission,
|
||||
loading
|
||||
}}>
|
||||
{children}
|
||||
|
||||
Reference in New Issue
Block a user