cameleer-saas/ui/src/hooks/usePermissions.ts

import { useOrgStore } from '../auth/useOrganization';

const ROLE_PERMISSIONS: Record<string, string[]> = {
  'admin': [
    'tenant:manage', 'billing:manage', 'team:manage', 'apps:manage',
    'apps:deploy', 'secrets:manage', 'observe:read', 'observe:debug',
    'settings:manage',
  ],
  'member': ['apps:deploy', 'observe:read', 'observe:debug'],
};

export function usePermissions() {
  const { currentOrgRoles } = useOrgStore();
  const roles = currentOrgRoles ?? [];

  const permissions = new Set<string>();
  for (const role of roles) {
    const perms = ROLE_PERMISSIONS[role];
    if (perms) perms.forEach((p) => permissions.add(p));
  }

  return {
    has: (permission: string) => permissions.has(permission),
    canManageApps: permissions.has('apps:manage'),
    canDeploy: permissions.has('apps:deploy'),
    canManageTenant: permissions.has('tenant:manage'),
    canViewObservability: permissions.has('observe:read'),
    roles,
  };
}