All files / libs/kernel/auth/shared/src/abilities/data definitions.ts

80.64% Statements 25/31
66.66% Branches 2/3
50% Functions 2/4
80.64% Lines 25/31

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
321x
1x
1x
1x
1x
1x
135x
135x
135x
135x
1x
1x
1x
 
 
 
1x
1x
1x
 
1x
1x
1x
50x
50x
50x
50x
 
 
50x
1x
 
import { SubjectsEnum, type DefinePermissions, type UserRoleForAccessControl } from '../../types';
 
import { DataActions } from './actions';
 
export const dataAbilityDefinitions = {
  ADMIN(_, { can }) {
    can(DataActions.view, SubjectsEnum.Data);
    can(DataActions.modify, SubjectsEnum.Data);
    can(DataActions.overwrite, SubjectsEnum.Data);
    can(DataActions.refresh, SubjectsEnum.Data);
  },
 
  SCOPED_ADMIN(_, { can }) {
    // This should be enough for him to perform scoped admin tasks, will reaccess later if needed.
    can(DataActions.view, SubjectsEnum.Data);
    can(DataActions.refresh, SubjectsEnum.Data);
  },
 
  SCOPED_READ_ONLY_ADMIN(_, { can }) {
    can(DataActions.view, SubjectsEnum.Data);
  },
 
  MANAGER({ user }, { can }) {
    // Doesn't make a lot of sense, see discussion in https://gitlab.com/amal-ia/amalia-web/-/issues/3909
    can(DataActions.overwrite, SubjectsEnum.Data);
 
    if (user.company.featureFlags.DATA_REFRESH_MANAGERS) {
      can(DataActions.refresh, SubjectsEnum.Data);
    }
  },
} as const satisfies Partial<Record<UserRoleForAccessControl, DefinePermissions>>;
 
Code coverage generated by istanbul at 2026-05-03T23:19:47.330Z