/** * Product-feature permission names (Workstream 3 ยง3.2). These complement the * generic `${METHOD}_${ENTITY}` CRUD permissions: `READ_` gates a * product page, and the three action permissions gate the special workflows * (filling attendance, taking a quiz, leaving a read receipt). * * Single source for both the role seeder (which seeds + grants them) and the * feature routes (which enforce them via `checkPermissions`), so the names never * drift between where they are granted and where they are checked. */ /** Pages every campus staff role can read. */ export const MODULE_READ_ALL_STAFF = [ 'READ_DASHBOARD', 'READ_FRAME', 'READ_EI', 'READ_ATTENDANCE', 'READ_INTERNAL_COMM', 'READ_SAFETY', 'READ_HANDBOOK', ] as const; /** Instructional tools (teacher / support_staff, not office_manager). */ export const MODULE_READ_INSTRUCTIONAL = [ 'READ_CLASSROOM', 'READ_TIMER', 'READ_QBS', 'READ_ZONES', 'READ_SIGNS', ] as const; /** Parent communication page (teacher + managers). */ export const MODULE_READ_PARENT_COMM = ['READ_PARENT_COMM'] as const; /** External-user pages (student / guardian + staff). */ export const MODULE_READ_EXTERNAL = [ 'READ_COMMUNITY', 'READ_VOCATIONAL', 'READ_ESA', ] as const; /** Director-only surfaces. */ export const MODULE_READ_DIRECTOR = [ 'READ_WALKTHROUGH', 'READ_DIRECTOR_DASHBOARD', ] as const; /** Special action permissions (extendable per-user via `custom_permissions`). */ export const MODULE_ACTIONS = [ 'FILL_ATTENDANCE', 'TAKE_QUIZ', 'ACK_READ_RECEIPT', 'ACK_POLICY', 'ZONE_CHECKIN', ] as const; /** Audio library (Workstream 13): read = play/select, manage = upload/edit. */ export const AUDIO_PERMISSIONS = ['READ_AUDIO_FILES', 'MANAGE_AUDIO_FILES'] as const; /** Every product-feature permission (seeded into the catalog). */ export const MODULE_PERMISSIONS: readonly string[] = Object.freeze([ ...MODULE_READ_ALL_STAFF, ...MODULE_READ_INSTRUCTIONAL, ...MODULE_READ_PARENT_COMM, ...MODULE_READ_EXTERNAL, ...MODULE_READ_DIRECTOR, ...MODULE_ACTIONS, ...AUDIO_PERMISSIONS, ]); /** * Named references used by the feature routes when calling `checkPermissions`. * Keeps the route wiring free of bare string literals. */ export const FEATURE_PERMISSIONS = Object.freeze({ READ_FRAME: 'READ_FRAME', READ_ATTENDANCE: 'READ_ATTENDANCE', READ_INTERNAL_COMM: 'READ_INTERNAL_COMM', READ_PARENT_COMM: 'READ_PARENT_COMM', READ_SAFETY: 'READ_SAFETY', READ_WALKTHROUGH: 'READ_WALKTHROUGH', FILL_ATTENDANCE: 'FILL_ATTENDANCE', TAKE_QUIZ: 'TAKE_QUIZ', ACK_READ_RECEIPT: 'ACK_READ_RECEIPT', ACK_POLICY: 'ACK_POLICY', ZONE_CHECKIN: 'ZONE_CHECKIN', READ_AUDIO_FILES: 'READ_AUDIO_FILES', MANAGE_AUDIO_FILES: 'MANAGE_AUDIO_FILES', });