Added account permissions and ui for recipient

2025-11-26 13:03:52 +03:00
parent fcb5ab4f2c
commit 357af99564
23 changed files with 507 additions and 70 deletions
--- a/frontend/pweb/lib/providers/permissions.dart
+++ b/frontend/pweb/lib/providers/permissions.dart
@@ -0,0 +1,82 @@
+import 'package:collection/collection.dart';
+import 'package:flutter/foundation.dart';
+
+import 'package:pshared/models/permissions/action.dart' as perm;
+import 'package:pshared/models/permissions/data/permission.dart';
+import 'package:pshared/models/permissions/descriptions/policy.dart';
+import 'package:pshared/models/permissions/effect.dart';
+import 'package:pshared/models/resources.dart';
+
+import 'package:pweb/services/permissions.dart';
+import 'package:pweb/services/mock_ids.dart';
+
+class PermissionsProvider extends ChangeNotifier {
+  final PermissionsService _service;
+
+  PermissionsProvider({required PermissionsService service}) : _service = service;
+
+  bool _isLoading = false;
+  Object? _error;
+  String? _accountRef;
+  bool _hasLoaded = false;
+  String? _roleRef;
+  List<Permission> _permissions = [];
+  List<PolicyDescription> _policyDescriptions = [];
+
+  bool get isLoading => _isLoading;
+  Object? get error => _error;
+  bool get isReady => _hasLoaded && !_isLoading && _error == null;
+  List<Permission> get permissions => List.unmodifiable(_permissions);
+  bool get hasLoaded => _hasLoaded;
+
+  bool get isCompany => _roleRef == companyRoleId;
+  bool get isRecipient => _roleRef == recipientRoleId;
+
+  Future<void> loadForAccount(String accountRef) async {
+    _accountRef = accountRef;
+    _isLoading = true;
+    _error = null;
+    notifyListeners();
+
+    try {
+      final access = await _service.loadForAccount(accountRef);
+      _permissions = access.permissions.permissions;
+      _policyDescriptions = access.descriptions.policies;
+      _roleRef = access.permissions.roles.firstOrNull?.descriptionRef;
+    } catch (e) {
+      _permissions = [];
+      _policyDescriptions = [];
+      _error = e;
+      _roleRef = null;
+    } finally {
+      _hasLoaded = true;
+      _isLoading = false;
+      notifyListeners();
+    }
+  }
+
+  void clear() {
+    _accountRef = null;
+    _permissions = [];
+    _policyDescriptions = [];
+    _error = null;
+    _hasLoaded = false;
+    _roleRef = null;
+    notifyListeners();
+  }
+
+  bool canAccessResource(ResourceType resource, {perm.Action? action}) {
+    final policy = _policyDescriptions.firstWhereOrNull(
+      (policy) => (policy.resourceTypes?.contains(resource) ?? false),
+    );
+    if (policy == null) return false;
+
+    return _permissions.any(
+      (permission) =>
+        permission.accountRef == _accountRef &&
+        permission.policy.descriptionRef == policy.storable.id &&
+        permission.policy.effect.effect == Effect.allow &&
+        (action == null || permission.policy.effect.action == action),
+    );
+  }
+}