import type { CustomUser } from "@/api/generated/private/models/customUser"; import type { Post } from "@/api/generated/private/models/post"; import type { Chat } from "@/api/generated/private/models/chat"; import type { Message } from "@/api/generated/private/models/message"; /** * Frontend permission inference. Mirrors backend permission classes so the UI * hides actions the user cannot perform — this is a UX guard, NOT a security * boundary. The backend remains the source of truth and will return 403. */ function isSuperuser(user: CustomUser | null): boolean { // CustomUser shape does not currently expose is_superuser; treat as false. // If a role-based check becomes useful, extend here. void user; return false; } export function canEditPost(user: CustomUser | null, post: Post): boolean { if (!user) return false; return user.id === post.author; } export function canDeletePost( user: CustomUser | null, post: Post, ctx?: { hubOwnerId?: number | null; isHubModerator?: boolean }, ): boolean { if (!user) return false; if (user.id === post.author) return true; if (isSuperuser(user)) return true; if (ctx?.hubOwnerId && ctx.hubOwnerId === user.id) return true; if (ctx?.isHubModerator) return true; return false; } export function canEditMessage(user: CustomUser | null, message: Message): boolean { if (!user || message.sender == null) return false; return user.id === message.sender; } export function canDeleteMessage( user: CustomUser | null, message: Message, chat?: Chat | null, ): boolean { if (!user) return false; if (message.sender != null && user.id === message.sender) return true; if (isSuperuser(user)) return true; if (chat?.owner === user.id) return true; if (chat?.moderators?.includes(user.id)) return true; return false; } export function canManageChat(user: CustomUser | null, chat: Chat | null): boolean { if (!user || !chat) return false; if (chat.owner === user.id) return true; if (isSuperuser(user)) return true; return chat.moderators?.includes(user.id) ?? false; }