Feat: Verify user permissions before loading a page (#30)

TeddyRoncin · web-flow · commit 415901d4af0a · 2025-10-18T02:13:47.000+02:00
Implement a permission system to allow us to define that a page requires
the user to have some permissions.
At the moment, the only permission available is beeing logged, but the
system should allow to add new permissions very easily
diff --git a/src/api/auth/applications/fetchApplications.ts b/src/api/auth/applications/fetchApplications.ts
@@ -1,7 +1,7 @@
 import { Dispatch, SetStateAction, useEffect, useState } from 'react';
 import { useAPI } from '@/api/api';
 import { ApplicationOverview } from '@/api/auth/applications/application.interface';
-import { useConnectedUser } from '@/module/user';
+import { useConnectedUser } from '@/module/session';
 
 export default function useApplications(): [
   ApplicationOverview[] | undefined,
diff --git a/src/api/permissions/fetchMyPermissions.ts b/src/api/permissions/fetchMyPermissions.ts
@@ -0,0 +1,6 @@
+import { API, ResponseHandler } from '@/api/api';
+import { Permissions } from '@/api/permissions/permissions.interface';
+
+export function fetchMyPermissions(api: API): ResponseHandler<Permissions, void | Permissions | undefined> {
+  return api.get<Permissions>('/auth/permissions/current');
+}
diff --git a/src/api/permissions/permissions.interface.ts b/src/api/permissions/permissions.interface.ts
@@ -0,0 +1,23 @@
+export interface Permissions {
+  apiPermissions: ApiPermission[];
+  userPermissions: UserPermissions[];
+}
+
+interface UserPermissions<SoftPermission extends boolean = boolean> {
+  permission: UserPermission;
+  isSoftPermission: SoftPermission;
+  users: SoftPermission extends true ? string[] : null;
+}
+
+enum Permission {
+  API_SEE_OPINIONS_UE = 'API_SEE_OPINIONS_UE',
+  API_UPLOAD_ANNAL = 'API_UPLOAD_ANNAL',
+  API_MODERATE_ANNAL = 'API_MODERATE_ANNAL',
+  API_MODERATE_COMMENTS = 'API_MODERATE_COMMENTS',
+
+  USER_SEE_DETAILS = 'USER_SEE_DETAILS',
+  USER_UPDATE_DETAILS = 'USER_UPDATE_DETAILS',
+}
+
+type UserPermission = Permission & `USER_${string}`;
+type ApiPermission = Permission & `API_${string}`;
diff --git a/src/api/profile/profile.types.ts b/src/api/profile/profile.types.ts
@@ -1,4 +1,4 @@
-import { UserType } from '@/module/user';
+import { UserType } from '@/module/session';
 
 export interface Profile {
   id: string;
diff --git a/src/app/developers/application/page.tsx b/src/app/developers/application/page.tsx
@@ -8,10 +8,10 @@ import { useState } from 'react';
 import Button from '@/components/UI/Button';
 import createApplication from '@/api/auth/applications/createApplication';
 import { useAPI } from '@/api/api';
-import { useConnectedUser } from '@/module/user';
 import updateApplicationToken from '@/api/auth/applications/updateToken';
 import Icons from '@/icons';
 import Page from '@/components/utilities/Page';
+import { useConnectedUser } from '@/module/session';
 
 export default function ApplicationsPage() {
   const loggedIn = !!useConnectedUser();
diff --git a/src/app/login/page.tsx b/src/app/login/page.tsx
@@ -59,7 +59,7 @@ export default function LoginPage() {
   }
   if (registerToken) {
     return (
-      <Page hasNavbar={true} permissions={'public'} needsLoading={true} className={styles.confirmRegister}>
+      <Page hasNavbar={true} needsLoading={true} className={styles.confirmRegister}>
         <div>
           <Trans
             i18nKey={'login:legal.text'}
@@ -95,7 +95,7 @@ export default function LoginPage() {
   }
 
   return (
-    <Page hasNavbar={true} permissions={'public'} needsLoading={true} id="login-page" className={styles.loginPage}>
+    <Page hasNavbar={true} needsLoading={true} id="login-page" className={styles.loginPage}>
       <LoginForm application={application} />
     </Page>
   );
diff --git a/src/app/profile/page.tsx b/src/app/profile/page.tsx
@@ -1,6 +1,6 @@
 'use client';
 
-// import { useConnectedUser } from '@/module/user';
+// import { useConnectedUser } from '@/module/session';
 import { setProfilePicture } from '@/api/profile/setProfilePicture';
 import { useAPI } from '@/api/api';
 import { useAppTranslation } from '@/lib/i18n';
diff --git a/src/app/register/page.tsx b/src/app/register/page.tsx
@@ -5,7 +5,7 @@ import Page from '@/components/utilities/Page';
 
 export default function RegisterPage() {
   return (
-    <Page hasNavbar={false} permissions={'public'} id="register-page" className={styles.loginPage}>
+    <Page hasNavbar={false} id="register-page" className={styles.loginPage}>
       <RegisterForm />
     </Page>
   );
diff --git a/src/app/ues/[code]/Comments.tsx b/src/app/ues/[code]/Comments.tsx
@@ -5,7 +5,7 @@ import { TFunction, useAppTranslation } from '@/lib/i18n';
 import Icons from '@/icons';
 import EditableText from '@/components/EditableText';
 import Button from '@/components/UI/Button';
-import { useConnectedUser } from '@/module/user';
+import { useConnectedUser } from '@/module/session';
 import { Comment } from '@/api/comment/comment.interface';
 import { useState } from 'react';
 import { editComment } from '@/api/comment/editComment';
diff --git a/src/app/ues/[code]/comments/[commentId]/page.tsx b/src/app/ues/[code]/comments/[commentId]/page.tsx
@@ -8,7 +8,7 @@ import { TFunction, useAppTranslation } from '@/lib/i18n';
 import TextArea from '@/components/UI/TextArea';
 import Button from '@/components/UI/Button';
 import { useState } from 'react';
-import { useConnectedUser } from '@/module/user';
+import { useConnectedUser } from '@/module/session';
 import EditableText from '@/components/EditableText';
 import { editCommentReply } from '@/api/commentReply/editCommentReply';
 import { useAPI } from '@/api/api';
diff --git a/src/app/users/page.tsx b/src/app/users/page.tsx
@@ -6,6 +6,7 @@ import { useUsers } from '@/api/users/searchUsers.hook';
 import { ResultsList } from '@/components/ResultsList';
 import defaultAvatar from '@/../public/images/default-avatar.jpg';
 import Page from '@/components/utilities/Page';
+import { PagePermission } from '@/module/pageSettings';
 import { useAppTranslation } from '@/lib/i18n';
 
 type FilterNames = 'name' | 'firstName' | 'lastName' | 'nickname';
@@ -44,7 +45,7 @@ export default function SearchUserPage() {
   const { items: users, total: totalUsers, updateFilters: updateUsers, fetchNextItems: fetchNextPage } = useUsers();
   const { t } = useAppTranslation();
   return (
-    <Page className={styles.searchUserPage}>
+    <Page className={styles.searchUserPage} permissions={[PagePermission.CONNECTED]}>
       <h1>{t('users:search.title')}</h1>
       <div className={styles.content}>
         <FilteredSearch<FilterNames, FiltersType> filtersData={filtersData} updateSearch={updateUsers} />
diff --git a/src/components/Navbar.tsx b/src/components/Navbar.tsx
@@ -7,7 +7,7 @@ import { getMenu, setCollapsed, useCollapsed } from '@/module/navbar';
 import Link from 'next/link';
 import { type NotParameteredTranslationKey, useAppTranslation } from '@/lib/i18n';
 import Icons from '@/icons';
-import { isLoggedIn, logout } from '@/module/session';
+import { isLoggedIn, logout, useConnectedUser } from '@/module/session';
 import Button from './UI/Button';
 import { usePageSettings } from '@/module/pageSettings';
 import { usePathname, useRouter } from 'next/navigation';
@@ -73,7 +73,7 @@ export default function Navbar() {
   const menuItems = useAppSelector(getMenu);
   const collapsed = useCollapsed();
   const loggedIn = useAppSelector(isLoggedIn);
-  const user = useAppSelector((state) => state.user);
+  const user = useConnectedUser();
   const dispatch = useAppDispatch();
   const { navbarAdditionalComponent: Additional } = usePageSettings();
 
diff --git a/src/components/ues/ExamList.tsx b/src/components/ues/ExamList.tsx
@@ -11,11 +11,10 @@ import CircleCheck from '@/icons/CircleCheck';
 import CircleWarning from '@/icons/CircleWarning';
 import Clock from '@/icons/Clock';
 import Trash from '@/icons/Trash';
-import { UserType } from '@/module/user';
+import { useConnectedUser, UserType } from '@/module/session';
 import Button from '../UI/Button';
 import Tooltip from '../UI/Tooltip';
 import styles from './ExamList.module.scss';
-import { useAppSelector } from '@/lib/hooks';
 import { useAppTranslation } from '@/lib/i18n';
 import { useAPI } from '@/api/api';
 
@@ -37,8 +36,7 @@ export default function ExamList({
   annalTypes: AnnalType[] | null;
   annalSemesters: string[] | null;
 }) {
-  const type = useAppSelector((state) => state.user?.type);
-  const userId = useAppSelector((state) => state.user?.id);
+  const { type, id: userId } = useConnectedUser() ?? {};
   const { t } = useAppTranslation();
   const api = useAPI();
 
diff --git a/src/components/utilities/Page.tsx b/src/components/utilities/Page.tsx
@@ -2,12 +2,12 @@
 
 import { FC, useEffect, useRef, ReactNode } from 'react';
 import { useAppDispatch } from '@/lib/hooks';
-import { defaultPageSettings, initPageSettings, updatePageSettings } from '@/module/pageSettings';
+import { defaultPageSettings, initPageSettings, updatePageSettings, PagePermission } from '@/module/pageSettings';
 
 export type PageProps = {
   hasNavbar?: boolean;
   navbarAdditionalComponent?: FC<Record<string, never>> | null;
-  permissions?: string;
+  permissions?: PagePermission[];
   needsLoading?: boolean;
   className?: string;
   id?: string;
diff --git a/src/components/utilities/Redirecter.tsx b/src/components/utilities/Redirecter.tsx
@@ -1,40 +1,26 @@
 'use client';
 
-import { useAppSelector } from '@/lib/hooks';
-import { usePathname, useRouter } from 'next/navigation';
-import { usePageLoaded } from '@/module/pageSettings';
-
-interface RouteConditionState {
-  loggedIn: boolean;
-}
-
-type RouteRedirectionRules = {
-  [key: string]: Array<{ condition: (state: RouteConditionState) => boolean; redirectTo: string }>;
-};
-
-const redirectionRules: RouteRedirectionRules = {
-  '/login': [{ condition: (state) => state.loggedIn, redirectTo: '/' }],
-  '/register': [{ condition: (state) => state.loggedIn, redirectTo: '/' }],
-};
+import { useRouter } from 'next/navigation';
+import {
+  missingPermissionRedirections,
+  usePageLoaded,
+  usePagePermissions,
+  usePageSettings,
+} from '@/module/pageSettings';
 
 export default function Redirecter() {
-  const loaded = usePageLoaded().internallyLoaded;
-  const pathname = usePathname();
+  const pageSettings = usePageSettings();
   const router = useRouter();
-  const state = {
-    loggedIn: useAppSelector((state) => state.session.logged),
-  } satisfies RouteConditionState;
+  const permissions = usePagePermissions();
+  const loaded = usePageLoaded();
+
   if (!loaded) {
-    return false;
-  }
-  const rules = redirectionRules[pathname];
-  if (!rules) {
-    return false;
+    return null;
   }
-  for (const condition of rules) {
-    if (condition.condition(state)) {
-      router.push(condition.redirectTo);
-      break;
+
+  for (const permission of pageSettings.permissions) {
+    if (!permissions[permission]) {
+      router.push(missingPermissionRedirections[permission]);
     }
   }
   return false;
diff --git a/src/module/index.ts b/src/module/index.ts
@@ -1,9 +1,8 @@
 import { combineReducers } from '@reduxjs/toolkit';
-import user from './user';
 import navbar from './navbar';
 import session from './session';
 import pageSettings from './pageSettings';
 import homepage from './homepage';
 import constantData from '@/module/constantData';
 
-export default combineReducers({ user, navbar, session, pageSettings, homepage, constantData });
+export default combineReducers({ navbar, session, pageSettings, homepage, constantData, cookies });
diff --git a/src/module/pageSettings.ts b/src/module/pageSettings.ts
@@ -1,9 +1,10 @@
 import { createSlice, type PayloadAction } from '@reduxjs/toolkit';
 import { FC } from 'react';
 import { useAppDispatch, useAppSelector } from '@/lib/hooks';
+import { useConnectedUser } from '@/module/session';
 
 interface PageSettingsSlice {
-  permissions: string;
+  permissions: PagePermission[];
   hasNavbar: boolean;
   navbarAdditionalComponent: FC<Record<string, never>> | null;
   searchParams: Record<string, string>;
@@ -15,12 +16,20 @@ interface PageSettingsSlice {
   };
 }
 
+export const enum PagePermission {
+  CONNECTED,
+}
+
+export const missingPermissionRedirections = {
+  [PagePermission.CONNECTED]: '/login',
+} satisfies { [P in PagePermission]: string };
+
 type InternalPageSettingsKeys = 'searchParams' | 'pageComponentReady' | 'internalLoading';
 
 type PageSettings = Omit<PageSettingsSlice, InternalPageSettingsKeys>;
 
 export const defaultPageSettings = {
-  permissions: 'user',
+  permissions: [],
   hasNavbar: true,
   navbarAdditionalComponent: null,
 } as PageSettings;
@@ -98,4 +107,11 @@ export function useSearchParam(param: string): string | undefined {
   return useAppSelector((state) => state.pageSettings.searchParams[param]);
 }
 
+export function usePagePermissions(): { [K in PagePermission]: boolean } {
+  const user = useConnectedUser();
+  return {
+    [PagePermission.CONNECTED]: user !== null,
+  };
+}
+
 export default pageSettingsSlice.reducer;
diff --git a/src/module/session.ts b/src/module/session.ts
diff --git a/src/module/user.ts b/src/module/user.ts

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-import { UserType } from '@/module/user';`
	`1`	`+import { UserType } from '@/module/session';`
`2`	`2`
`3`	`3`	`export interface Profile {`
`4`	`4`	`id: string;`