Chris Chen
71 lines
2.6 KiB
C#
71 lines
2.6 KiB
C#
namespace ROLAC.API.Authorization;
|
|
|
|
/// <summary>
|
|
/// Canonical list of permission-controlled modules. The names are stored verbatim
|
|
/// in <see cref="Entities.RolePermission.Module"/> and used in <c>[HasPermission]</c>
|
|
/// attributes, so changing a string here is a breaking change requiring a data update.
|
|
/// </summary>
|
|
public static class Modules
|
|
{
|
|
public const string Members = "Members";
|
|
public const string Users = "Users";
|
|
public const string Givings = "Givings";
|
|
public const string GivingCategories = "GivingCategories";
|
|
public const string Expenses = "Expenses";
|
|
public const string ExpenseCategories = "ExpenseCategories";
|
|
public const string OfferingSessions = "OfferingSessions";
|
|
public const string Ministries = "Ministries";
|
|
public const string FinanceDashboard = "FinanceDashboard";
|
|
public const string Form990Report = "Form990Report";
|
|
public const string MonthlyStatements = "MonthlyStatements";
|
|
public const string ChurchProfile = "ChurchProfile";
|
|
public const string Disbursements = "Disbursements";
|
|
public const string MealAttendance = "MealAttendance";
|
|
public const string Permissions = "Permissions";
|
|
public const string SystemLogs = "SystemLogs";
|
|
public const string AuditLogs = "AuditLogs";
|
|
public const string Settings = "Settings";
|
|
|
|
/// <summary>All modules, in display order — drives the admin matrix UI.</summary>
|
|
public static readonly IReadOnlyList<string> All =
|
|
[
|
|
Members,
|
|
Users,
|
|
Givings,
|
|
GivingCategories,
|
|
Expenses,
|
|
ExpenseCategories,
|
|
OfferingSessions,
|
|
Ministries,
|
|
FinanceDashboard,
|
|
Form990Report,
|
|
MonthlyStatements,
|
|
ChurchProfile,
|
|
Disbursements,
|
|
MealAttendance,
|
|
Permissions,
|
|
SystemLogs,
|
|
AuditLogs,
|
|
Settings,
|
|
];
|
|
|
|
public static bool IsValid(string module) => All.Contains(module);
|
|
}
|
|
|
|
/// <summary>
|
|
/// The four actions a role can be granted on a module. The default HTTP-verb mapping
|
|
/// is GET→Read, POST/PUT/PATCH→Write, DELETE→Delete; "Approve" is applied explicitly
|
|
/// to state-transition endpoints (approve / finalize / issue / sign, etc.).
|
|
/// </summary>
|
|
public static class PermissionActions
|
|
{
|
|
public const string Read = "Read";
|
|
public const string Write = "Write";
|
|
public const string Delete = "Delete";
|
|
public const string Approve = "Approve";
|
|
|
|
public static readonly IReadOnlyList<string> All = [Read, Write, Delete, Approve];
|
|
|
|
public static bool IsValid(string action) => All.Contains(action);
|
|
}
|