refactor(users): some user refactoring and configuring

frontend/src/lib/auth-client.ts

@@ -1,6 +1,6 @@
 import { adminClient, genericOAuthClient } from "better-auth/client/plugins";
 import { createAuthClient } from "better-auth/react";
-import { ac, admin, systemAdmin, user } from "./auth-permissions";
+import { ac, admin, manager, systemAdmin, user } from "./auth-permissions";
 
 export const authClient = createAuthClient({
 	baseURL: `${window.location.origin}/lst/api/auth`,
@@ -10,6 +10,7 @@ export const authClient = createAuthClient({
 			roles: {
 				admin,
 				user,
+				manager,
 				systemAdmin,
 			},
 		}),

frontend/src/lib/auth-permissions.ts

@@ -1,21 +1,53 @@
 import { createAccessControl } from "better-auth/plugins/access";
+import { adminAc } from "better-auth/plugins/admin/access";
 
 export const statement = {
-	project: ["create", "share", "update", "delete"],
-	user: ["ban"],
+	app: ["read", "create", "share", "update", "delete", "readAll"],
+	//user: ["ban"],
+	quality: ["read", "create", "share", "update", "delete", "readAll"],
+	logistics: ["read", "create", "share", "update", "delete", "readAll"],
+	mobile: ["read", "create", "share", "update", "delete", "readAll"],
+	notifications: ["read", "create", "share", "update", "delete", "readAll"],
 } as const;
 
 export const ac = createAccessControl(statement);
 
 export const user = ac.newRole({
-	project: ["create"],
+	app: ["read", "create"],
+	notifications: ["read", "create"],
+});
+
+export const manager = ac.newRole({
+	app: ["read", "create", "update"],
 });
 
 export const admin = ac.newRole({
-	project: ["create", "update"],
+	app: ["read", "create", "update"],
 });
 
 export const systemAdmin = ac.newRole({
-	project: ["create", "update", "delete"],
-	user: ["ban"],
+	app: ["read", "create", "share", "update", "delete", "readAll"],
+	//user: ["ban"],
+	quality: ["read", "create", "share", "update", "delete", "readAll"],
+	mobile: ["read", "create", "share", "update", "delete", "readAll"],
+	logistics: ["read", "create", "share", "update", "delete", "readAll"],
+	notifications: ["read", "create", "share", "update", "delete", "readAll"],
+	...adminAc.statements,
 });
+
+/* example usage
+const canCreateProject = await authClient.admin.hasPermission({
+  permissions: {
+    project: ["create"],
+  },
+});
+// You can also check multiple resource permissions at the same time
+const canCreateProjectAndCreateSale = await authClient.admin.hasPermission({
+  permissions: {
+    project: ["create"],
+    sale: ["create"]
+  },
+});
+
+
+*/

frontend/src/lib/queries/getUsers.ts

@@ -0,0 +1,40 @@
+import { keepPreviousData, queryOptions } from "@tanstack/react-query";
+
+import { authClient } from "../auth-client";
+
+export function getUsers() {
+	return queryOptions({
+		queryKey: ["getUsers"],
+		queryFn: () => fetch(),
+		staleTime: 5000,
+		refetchOnWindowFocus: true,
+		placeholderData: keepPreviousData,
+	});
+}
+
+const fetch = async () => {
+	if (window.location.hostname === "localhost") {
+		await new Promise((res) => setTimeout(res, 1500));
+	}
+
+	const { data, error } = await authClient.admin.listUsers({
+		query: {
+			// searchValue: "some name",
+			// searchField: "name",
+			// searchOperator: "contains",
+			limit: 100,
+			offset: 0,
+			sortBy: "name",
+			// sortDirection: "desc",
+			// filterField: "email",
+			// filterValue: "hello@example.com",
+			// filterOperator: "eq",
+		},
+	});
+
+	if (error) {
+		return error;
+	}
+
+	return data.users;
+};