refactor policy

Author: kenfdev

server/src/auth/policies/core/members.polar

@@ -7,11 +7,11 @@ allow_field(user: User, "read", member: Member, field) if
   field in Member.PUBLIC_FIELDS or
   # private fields are readable only by hr or self
   (field in Member.PRIVATE_FIELDS and 
-    (user.memberInfo.department.name = "hr" or user.memberInfo.id = member.id)
+    (has_role(user, "hr_member", member) or has_role(user, "self", member))
   ); # fragile to use department name
 
 allow_field(user: User, "update", member: Member, field) if
   # public fields are updatable if hr or self
-  (field in Member.PUBLIC_FIELDS and (user.memberInfo.department.name = "hr" or user.memberInfo.id = member.id)) or
+  (field in Member.PUBLIC_FIELDS and (has_role(user, "hr_member", member) or has_role(user, "self", member))) or
   # private fields like salaries are updatable only by hr
-  (field in Member.PRIVATE_FIELDS and user.memberInfo.department.name = "hr");
+  (field in Member.PRIVATE_FIELDS and has_role(user, "hr_member", member));

server/src/auth/policies/users.polar

@@ -1,12 +1,8 @@
 
 resource UserMenuItem {
   permissions = ["read"];
-  relations = {member: Member};
 }
 
-has_relation(member: Member, "member", user: User) if
-  user.member = member;
-
 has_permission(user: User, "read", menu: UserMenuItem) if
   menu.isAdmin = false or
   (menu.isAdmin and user.isAdmin);