roles

src/api/companies/[id]/fetch.ts

@@ -4,6 +4,7 @@ import { companies } from "../../../managers/companies";
 import { apiResponse } from "../../../modules/api-utils/apiResponse";
 import { ContentfulStatusCode } from "hono/utils/http-status";
 import { authMiddleware } from "../../middleware/authorization";
+import GenericError from "../../../Errors/GenericError";
 
 /* /v1/company/companies/[id] */
 export default createRoute(
@@ -12,10 +13,23 @@ export default createRoute(
 
   async (c) => {
     const company = await companies.fetch(c.req.param("identifier"));
+    const includeAddress = c.req.query("includeAddress") === "true";
+
+    // Check for address-specific permission if includeAddress is requested
+    if (includeAddress) {
+      const user = c.get("user");
+      if (!user || !(await user.hasPermission("company.fetch.address"))) {
+        throw new GenericError({
+          name: "InsufficientPermission",
+          message: "You do not have permission to view company addresses.",
+          status: 403,
+        });
+      }
+    }
 
     const response = apiResponse.successful(
       "Company Fetched Successfully!",
-      company,
+      company.toJson({ includeAddress }),
     );
     return c.json(response, response.status as ContentfulStatusCode);
   },

src/api/companies/count.ts

@@ -0,0 +1,25 @@
+import { Hono } from "hono/tiny";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { companies } from "../../managers/companies";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+
+/* /v1/company/count */
+export default createRoute(
+  "get",
+  ["/count"],
+  async (c) => {
+    const count = await companies.count();
+
+    const response = apiResponse.successful(
+      "Company count fetched successfully!",
+      {
+        count,
+      },
+    );
+
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["company.fetch.many"] }),
+);

src/api/companies/index.ts

@@ -1,5 +1,6 @@
 import { default as fetchAll } from "./fetchAll";
 import { default as fetch } from "./[id]/fetch";
 import { default as configurations } from "./[id]/configurations";
+import { default as count } from "./count";
 
-export { configurations, fetch, fetchAll };
+export { configurations, count, fetch, fetchAll };

src/api/permissions/fetchAll.ts

@@ -0,0 +1,20 @@
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+import { PERMISSION_NODES } from "../../types/PermissionNodes";
+
+/* /v1/permissions */
+export default createRoute(
+  "get",
+  ["/"],
+
+  async (c) => {
+    const response = apiResponse.successful(
+      "Permission Nodes Fetched Successfully!",
+      PERMISSION_NODES,
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.read"] }),
+);

src/api/permissions/fetchByCategory.ts

@@ -0,0 +1,34 @@
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+import { PERMISSION_NODES } from "../../types/PermissionNodes";
+import GenericError from "../../Errors/GenericError";
+
+/* /v1/permissions/:category */
+export default createRoute(
+  "get",
+  ["/:category"],
+
+  async (c) => {
+    const categoryKey = c.req.param(
+      "category",
+    ) as keyof typeof PERMISSION_NODES;
+
+    if (!(categoryKey in PERMISSION_NODES)) {
+      throw new GenericError({
+        name: "NotFound",
+        message: `Permission category "${categoryKey}" not found`,
+        status: 404,
+        cause: `Valid categories: ${Object.keys(PERMISSION_NODES).join(", ")}`,
+      });
+    }
+
+    const response = apiResponse.successful(
+      "Permission Category Fetched Successfully!",
+      PERMISSION_NODES[categoryKey],
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.read"] }),
+);

src/api/permissions/fetchNodes.ts

@@ -0,0 +1,22 @@
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+import { getAllPermissionNodes } from "../../types/PermissionNodes";
+
+/* /v1/permissions/nodes */
+export default createRoute(
+  "get",
+  ["/nodes"],
+
+  async (c) => {
+    const allNodes = getAllPermissionNodes();
+
+    const response = apiResponse.successful(
+      "All Permission Nodes Fetched Successfully!",
+      allNodes,
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.read"] }),
+);

src/api/permissions/index.ts

@@ -0,0 +1,5 @@
+import { default as fetchAll } from "./fetchAll";
+import { default as fetchByCategory } from "./fetchByCategory";
+import { default as fetchNodes } from "./fetchNodes";
+
+export { fetchAll, fetchByCategory, fetchNodes };

src/api/roles/addPermissions.ts

@@ -0,0 +1,36 @@
+import { Hono } from "hono/tiny";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { roles } from "../../managers/roles";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+import { z } from "zod";
+
+/* POST /v1/role/:identifier/permissions */
+export default createRoute(
+  "post",
+  ["/:identifier/permissions"],
+
+  async (c) => {
+    const identifier = c.req.param("identifier");
+    const body = await c.req.json();
+
+    const schema = z.object({
+      permissions: z
+        .array(z.string().min(1, "Permission node cannot be empty"))
+        .min(1, "At least one permission is required"),
+    });
+
+    const data = schema.parse(body);
+
+    const role = await roles.fetch(identifier);
+    await role.addPermissions(...data.permissions);
+
+    const response = apiResponse.successful(
+      "Permissions Added Successfully!",
+      role.toJson({ viewPermissions: true }),
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.update"] }),
+);

src/api/roles/create.ts

@@ -0,0 +1,36 @@
+import { Hono } from "hono/tiny";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { roles } from "../../managers/roles";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+import { z } from "zod";
+
+/* POST /v1/role */
+export default createRoute(
+  "post",
+  ["/"],
+
+  async (c) => {
+    const body = await c.req.json();
+
+    const schema = z.object({
+      title: z.string().min(1, "Title is required"),
+      moniker: z.string().min(1, "Moniker is required"),
+      permissions: z
+        .array(z.string().min(1, "Permission node cannot be empty"))
+        .optional(),
+    });
+
+    const data = schema.parse(body);
+
+    const role = await roles.create(data);
+
+    const response = apiResponse.created(
+      "Role Created Successfully!",
+      role.toJson({ viewPermissions: true }),
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.create"] }),
+);

src/api/roles/delete.ts

@@ -0,0 +1,26 @@
+import { Hono } from "hono/tiny";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { roles } from "../../managers/roles";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+
+/* DELETE /v1/role/:identifier */
+export default createRoute(
+  "delete",
+  ["/:identifier"],
+
+  async (c) => {
+    const identifier = c.req.param("identifier");
+
+    const role = await roles.fetch(identifier);
+    await role.delete();
+
+    const response = apiResponse.successful(
+      "Role Deleted Successfully!",
+      role.toJson(),
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.delete"] }),
+);

src/api/roles/fetch.ts

@@ -0,0 +1,25 @@
+import { Hono } from "hono/tiny";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { roles } from "../../managers/roles";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+
+/* GET /v1/role/:identifier */
+export default createRoute(
+  "get",
+  ["/:identifier"],
+
+  async (c) => {
+    const identifier = c.req.param("identifier");
+
+    const role = await roles.fetch(identifier);
+
+    const response = apiResponse.successful(
+      "Role Fetched Successfully!",
+      role.toJson({ viewPermissions: true }),
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.read"] }),
+);

src/api/roles/fetchAll.ts

@@ -0,0 +1,27 @@
+import { Hono } from "hono/tiny";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { roles } from "../../managers/roles";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+
+/* GET /v1/role */
+export default createRoute(
+  "get",
+  ["/"],
+
+  async (c) => {
+    const allRoles = await roles.fetchAllRoles();
+
+    const rolesArray = allRoles.map((role) =>
+      role.toJson({ viewPermissions: true }),
+    );
+
+    const response = apiResponse.successful(
+      "Roles Fetched Successfully!",
+      rolesArray,
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.read", "role.list"] }),
+);

src/api/roles/getUsers.ts

@@ -0,0 +1,28 @@
+import { Hono } from "hono/tiny";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { roles } from "../../managers/roles";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+
+/* GET /v1/role/:identifier/users */
+export default createRoute(
+  "get",
+  ["/:identifier/users"],
+
+  async (c) => {
+    const identifier = c.req.param("identifier");
+
+    const role = await roles.fetch(identifier);
+    const users = role.getUsers();
+
+    const usersArray = users.map((user) => user.toJson());
+
+    const response = apiResponse.successful(
+      "Users Fetched Successfully!",
+      usersArray,
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.read", "user.read"] }),
+);

src/api/roles/index.ts

@@ -0,0 +1,8 @@
+export { default as create } from "./create";
+export { default as fetch } from "./fetch";
+export { default as fetchAll } from "./fetchAll";
+export { default as update } from "./update";
+export { default as deleteRole } from "./delete";
+export { default as addPermissions } from "./addPermissions";
+export { default as removePermissions } from "./removePermissions";
+export { default as getUsers } from "./getUsers";

src/api/roles/removePermissions.ts

@@ -0,0 +1,36 @@
+import { Hono } from "hono/tiny";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { roles } from "../../managers/roles";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+import { z } from "zod";
+
+/* DELETE /v1/role/:identifier/permissions */
+export default createRoute(
+  "delete",
+  ["/:identifier/permissions"],
+
+  async (c) => {
+    const identifier = c.req.param("identifier");
+    const body = await c.req.json();
+
+    const schema = z.object({
+      permissions: z
+        .array(z.string().min(1, "Permission node cannot be empty"))
+        .min(1, "At least one permission is required"),
+    });
+
+    const data = schema.parse(body);
+
+    const role = await roles.fetch(identifier);
+    await role.removePermissions(...data.permissions);
+
+    const response = apiResponse.successful(
+      "Permissions Removed Successfully!",
+      role.toJson({ viewPermissions: true }),
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.update"] }),
+);

src/api/roles/update.ts

@@ -0,0 +1,41 @@
+import { Hono } from "hono/tiny";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { roles } from "../../managers/roles";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { authMiddleware } from "../middleware/authorization";
+import { z } from "zod";
+
+/* PATCH /v1/role/:identifier */
+export default createRoute(
+  "patch",
+  ["/:identifier"],
+
+  async (c) => {
+    const identifier = c.req.param("identifier");
+    const body = await c.req.json();
+
+    const schema = z
+      .object({
+        title: z.string().min(1, "Title cannot be empty"),
+        moniker: z.string().min(1, "Moniker cannot be empty"),
+        permissions: z.array(
+          z.string().min(1, "Permission node cannot be empty"),
+        ),
+      })
+      .partial()
+      .strict();
+
+    const data = schema.parse(body);
+
+    const role = await roles.fetch(identifier);
+    await role.update(data);
+
+    const response = apiResponse.successful(
+      "Role Updated Successfully!",
+      role.toJson({ viewPermissions: true }),
+    );
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["role.update"] }),
+);

src/api/routers/permissionRouter.ts

@@ -0,0 +1,7 @@
+import { Hono } from "hono";
+import * as permissionRoutes from "../permissions";
+
+const permissionRouter = new Hono();
+Object.values(permissionRoutes).map((r) => permissionRouter.route("/", r));
+
+export default permissionRouter;

src/api/routers/roleRouter.ts

@@ -0,0 +1,7 @@
+import { Hono } from "hono";
+import * as roleRoutes from "../roles";
+
+const roleRouter = new Hono();
+Object.values(roleRoutes).map((r) => roleRouter.route("/", r));
+
+export default roleRouter;

src/api/server.ts

@@ -52,6 +52,8 @@ v1.route("/user", require("./routers/user").default);
 v1.route("/company", require("./routers/companyRouter").default);
 v1.route("/credential", require("./routers/credentialRouter").default);
 v1.route("/credential-type", require("./routers/credentialTypeRouter").default);
+v1.route("/role", require("./routers/roleRouter").default);
+v1.route("/permissions", require("./routers/permissionRouter").default);
 app.route("/v1", v1);
 
 export default app;

src/api/user/@me/checkPermission.ts

@@ -0,0 +1,37 @@
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { z } from "zod";
+import { apiResponse } from "../../../modules/api-utils/apiResponse";
+import { createRoute } from "../../../modules/api-utils/createRoute";
+import { authMiddleware } from "../../middleware/authorization";
+
+const checkPermissionSchema = z.object({
+  permissions: z
+    .array(z.string().min(1, "Permission node cannot be empty"))
+    .min(1, "At least one permission is required"),
+});
+
+// /v1/user/@me/check-permission
+export default createRoute(
+  "post",
+  ["/@me/check-permission"],
+  async (c) => {
+    const user = c.get("user");
+
+    const body = await c.req.json();
+    const { permissions } = checkPermissionSchema.parse(body);
+
+    const results = await Promise.all(
+      permissions.map(async (permission) => ({
+        permission,
+        hasPermission: await user.hasPermission(permission),
+      })),
+    );
+
+    const response = apiResponse.successful("Permission check completed.", {
+      results,
+    });
+
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ scopes: ["user.read"] }),
+);

src/api/user/@me/index.ts

@@ -1,2 +1,3 @@
 export { default as fetch } from "./fetch";
 export { default as update } from "./update";
+export { default as checkPermission } from "./checkPermission";