All files / libs/kernel/auth/shared/src/abilities/custom-reports definitions.ts

83.6% Statements 51/61
100% Branches 7/7
87.5% Functions 7/8
83.6% Lines 51/61

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
621x
1x
1x
1x
1x
1x
1x
1x
 
 
 
 
1x
1x
1x
1x
135x
135x
135x
135x
135x
1x
1x
1x
45x
45x
1x
1x
1x
28x
 
28x
28x
 
28x
1x
1x
1x
50x
 
50x
1x
1x
1x
43x
 
43x
1x
1x
1x
64x
 
64x
1x
1x
1x
1x
 
1x
1x
1x
 
import { type AuthenticatedContext } from '@amalia/kernel/auth/types';
 
import { SubjectsEnum, type DefinePermissions, type UserRoleForAccessControl } from '../../types';
 
import { CustomReportsActions } from './actions';
import { type ViewCustomReportSubject } from './subjects';
 
const userHasAccessToFolder = (authenticatedContext: AuthenticatedContext, { folder }: ViewCustomReportSubject) =>
  !!(
    folder &&
    (folder.ownerId === authenticatedContext.user.id ||
      folder.permissions?.users?.some((user) => user.id === authenticatedContext.user.id && user.canView))
  );
 
export const customReportsAbilityDefinitions = {
  ADMIN(_, { can }) {
    can(CustomReportsActions.view, SubjectsEnum.CustomReport);
    can(CustomReportsActions.view_unfiltered_data, SubjectsEnum.CustomReport);
    can(CustomReportsActions.modify, SubjectsEnum.CustomReport);
    can(CustomReportsActions.delete, SubjectsEnum.CustomReport);
    can(CustomReportsActions.create, SubjectsEnum.CustomReport);
  },
 
  READ_ONLY_ADMIN(_, { can }) {
    can(CustomReportsActions.view, SubjectsEnum.CustomReport);
    can(CustomReportsActions.view_unfiltered_data, SubjectsEnum.CustomReport);
  },
 
  FINANCE(authenticatedContext, { can }) {
    can(CustomReportsActions.view, SubjectsEnum.CustomReport, (subject: ViewCustomReportSubject) =>
      userHasAccessToFolder(authenticatedContext, subject),
    );
    can(CustomReportsActions.view_unfiltered_data, SubjectsEnum.CustomReport, (subject: ViewCustomReportSubject) =>
      userHasAccessToFolder(authenticatedContext, subject),
    );
  },
 
  MANAGER(authenticatedContext, { can }) {
    can(CustomReportsActions.view, SubjectsEnum.CustomReport, (subject: ViewCustomReportSubject) =>
      userHasAccessToFolder(authenticatedContext, subject),
    );
  },
 
  READ_ONLY_MANAGER(authenticatedContext, { can }) {
    can(CustomReportsActions.view, SubjectsEnum.CustomReport, (subject: ViewCustomReportSubject) =>
      userHasAccessToFolder(authenticatedContext, subject),
    );
  },
 
  EMPLOYEE(authenticatedContext, { can }) {
    can(CustomReportsActions.view, SubjectsEnum.CustomReport, (subject: ViewCustomReportSubject) =>
      userHasAccessToFolder(authenticatedContext, subject),
    );
  },
 
  READ_ONLY_EMPLOYEE(authenticatedContext, { can }) {
    can(CustomReportsActions.view, SubjectsEnum.CustomReport, (subject: ViewCustomReportSubject) =>
      userHasAccessToFolder(authenticatedContext, subject),
    );
  },
} as const satisfies Partial<Record<UserRoleForAccessControl, DefinePermissions>>;
 
Code coverage generated by istanbul at 2026-05-03T23:19:47.330Z