0843a33383
The hand-rolled OIDC flow (manual PKCE, token exchange, URL construction) was fragile and accumulated multiple bugs. Replaced with the official @logto/react SDK which handles PKCE, token exchange, storage, and refresh automatically. - Add @logto/react SDK dependency - Add LogtoProvider with runtime config in main.tsx - Add TokenSync component bridging SDK tokens to API client - Add useAuth hook replacing Zustand auth store - Simplify LoginPage to signIn(), CallbackPage to useHandleSignInCallback() - Delete pkce.ts and auth-store.ts (replaced by SDK) - Fix react-router-dom → react-router imports in page files - All 17 React Query hooks unchanged (token provider pattern) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
28 lines
1.0 KiB
TypeScript
28 lines
1.0 KiB
TypeScript
import { useAuth } from '../auth/useAuth';
|
|
|
|
const ROLE_PERMISSIONS: Record<string, string[]> = {
|
|
OWNER: ['tenant:manage', 'billing:manage', 'team:manage', 'apps:manage', 'apps:deploy', 'secrets:manage', 'observe:read', 'observe:debug', 'settings:manage'],
|
|
ADMIN: ['team:manage', 'apps:manage', 'apps:deploy', 'secrets:manage', 'observe:read', 'observe:debug', 'settings:manage'],
|
|
DEVELOPER: ['apps:deploy', 'secrets:manage', 'observe:read', 'observe:debug'],
|
|
VIEWER: ['observe:read'],
|
|
};
|
|
|
|
export function usePermissions() {
|
|
const { roles } = useAuth();
|
|
|
|
const permissions = new Set<string>();
|
|
for (const role of roles) {
|
|
const perms = ROLE_PERMISSIONS[role];
|
|
if (perms) perms.forEach((p) => permissions.add(p));
|
|
}
|
|
|
|
return {
|
|
has: (permission: string) => permissions.has(permission),
|
|
canManageApps: permissions.has('apps:manage'),
|
|
canDeploy: permissions.has('apps:deploy'),
|
|
canManageTenant: permissions.has('tenant:manage'),
|
|
canViewObservability: permissions.has('observe:read'),
|
|
roles,
|
|
};
|
|
}
|