ohcnetwork · Jacobjeevan · Mar 5, 2026 · Mar 6, 2026 · Mar 6, 2026 · coderabbitai
@@ -118,6 +118,22 @@ export const PERMISSION_READ_ACCOUNT = "can_read_account";
 export const PERMISSION_MANAGE_LOCKED_INVOICE =
   "can_manage_locked_invoice_in_facility";
 
+// Service Request Permissions
+export const PERMISSION_READ_SERVICE_REQUEST = "can_read_service_request";
+
+// Pharmacy Permissions
+export const PERMISSION_VIEW_AS_PHARMACIST = "is_pharmacist";
+
+// Inventory Permissions
+export const PERMISSION_READ_INVENTORY = "can_read_inventory_item";
+
+// Supply Delivery Permissions
+export const PERMISSION_READ_SUPPLY_DELIVERY = "can_read_supply_delivery";
+export const PERMISSION_WRITE_SUPPLY_DELIVERY = "can_write_supply_delivery";
+
+// Supply Request Permissions
+export const PERMISSION_READ_SUPPLY_REQUEST = "can_read_supply_request";
+export const PERMISSION_WRITE_SUPPLY_REQUEST = "can_write_supply_request";
 export interface Permissions {
   // Patient Permissions
   /** Permission slug: "can_create_patient" */
@@ -279,6 +295,25 @@ export interface Permissions {
 
   /** Permission slug: "can_manage_locked_invoice_in_facility" */
   canManageLockedInvoice: boolean;
+
+  /** Permission slug: "can_read_service_request" */
+  canReadServiceRequest: boolean;
+
+  /** Permission slug: "is_pharmacist" */
+  canViewAsPharmacist: boolean;
+
+  /** Permission slug: "can_read_inventory_item" */
+  canReadInventory: boolean;
+
+  /** Permission slug: "can_read_supply_delivery" */
+  canReadSupplyDelivery: boolean;
+  /** Permission slug: "can_write_supply_delivery" */
+  canWriteSupplyDelivery: boolean;
+
+  /** Permission slug: "can_read_supply_request" */
+  canReadSupplyRequest: boolean;
+  /** Permission slug: "can_write_supply_request" */
+  canWriteSupplyRequest: boolean;
 }
 
 export type HasPermissionFn = (
@@ -508,5 +543,39 @@ export function getPermissions(
       PERMISSION_MANAGE_LOCKED_INVOICE,
       permissions,
     ),
+
+    // Service Request
+    canReadServiceRequest: hasPermission(
+      PERMISSION_READ_SERVICE_REQUEST,
+      permissions,
+    ),
+
+    // Medication Request
+    canViewAsPharmacist: hasPermission(
+      PERMISSION_VIEW_AS_PHARMACIST,
+      permissions,
+    ),
+
+    // Inventory
+    canReadInventory: hasPermission(PERMISSION_READ_INVENTORY, permissions),
+
+    // Supply Delivery
+    canReadSupplyDelivery: hasPermission(
+      PERMISSION_READ_SUPPLY_DELIVERY,
+      permissions,
+    ),
+    canWriteSupplyDelivery: hasPermission(
+      PERMISSION_WRITE_SUPPLY_DELIVERY,
+      permissions,
+    ),
+    // Supply Request
+    canReadSupplyRequest: hasPermission(
+      PERMISSION_READ_SUPPLY_REQUEST,
+      permissions,
+    ),
+    canWriteSupplyRequest: hasPermission(
+      PERMISSION_WRITE_SUPPLY_REQUEST,
+      permissions,
+    ),
   };
 }
@@ -4,15 +4,32 @@ import CareIcon from "@/CAREUI/icons/CareIcon";
 
 import { NavMain } from "@/components/ui/sidebar/nav-main";
 
+import { getPermissions } from "@/common/Permissions";
+import { usePermissions } from "@/context/PermissionContext";
 import useCurrentLocation from "@/pages/Facility/locations/utils/useCurrentLocation";
 import useCurrentFacility from "@/pages/Facility/utils/useCurrentFacility";
 import { CalendarIcon, Logs } from "lucide-react";
 
 export function LocationNav() {
   const { t } = useTranslation();
 
-  const { facilityId } = useCurrentFacility();
-  const { locationId } = useCurrentLocation();
+  const { facilityId, facility } = useCurrentFacility();
+  const { locationId, location } = useCurrentLocation();
+  const { hasPermission } = usePermissions();
+  const {
+    canListFacilityLocations,
+    canReadServiceRequest,
+    canReadSupplyDelivery,
+    canReadInventory,
+    canReadSupplyRequest,
+    canViewSchedule,
+    canViewAppointments,
+    canListTokens,
+  } = getPermissions(hasPermission, location?.permissions ?? []);
+  const { canViewAsPharmacist } = getPermissions(
+    hasPermission,
+    facility?.permissions ?? [],
+  );
 
   const baseUrl = `/facility/${facilityId}/locations/${locationId}`;
 
@@ -23,11 +40,13 @@ export function LocationNav() {
           name: t("beds"),
           url: `${baseUrl}/beds`,
           icon: <CareIcon icon="l-bed" />,
+          visibility: canListFacilityLocations,
         },
         {
           name: t("laboratory"),
           url: `${baseUrl}/laboratory`,
           icon: <CareIcon icon="l-microscope" />,
+          visibility: canReadServiceRequest,
           children: [
             {
               name: t("service_requests"),
@@ -39,64 +58,78 @@ export function LocationNav() {
           name: t("pharmacy"),
           url: `${baseUrl}/pharmacy`,
           icon: <CareIcon icon="l-medical-drip" />,
+          visibility: canViewAsPharmacist || canReadSupplyDelivery,
           children: [
             {
               name: t("prescription_queue"),
               url: `${baseUrl}/medication_requests`,
+              visibility: canViewAsPharmacist,
             },
             {
               name: "℞ " + t("dispense"),
               url: `${baseUrl}/medication_dispense`,
+              visibility: canViewAsPharmacist || canReadSupplyDelivery,
             },
             {
               name: t("medication_return"),
               url: `${baseUrl}/medication_return`,
+              visibility: canReadSupplyDelivery,
             },
           ],
         },
         {
           name: t("inventory"),
           url: `${baseUrl}/inventory/summary`,
           icon: <CareIcon icon="l-shop" />,
+          visibility:
+            canReadInventory || canReadSupplyRequest || canReadSupplyDelivery,
           children: [
             {
               name: t("items"),
               url: `${baseUrl}/inventory/summary`,
+              visibility: canReadInventory,
             },
             {
               header: t("internal_transfers"),
               name: t("to_receive"),
               url: `${baseUrl}/inventory/internal/receive/`,
+              visibility: canReadSupplyRequest || canReadSupplyDelivery,
             },
             {
               name: t("to_dispatch"),
               url: `${baseUrl}/inventory/internal/dispatch/`,
+              visibility: canReadSupplyRequest || canReadSupplyDelivery,
             },
             {
               header: t("external_supply"),
               name: t("purchase_orders"),
               url: `${baseUrl}/inventory/external/orders/outgoing`,
+              visibility: canReadSupplyRequest,
             },
             {
               name: t("purchase_deliveries"),
               url: `${baseUrl}/inventory/external/deliveries/incoming`,
+              visibility: canReadSupplyDelivery,
             },
           ],
         },
         {
           name: t("schedule"),
           url: `${baseUrl}/schedule`,
           icon: <CalendarIcon />,
+          visibility: canViewSchedule,
         },
         {
           name: t("appointments"),
           url: `${baseUrl}/appointments`,
           icon: <CareIcon icon="d-calendar" />,
+          visibility: canViewAppointments,
         },
         {
           name: t("queues"),
           url: `${baseUrl}/queues`,
           icon: <Logs />,
+          visibility: canListTokens,
         },
       ]}
     />

@@ -4,13 +4,30 @@ import CareIcon from "@/CAREUI/icons/CareIcon";
 
 import { NavMain } from "@/components/ui/sidebar/nav-main";
 
+import { getPermissions } from "@/common/Permissions";
+import { usePermissions } from "@/context/PermissionContext";
 import useCurrentService from "@/pages/Facility/services/utils/useCurrentService";
+import useCurrentFacility from "@/pages/Facility/utils/useCurrentFacility";
 import { Logs } from "lucide-react";
 
 export function ServiceNav() {
   const { t } = useTranslation();
 
   const { service, facilityId } = useCurrentService();
+  const { facility } = useCurrentFacility();
+  const { hasPermission } = usePermissions();
+  const { canViewSchedule, canViewAppointments, canListTokens } =
+    getPermissions(hasPermission, service?.permissions ?? []);
+  const { canReadHealthcareService } = getPermissions(
+    hasPermission,
+    facility?.permissions ?? [],
+  );
+  const {
+    canViewSchedule: canViewScheduleForFacility,
+    canViewAppointments: canViewAppointmentsForFacility,
+    canListTokens: canListTokensForFacility,
+  } = getPermissions(hasPermission, facility?.root_org_permissions ?? []);
+  const hasManagingOrganization = !!service?.managing_organization?.id;
 
   const baseUrl = `/facility/${facilityId}/services/${service?.id}`;
 
@@ -21,21 +38,31 @@ export function ServiceNav() {
           name: t("locations"),
           url: `${baseUrl}/locations`,
           icon: <CareIcon icon="l-map-pin" />,
+          visibility: canReadHealthcareService,
         },
         {
           name: t("schedule"),
           url: `${baseUrl}/schedule`,
           icon: <CareIcon icon="l-calender" />,
+          visibility: hasManagingOrganization
+            ? canViewSchedule
+            : canViewScheduleForFacility,
         },
         {
           name: t("appointments"),
           url: `${baseUrl}/appointments`,
           icon: <CareIcon icon="d-calendar" />,
+          visibility: hasManagingOrganization
+            ? canViewAppointments
+            : canViewAppointmentsForFacility,
         },
         {
           name: t("queues"),
           url: `${baseUrl}/queues`,
           icon: <Logs />,
+          visibility: hasManagingOrganization
+            ? canListTokens
+            : canListTokensForFacility,
         },
       ]}
     />

@@ -71,14 +71,17 @@ export function NavMain({ links }: { links: NavigationLink[] }) {
     [fullPath],
   );
 
+  const isAnyChildVisible = (link: NavigationLink) =>
+    link.children?.some((child) => child.visibility !== false);
+
   return (
     <SidebarGroup>
       <SidebarMenu>
         {links
           .filter((link) => link.visibility !== false)
           .map((link) => (
             <Fragment key={link.name}>
-              {link.children ? (
+              {link.children && isAnyChildVisible(link) ? (
                 isCollapsed ? (
                   <PopoverMenu link={link} />
                 ) : (
@@ -228,18 +231,20 @@ function PopoverMenu({ link }: { link: NavigationLink }) {
         onCloseAutoFocus={(e) => e.preventDefault()}
       >
         <div className="flex flex-col gap-1">
-          {link.children?.map((subItem) => (
-            <ActiveLink
-              key={subItem.name}
-              href={subItem.url}
-              onClick={() => setOpen(false)}
-              className="w-full rounded-md px-2 py-1.5 text-sm outline-none transition-colors hover:bg-gray-100 focus:bg-gray-100"
-              activeClass="bg-gray-100 text-green-700"
-              exactActiveClass="bg-gray-100 text-green-700"
-            >
-              {subItem.name}
-            </ActiveLink>
-          ))}
+          {link.children
+            ?.filter((subItem) => subItem.visibility !== false)
+            .map((subItem) => (
+              <ActiveLink
+                key={subItem.name}
+                href={subItem.url}
+                onClick={() => setOpen(false)}
+                className="w-full rounded-md px-2 py-1.5 text-sm outline-none transition-colors hover:bg-gray-100 focus:bg-gray-100"
+                activeClass="bg-gray-100 text-green-700"
+                exactActiveClass="bg-gray-100 text-green-700"
+              >
+                {subItem.name}
+              </ActiveLink>
+            ))}
         </div>
       </PopoverContent>
     </Popover>