@@ -3,6 +3,7 @@ import type { Model } from '@douglasneuroinformatics/libnest';
33import { Module } from '@nestjs/common' ;
44import { $LoginCredentials } from '@opendatacapture/schemas/auth' ;
55import type { JwtPayload } from '@opendatacapture/schemas/auth' ;
6+ import { $Permissions } from '@opendatacapture/schemas/core' ;
67import { $Group } from '@opendatacapture/schemas/group' ;
78import { $BasePermissionLevel } from '@opendatacapture/schemas/user' ;
89import { z } from 'zod' ;
@@ -13,7 +14,7 @@ import { z } from 'zod';
1314 inject : [ getModelToken ( 'User' ) ] ,
1415 useFactory : ( userModel : Model < 'User' > ) => {
1516 return {
16- defineAbility : ( ability , payload ) => {
17+ defineAbility : ( ability , payload , metadata ) => {
1718 const groupIds = payload . groups . map ( ( group ) => group . id ) ;
1819 switch ( payload . basePermissionLevel ) {
1920 case 'ADMIN' :
@@ -41,9 +42,15 @@ import { z } from 'zod';
4142 ability . can ( 'read' , 'Subject' , { groupIds : { hasSome : groupIds } } ) ;
4243 break ;
4344 }
45+ metadata . additionalPermissions ?. forEach ( ( { action, subject } ) => {
46+ ability . can ( action , subject ) ;
47+ } ) ;
4448 } ,
4549 schemas : {
4650 loginCredentials : $LoginCredentials ,
51+ metadata : z . object ( {
52+ additionalPermissions : $Permissions . optional ( )
53+ } ) ,
4754 tokenPayload : z . object ( {
4855 basePermissionLevel : $BasePermissionLevel . nullable ( ) ,
4956 firstName : z . string ( ) . nullable ( ) ,
@@ -62,6 +69,9 @@ import { z } from 'zod';
6269 }
6370 return {
6471 hashedPassword : user . hashedPassword ,
72+ metadata : {
73+ additionalPermissions : user . additionalPermissions
74+ } ,
6575 tokenPayload : {
6676 basePermissionLevel : user . basePermissionLevel ,
6777 firstName : user . firstName ,
0 commit comments