feat(frontend): Add roles

2025-07-28 06:46:31 +02:00
parent 115a12bbf5
commit 7b5a1a3bda
9 changed files with 359 additions and 32 deletions
--- a/legalconsenthub/composables/useAuth.ts
+++ b/legalconsenthub/composables/useAuth.ts
@@ -7,12 +7,21 @@ import { organizationClient, jwtClient } from 'better-auth/client/plugins'
 import type { RouteLocationRaw } from 'vue-router'
 import type { UserDto } from '~/.api-client'
 import type { RouteLocationNormalizedLoaded } from '#vue-router'
+import {
+  accessControl,
+  employerRole,
+  worksCouncilMemberRole,
+  employeeRole,
+  adminRole,
+  ROLES
+} from '~/server/utils/permissions'

 interface RuntimeAuthConfig {
  redirectUserTo: RouteLocationRaw | string
  redirectGuestTo: RouteLocationRaw | string
 }

+// TODO: Move into pinia store
 const session = ref<InferSessionFromClient<ClientOptions> | null>(null)
 const user = ref<InferUserFromClient<ClientOptions> | null>(null)
 const sessionFetching = import.meta.server ? ref(false) : ref(false)
@@ -28,6 +37,7 @@ const selectedOrganization = ref<{
  metadata?: any
  logo?: string | null
 } | null>(null)
+const activeMember = ref<{role: string} | null>(null)

 export function useAuth() {
  const url = useRequestURL()
@@ -39,7 +49,19 @@ export function useAuth() {
    fetchOptions: {
      headers
    },
-    plugins: [organizationClient(), jwtClient()]
+    plugins: [
+      organizationClient({
+        // Pass the same access control instance and roles to client
+        ac: accessControl,
+        roles: {
+          [ROLES.EMPLOYER]: employerRole,
+          [ROLES.WORKS_COUNCIL_MEMBER]: worksCouncilMemberRole,
+          [ROLES.EMPLOYEE]: employeeRole,
+          [ROLES.ADMIN]: adminRole
+        }
+      }),
+      jwtClient()
+    ]
  })

  const options = defu(useRuntimeConfig().public.auth as Partial<RuntimeAuthConfig>, {
@@ -86,6 +108,14 @@ export function useAuth() {
    if (!selectedOrganization.value && organizations.value.length > 0) {
      selectedOrganization.value = organizations.value[0]
    }
+
+    // Fetch active member
+    const activeMemberResult = await client.organization.getActiveMember({
+      fetchOptions: {
+        headers
+      }
+    })
+    activeMember.value = activeMemberResult.data || null
  }

  watch(
@@ -147,6 +177,7 @@ export function useAuth() {
    fetchJwtAndOrganizations,
    client,
    jwt,
-    isPublicRoute
+    isPublicRoute,
+    activeMember
  }
 }