20 lines
632 B
JavaScript
20 lines
632 B
JavaScript
export function canAct(actor, action, entity_type) {
|
|
if (!actor) return 'deny';
|
|
if (actor.kind === 'user') return 'allow';
|
|
if (actor.kind === 'cron' || actor.kind === 'worker' || actor.kind === 'system') return 'allow';
|
|
|
|
if (actor.kind !== 'agent') return 'deny';
|
|
|
|
const caps = actor.capabilities || {};
|
|
const scopes = actor.scopes || {};
|
|
|
|
if (action === 'read') return caps.read ? 'allow' : 'deny';
|
|
|
|
const isMutation = ['create','update','delete'].includes(action);
|
|
if (!isMutation) return 'deny';
|
|
|
|
if (caps.write && scopes[entity_type]) return 'allow';
|
|
if (caps.suggest) return 'suggest';
|
|
return 'deny';
|
|
}
|