Add decisiones de autorización puras
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Carlos Narro
33
mvp/b2c/src/lib/auth/authz.ts
Normal file
33
mvp/b2c/src/lib/auth/authz.ts
Normal file
@@ -0,0 +1,33 @@
|
||||
export type Role = 'reformista' | 'admin';
|
||||
export type UserStatus = 'activo' | 'deshabilitado';
|
||||
|
||||
export type AuthUser = {
|
||||
id: string;
|
||||
email: string;
|
||||
nombre: string | null;
|
||||
role: Role;
|
||||
tenantId: string | null;
|
||||
status: UserStatus;
|
||||
};
|
||||
|
||||
export function isAdmin(user: AuthUser): boolean {
|
||||
return user.role === 'admin';
|
||||
}
|
||||
|
||||
export function assertAdmin(user: AuthUser | null): asserts user is AuthUser {
|
||||
if (!user || user.role !== 'admin') {
|
||||
throw new Error('Acceso restringido a administradores.');
|
||||
}
|
||||
}
|
||||
|
||||
export function resolveTenantId(user: AuthUser | null): string {
|
||||
if (!user || !user.tenantId) {
|
||||
throw new Error('El usuario no tiene un tenant asociado.');
|
||||
}
|
||||
return user.tenantId;
|
||||
}
|
||||
|
||||
export function canAccessTenant(user: AuthUser, tenantId: string): boolean {
|
||||
if (user.role === 'admin') return true;
|
||||
return user.tenantId === tenantId;
|
||||
}
|
||||
Reference in New Issue
Block a user