src/users/dto/role-permissions.dto.ts
Properties |
| permissions |
Type : Record<string | string[]>
|
Decorators :
@ApiProperty({description: 'Map of role key → array of page keys that role is allowed to access. Only known role/page keys are accepted.', example: undefined})
|
|
Defined in src/users/dto/role-permissions.dto.ts:65
|
import { ApiProperty } from '@nestjs/swagger';
import {
IsArray,
IsIn,
IsObject,
IsOptional,
IsString,
ValidateNested,
} from 'class-validator';
/**
* Whitelist of role keys that may appear in a role-permissions update.
* Anything outside this list is rejected by the controller before it
* reaches Postgres — prevents arbitrary keys being written into
* `organization.settings.rolePermissions`.
*/
export const ALLOWED_ROLE_KEYS = [
'SUPER_ADMIN',
'ADMIN',
'OPERATIONS_MANAGER',
'PLANNER',
'DISPATCHER',
'EXPEDITOR',
'CUSTOMER_SERVICE',
'CLIENT_USER',
'DRIVER',
] as const;
/**
* Whitelist of page keys that admins can grant per role. Kept in sync
* with `apps/web/src/components/layout/sidebar.tsx` and the
* `DEFAULT_ROLE_PERMISSIONS` map in `users.service.ts`.
*/
export const ALLOWED_PAGE_KEYS = [
'dashboard',
'orders',
'jobs',
'dispatch',
'loading-bays',
'tracking',
'geofences',
'vehicles',
'drivers',
'clients',
'transporters',
'zones',
'lanes',
'messaging',
'alerts',
'analytics',
'reports',
'users',
'audit-log',
'settings',
'ai',
] as const;
export class UpdateRolePermissionsDto {
@ApiProperty({
description:
'Map of role key → array of page keys that role is allowed to access. Only known role/page keys are accepted.',
example: { ADMIN: ['dashboard', 'orders', 'users'] },
})
@IsObject()
permissions!: Record<string, string[]>;
}