From dbdfd11caf573c77c4d6f58731059207e1b27b2a Mon Sep 17 00:00:00 2001
From: Lixian Zhou <charlie32690@gmail.com>
Date: Wed, 11 Mar 2026 11:11:42 -0400
Subject: [PATCH] fix

---
 client/src/services/AuthService.js | 175 +++++++++++++++++++++++------
 1 file changed, 141 insertions(+), 34 deletions(-)

diff --git a/client/src/services/AuthService.js b/client/src/services/AuthService.js
index 80e904e..5709230 100644
--- a/client/src/services/AuthService.js
+++ b/client/src/services/AuthService.js
@@ -1,5 +1,5 @@
 import http from "../http-common";
-import {EMPLOYEE_ROLES} from "../shared";
+
 const login = (data) => {
   return http.post('/auth/login', data);
 };
@@ -10,9 +10,33 @@ const logout = (data) => {
   window.location.href="/login";
 };
 
+const getCurrentUser = () => {
+  try {
+    return localStorage.getItem('user') ? JSON.parse(localStorage.getItem('user')) : null;
+  } catch (error) {
+    return null;
+  }
+};
+
+const getCurrentPermissions = () => {
+  const user = getCurrentUser();
+  const permissions = user?.permissions;
+  return Array.isArray(permissions) ? permissions : [];
+};
+
+const hasPermission = (permissionKey) => {
+  if (!permissionKey) return false;
+  return getCurrentPermissions().includes(permissionKey);
+};
+
+const hasAnyPermission = (permissionKeys = []) => {
+  if (!Array.isArray(permissionKeys) || permissionKeys.length === 0) return false;
+  const permissionSet = new Set(getCurrentPermissions());
+  return permissionKeys.some((permissionKey) => permissionSet.has(permissionKey));
+};
+
 const isAdmin = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && roles?.includes('admin');
+  return hasPermission('Set Permission for Employee');
 }
 
 // const isDispatcher = () => {
@@ -21,82 +45,164 @@ const isAdmin = () => {
 // }
 
 const canCreateOrEditDrivers = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.DRIVER_EDITOR) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasAnyPermission([
+    'Edit_Driver Assignment for Appointment',
+    'Create&Edit_Transportation Schedule'
+  ]);
 }
 
 const canViewDrivers = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.DRIVER_VIEWER) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasAnyPermission([
+    'View_Driver Assignment for Appointment',
+    'Edit_Driver Assignment for Appointment'
+  ]);
 }
 
 const canViewEmployees = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.EMPLOYEE_VIEWER) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasAnyPermission([
+    'Employee page',
+    'Set Permission for Employee'
+  ]);
 }
 
 const canAddOrEditEmployees = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.EMPLOYEE_EDITOR) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasPermission('Set Permission for Employee');
 }
 
 const canAddOrEditRoutes = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.ROUTE_EDITOR) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasPermission('Create&Edit_Transportation Schedule');
 }
 
 const canViewRoutes = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.ROUTE_VIEWER) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasAnyPermission([
+    'View_Transportation Schedule_Route Overview',
+    'Create&Edit_Transportation Schedule',
+    'Export_Transportation Schedule Report'
+  ]);
 }
 
 const canViewVechiles = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.VEHICLE_VIEWER) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasAnyPermission([
+    'View_Vehicle info_Basic Info',
+    'View_Vehicle info_Documents',
+    'View_Vehicle info_Repair Records',
+    'Edit_Vehicle info_Basic Info',
+    'Edit_Vehicle info_Documents',
+    'Edit_Vehicle info_Repair Records',
+    'Add_New Vehicle',
+    'Archive_Vehicle',
+    'Delete_Vehicle',
+    'Export_Vehicle Report'
+  ]);
 }
 
 const canAddOrEditVechiles = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.VEHICLE_EDITOR) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasAnyPermission([
+    'Edit_Vehicle info_Basic Info',
+    'Edit_Vehicle info_Documents',
+    'Edit_Vehicle info_Repair Records',
+    'Add_New Vehicle',
+    'Archive_Vehicle',
+    'Delete_Vehicle'
+  ]);
 }
 
 const canViewCustomers = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.CUSTOMER_VIEWER) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasAnyPermission([
+    'View_Customer Info _Personal Info',
+    'View_Customer Info _Care & Services',
+    'View_Customer Info _Medical & Insurance',
+    'View_Customer Info _Confidential Details',
+    'View_Customer Info _Form Submission',
+    'Edit_Customer Info _ Personal Info',
+    'Edit_Customer Info _ Care & Services',
+    'Edit_Customer Info _ Medical & Insurance',
+    'Edit_Customer Info _ Confidential Details',
+    'Edit_Customer Info _ Form Submission',
+    'Create_Customer',
+    'Discharge_Customer',
+    'Reactivate_Customer',
+    'Export_Customer Report'
+  ]);
 }
 
 const canAddOrEditCustomers = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.CUSTOMER_EDITOR) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasAnyPermission([
+    'Edit_Customer Info _ Personal Info',
+    'Edit_Customer Info _ Care & Services',
+    'Edit_Customer Info _ Medical & Insurance',
+    'Edit_Customer Info _ Confidential Details',
+    'Edit_Customer Info _ Form Submission',
+    'Create_Customer',
+    'Discharge_Customer',
+    'Reactivate_Customer'
+  ]);
 }
 
 const canViewAttendance = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.ATTENDANCE_VIEWER) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasAnyPermission([
+    'View _Calendar _Attendance Notes',
+    'Edit&Create _Calendar _Attendance Notes'
+  ]);
 }
 
 const canAddOrEditAttendance = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.ATTENDANCE_EDITOR) || roles?.includes(EMPLOYEE_ROLES.ADMIN));
+  return hasPermission('Edit&Create _Calendar _Attendance Notes');
 }
 
 const canAddOrEditMedical = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.MEDICAL_RESERVATION_INFO_EDITOR) || roles?.includes(EMPLOYEE_ROLES.MEDICAL_RESERVATION_INFO_VIEWER));
+  return hasAnyPermission([
+    'View_Provider Info',
+    'Create & Edit _Provider Info',
+    'View_Appointment Request',
+    'Edit & Create_Appointment Request',
+    'View_Appointment Calendar',
+    'Edit & Create_Appointment Calendar',
+    'Medical Template'
+  ]);
 }
 
 const canAddOrEditMedicalSchedule = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.MEDICAL_RESERVATION_SCHEDULE_EDITOR) || roles?.includes(EMPLOYEE_ROLES.MEDICAL_RESERVATION_SCHEDULE_VIEWER));
+  return hasAnyPermission([
+    'View_Appointment Calendar',
+    'Edit & Create_Appointment Calendar',
+    'View_Driver Assignment for Appointment',
+    'Edit_Driver Assignment for Appointment'
+  ]);
 }
 
 const canAddOrEditResources = () => {
-  const roles = localStorage.getItem('user') && JSON.parse(localStorage.getItem('user'))?.roles;
-  return roles && (roles?.includes(EMPLOYEE_ROLES.RESOURCE_LIST_EDITOR) || roles?.includes(EMPLOYEE_ROLES.RESOURCE_LIST_VIEWER));
+  return hasAnyPermission([
+    'View_Provider Info',
+    'Create & Edit _Provider Info'
+  ]);
 }
 
 const canAccessLegacySystem = () => {
-  return isAdmin() || canAddOrEditAttendance() || canAddOrEditMedical() || canAddOrEditMedicalSchedule() || canAddOrEditResources();
+  return isAdmin() || hasAnyPermission([
+    'Admin View',
+    'View _Calendar _Medical Appointment',
+    'View _Calendar _Activities',
+    'View _Calendar _Attendance Notes',
+    'View _Calendar _Meal Plan',
+    'View _Calendar _Important Dates',
+    'Edit&Create _Calendar _Medical Appointment',
+    'Edit&Create _Calendar _Activities',
+    'Edit&Create _Calendar _Attendance Notes',
+    'Edit&Create _Calendar _Meal Plan',
+    'Edit&Create _Calendar _Important Dates',
+    'View_Messaging',
+    'Sent_Messaging',
+    'View_Messaging Template',
+    'Create&Edit_Messaging Template',
+    'View_Provider Info',
+    'Create & Edit _Provider Info',
+    'View_Appointment Request',
+    'Edit & Create_Appointment Request',
+    'View_Appointment Calendar',
+    'Edit & Create_Appointment Calendar',
+    'Medical Template'
+  ]);
 }
 
 const getLocalAccessToken = () => {
@@ -107,6 +213,7 @@ const getLocalAccessToken = () => {
 export const AuthService = {
   login,
   logout,
+  hasPermission,
   isAdmin,
   canCreateOrEditDrivers,
   getLocalAccessToken,