Ролевая модель и аудит Часть 2. Финал. #6

src/infra/admin_utils.erl

@@ -1,13 +1,42 @@
 -module(admin_utils).
 -include("records.hrl").
 
--export([is_admin/1]).
+-export([is_admin/1, check_role/2, get_permissions/1]).
+-export([client_ip/1]).
 
 is_admin(UserId) ->
   case core_admin:get_by_id(UserId) of
-    {ok, User} ->
-      Role = User#admin.role,
-      Role =:= admin orelse Role =:= superadmin orelse
-        Role =:= moderator orelse Role =:= support;
+    {ok, _Admin} -> true;
     _ -> false
-  end.
+  end.
+
+%% Проверка конкретной роли (или одной из списка ролей)
+-spec check_role(UserId :: binary(), RequiredRole :: atom() | [atom()]) -> boolean().
+check_role(UserId, RequiredRoles) when is_list(RequiredRoles) ->
+  case core_admin:get_by_id(UserId) of
+    {ok, Admin} -> lists:member(Admin#admin.role, RequiredRoles);
+    _ -> false
+  end;
+check_role(UserId, RequiredRole) when is_atom(RequiredRole) ->
+  case core_admin:get_by_id(UserId) of
+    {ok, Admin} -> Admin#admin.role =:= RequiredRole;
+    _ -> false
+  end.
+
+%% Возвращает список прав для роли администратора
+-spec get_permissions(Role :: atom()) -> [binary()].
+get_permissions(superadmin) ->
+  [<<"manage_admins">>, <<"manage_users">>, <<"manage_events">>,
+    <<"manage_calendars">>, <<"manage_reviews">>, <<"manage_reports">>,
+    <<"manage_tickets">>, <<"manage_banned_words">>, <<"view_stats">>,
+    <<"view_audit">>];
+get_permissions(moderator) ->
+  [<<"manage_events">>, <<"manage_calendars">>, <<"manage_reviews">>,
+    <<"manage_reports">>, <<"manage_tickets">>, <<"manage_banned_words">>,
+    <<"view_stats">>];
+get_permissions(support) ->
+  [<<"manage_tickets">>, <<"view_stats">>];
+get_permissions(_) ->
+  [].
+
+client_ip(_Req) -> <<"127.0.0.1">>.