Continued creating the permission system

src/pages/assignments/[id].tsx

@@ -20,12 +20,12 @@ import {BsBook, BsChevronLeft, BsClipboard, BsHeadphones, BsMegaphone, BsPen} fr
 import {toast} from "react-toastify";
 import {futureAssignmentFilter} from "@/utils/assignments";
 import {withIronSessionSsr} from "iron-session/next";
-import {checkAccess} from "@/utils/permissions";
+import {checkAccess, doesEntityAllow} from "@/utils/permissions";
 import {mapBy, redirect, serialize} from "@/utils";
 import {getAssignment} from "@/utils/assignments.be";
-import {getEntitiesUsers, getUsers} from "@/utils/users.be";
+import {getEntitiesUsers, getEntityUsers, getUsers} from "@/utils/users.be";
-import {getEntitiesWithRoles} from "@/utils/entities.be";
+import {getEntitiesWithRoles, getEntityWithRoles} from "@/utils/entities.be";
-import {getGroups, getGroupsByEntities} from "@/utils/groups.be";
+import {getGroups, getGroupsByEntities, getGroupsByEntity} from "@/utils/groups.be";
 import {sessionOptions} from "@/lib/session";
 import {EntityWithRoles} from "@/interfaces/entity";
 import Head from "next/head";
@@ -33,6 +33,7 @@ import Layout from "@/components/High/Layout";
 import Separator from "@/components/Low/Separator";
 import Link from "next/link";
 import { requestUser } from "@/utils/api";
+import { useEntityPermission } from "@/hooks/useEntityPermissions";
 
 export const getServerSideProps = withIronSessionSsr(async ({req, res, params}) => {
 	const user = await requestUser(req, res)
@@ -44,33 +45,31 @@ export const getServerSideProps = withIronSessionSsr(async ({req, res, params})
 	res.setHeader("Cache-Control", "public, s-maxage=10, stale-while-revalidate=59");
 
 	const {id} = params as {id: string};
-	const entityIDS = mapBy(user.entities, "id") || [];
 
 	const assignment = await getAssignment(id);
-	if (!assignment)
+	if (!assignment) return redirect("/assignments")
-		return {
-			redirect: {
-				destination: "/assignments",
-				permanent: false,
-			},
-		};
 
-	const users = await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntitiesUsers(entityIDS));
+	const entity = await getEntityWithRoles(assignment.entity || "")
-	const entities = await (checkAccess(user, ["developer", "admin"]) ? getEntitiesWithRoles() : getEntitiesWithRoles(entityIDS));
+	if (!entity) return redirect("/assignments")
-	const groups = await (checkAccess(user, ["developer", "admin"]) ? getGroups() : getGroupsByEntities(entityIDS));
 
-	return {props: serialize({user, users, entities, assignment, groups})};
+	if (!doesEntityAllow(user, entity, 'view_assignments')) return redirect("/assignments")
+
+	const users = await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntityUsers(entity.id));
+
+	return {props: serialize({user, users, entity, assignment})};
 }, sessionOptions);
 
 interface Props {
 	user: User;
 	users: User[];
 	assignment: Assignment;
-	groups: Group[];
+	entity: EntityWithRoles
-	entities: EntityWithRoles[];
 }
 
-export default function AssignmentView({user, users, entities, groups, assignment}: Props) {
+export default function AssignmentView({user, users, entity, assignment}: Props) {
+	const canDeleteAssignment = useEntityPermission(user, entity, 'delete_assignment')
+	const canStartAssignment = useEntityPermission(user, entity, 'start_assignment')
+
 	const setExams = useExamStore((state) => state.setExams);
 	const setShowSolutions = useExamStore((state) => state.setShowSolutions);
 	const setUserSolutions = useExamStore((state) => state.setUserSolutions);
@@ -79,6 +78,7 @@ export default function AssignmentView({user, users, entities, groups, assignmen
 	const router = useRouter();
 
 	const deleteAssignment = async () => {
+		if (!canDeleteAssignment) return
 		if (!confirm("Are you sure you want to delete this assignment?")) return;
 
 		axios
@@ -89,18 +89,19 @@ export default function AssignmentView({user, users, entities, groups, assignmen
 	};
 
 	const startAssignment = () => {
-		if (assignment) {
+		if (!canStartAssignment) return
-			axios
+		if (!confirm("Are you sure you want to start this assignment?")) return;
-				.post(`/api/assignments/${assignment.id}/start`)
+
-				.then(() => {
+		axios
-					toast.success(`The assignment "${assignment.name}" has been started successfully!`);
+			.post(`/api/assignments/${assignment.id}/start`)
-					router.replace(router.asPath);
+			.then(() => {
-				})
+				toast.success(`The assignment "${assignment.name}" has been started successfully!`);
-				.catch((e) => {
+				router.replace(router.asPath);
-					console.log(e);
+			})
-					toast.error("Something went wrong, please try again later!");
+			.catch((e) => {
-				});
+				console.log(e);
-		}
+				toast.error("Something went wrong, please try again later!");
+			});
 	};
 
 	const formatTimestamp = (timestamp: string) => {

src/pages/assignments/creator/[id].tsx

@@ -19,7 +19,7 @@ import { requestUser } from "@/utils/api";
 import {getAssignment} from "@/utils/assignments.be";
 import {getEntitiesWithRoles} from "@/utils/entities.be";
 import {getGroups, getGroupsByEntities} from "@/utils/groups.be";
-import {checkAccess} from "@/utils/permissions";
+import {checkAccess, doesEntityAllow, findAllowedEntities} from "@/utils/permissions";
 import {calculateAverageLevel} from "@/utils/score";
 import {getEntitiesUsers, getUsers} from "@/utils/users.be";
 import axios from "axios";
@@ -40,42 +40,26 @@ export const getServerSideProps = withIronSessionSsr(async ({req, res, params})
 	const user = await requestUser(req, res)
 	if (!user) return redirect("/login")
 
-	if (!user) {
-		return {
-			redirect: {
-				destination: "/login",
-				permanent: false,
-			},
-		};
-	}
-
-	if (!checkAccess(user, ["admin", "developer", "corporate", "teacher", "mastercorporate"]))
-		return {
-			redirect: {
-				destination: "/dashboard",
-				permanent: false,
-			},
-		};
-
 	res.setHeader("Cache-Control", "public, s-maxage=10, stale-while-revalidate=59");
 
 	const {id} = params as {id: string};
 	const entityIDS = mapBy(user.entities, "id") || [];
 
 	const assignment = await getAssignment(id);
-	if (!assignment)
+	if (!assignment) return redirect("/assignments")
-		return {
-			redirect: {
-				destination: "/assignments",
-				permanent: false,
-			},
-		};
 
-	const users = await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntitiesUsers(entityIDS));
 	const entities = await (checkAccess(user, ["developer", "admin"]) ? getEntitiesWithRoles() : getEntitiesWithRoles(entityIDS));
-	const groups = await (checkAccess(user, ["developer", "admin"]) ? getGroups() : getGroupsByEntities(entityIDS));
+	const entity = entities.find((e) => assignment.entity === assignment.entity)
 
-	return {props: serialize({user, users, entities, assignment, groups})};
+	if (!entity) return redirect("/assignments")
+	if (!doesEntityAllow(user, entity, 'edit_assignment')) return redirect("/assignments")
+
+	const allowedEntities = findAllowedEntities(user, entities, 'edit_assignment')
+
+	const users = await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntitiesUsers(mapBy(allowedEntities, 'id')));
+	const groups = await (checkAccess(user, ["developer", "admin"]) ? getGroups() : getGroupsByEntities(mapBy(allowedEntities, 'id')));
+
+	return {props: serialize({user, users, entities: allowedEntities, assignment, groups})};
 }, sessionOptions);
 
 interface Props {

src/pages/assignments/creator/index.tsx

@@ -18,7 +18,7 @@ import {mapBy, redirect, serialize} from "@/utils";
 import { requestUser } from "@/utils/api";
 import {getEntitiesWithRoles} from "@/utils/entities.be";
 import {getGroups, getGroupsByEntities} from "@/utils/groups.be";
-import {checkAccess} from "@/utils/permissions";
+import {checkAccess, findAllowedEntities} from "@/utils/permissions";
 import {calculateAverageLevel} from "@/utils/score";
 import {getEntitiesUsers, getUsers} from "@/utils/users.be";
 import axios from "axios";
@@ -39,14 +39,14 @@ export const getServerSideProps = withIronSessionSsr(async ({req, res}) => {
 	const user = await requestUser(req, res)
 	if (!user) return redirect("/login")
 
-	if (!checkAccess(user, ["admin", "developer", "corporate", "teacher", "mastercorporate"]))
-		return redirect("/")
-
 	const entityIDS = mapBy(user.entities, "id") || [];
-
-	const users = await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntitiesUsers(entityIDS));
 	const entities = await (checkAccess(user, ["developer", "admin"]) ? getEntitiesWithRoles() : getEntitiesWithRoles(entityIDS));
-	const groups = await (checkAccess(user, ["developer", "admin"]) ? getGroups() : getGroupsByEntities(entityIDS));
+
+	const allowedEntities = findAllowedEntities(user, entities, 'create_assignment')
+	if (allowedEntities.length === 0) return redirect("/assignments")
+
+	const users = await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntitiesUsers(mapBy(allowedEntities, 'id')));
+	const groups = await (checkAccess(user, ["developer", "admin"]) ? getGroups() : getGroupsByEntities(mapBy(allowedEntities, 'id')));
 
 	return {props: serialize({user, users, entities, groups})};
 }, sessionOptions);
@@ -535,6 +535,7 @@ export default function AssignmentsPage({user, users, groups, entities}: Props)
 								!name ||
 								!startDate ||
 								!endDate ||
+								!entity ||
 								assignees.length === 0 ||
 								(!useRandomExams && examIDs.length < selectedModules.length)
 							}

src/pages/assignments/index.tsx

@@ -2,8 +2,10 @@ import Layout from "@/components/High/Layout";
 import Separator from "@/components/Low/Separator";
 import AssignmentCard from "@/dashboards/AssignmentCard";
 import AssignmentView from "@/dashboards/AssignmentView";
+import { useAllowedEntities } from "@/hooks/useEntityPermissions";
 import {useListSearch} from "@/hooks/useListSearch";
 import usePagination from "@/hooks/usePagination";
+import { EntityWithRoles } from "@/interfaces/entity";
 import {Assignment} from "@/interfaces/results";
 import {CorporateUser, Group, User} from "@/interfaces/user";
 import {sessionOptions} from "@/lib/session";
@@ -20,7 +22,7 @@ import {
 import {getAssignments, getEntitiesAssignments} from "@/utils/assignments.be";
 import {getEntitiesWithRoles} from "@/utils/entities.be";
 import {getGroups, getGroupsByEntities} from "@/utils/groups.be";
-import {checkAccess} from "@/utils/permissions";
+import {checkAccess, findAllowedEntities} from "@/utils/permissions";
 import {getEntitiesUsers, getUsers} from "@/utils/users.be";
 import {withIronSessionSsr} from "iron-session/next";
 import {groupBy} from "lodash";
@@ -38,11 +40,18 @@ export const getServerSideProps = withIronSessionSsr(async ({req, res}) => {
 		return redirect("/")
 
 	const entityIDS = mapBy(user.entities, "id") || [];
-
-	const users = await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntitiesUsers(entityIDS));
 	const entities = await (checkAccess(user, ["developer", "admin"]) ? getEntitiesWithRoles() : getEntitiesWithRoles(entityIDS));
-	const assignments = await (checkAccess(user, ["developer", "admin"]) ? getAssignments() : getEntitiesAssignments(entityIDS));
+
-	const groups = await (checkAccess(user, ["developer", "admin"]) ? getGroups() : getGroupsByEntities(entityIDS));
+	const allowedEntities = findAllowedEntities(user, entities, "view_assignments")
+
+	const users =
+		await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntitiesUsers(mapBy(allowedEntities, 'id')));
+
+	const assignments =
+		await (checkAccess(user, ["developer", "admin"]) ? getAssignments() : getEntitiesAssignments(mapBy(allowedEntities, 'id')));
+
+	const groups =
+		await (checkAccess(user, ["developer", "admin"]) ? getGroups() : getGroupsByEntities(mapBy(allowedEntities, 'id')));
 
 	return {props: serialize({user, users, entities, assignments, groups})};
 }, sessionOptions);
@@ -52,12 +61,16 @@ const SEARCH_FIELDS = [["name"]];
 interface Props {
 	assignments: Assignment[];
 	corporateAssignments?: ({corporate?: CorporateUser} & Assignment)[];
+	entities: EntityWithRoles[]
 	groups: Group[];
 	user: User;
 	users: User[];
 }
 
-export default function AssignmentsPage({assignments, corporateAssignments, user, users, groups}: Props) {
+export default function AssignmentsPage({assignments, corporateAssignments, entities, user, users, groups}: Props) {
+	const entitiesAllowCreate = useAllowedEntities(user, entities, 'create_assignment')
+	const entitiesAllowEdit = useAllowedEntities(user, entities, 'edit_assignment')
+
 	const activeAssignments = useMemo(() => assignments.filter(activeAssignmentFilter), [assignments]);
 	const plannedAssignments = useMemo(() => assignments.filter(futureAssignmentFilter), [assignments]);
 	const pastAssignments = useMemo(() => assignments.filter(pastAssignmentFilter), [assignments]);
@@ -139,13 +152,22 @@ export default function AssignmentsPage({assignments, corporateAssignments, user
 					</div>
 					<div className="flex flex-wrap gap-2">
 						<Link
-							href="/assignments/creator"
+							href={entitiesAllowCreate.length > 0 ? "/assignments/creator" : ""}
 							className="w-[250px] h-[200px] flex flex-col gap-2 items-center justify-center bg-white hover:bg-mti-purple-ultralight text-mti-purple-light hover:text-mti-purple-dark border border-mti-gray-platinum hover:drop-shadow p-4 cursor-pointer rounded-xl transition ease-in-out duration-300">
 							<BsPlus className="text-6xl" />
 							<span className="text-lg">New Assignment</span>
 						</Link>
 						{plannedItems.map((a) => (
-							<AssignmentCard {...a} users={users} onClick={() => router.push(`/assignments/creator/${a.id}`)} key={a.id} />
+							<AssignmentCard
+								{...a}
+								users={users}
+								onClick={
+									entitiesAllowEdit.length > 0
+									? () => router.push(`/assignments/creator/${a.id}`)
+									: undefined
+								}
+								key={a.id}
+							/>
 						))}
 					</div>
 				</section>

src/pages/classrooms/[id].tsx

@@ -1,18 +1,21 @@
 /* eslint-disable @next/next/no-img-element */
 import Layout from "@/components/High/Layout";
 import Tooltip from "@/components/Low/Tooltip";
+import { useEntityPermission } from "@/hooks/useEntityPermissions";
 import {useListSearch} from "@/hooks/useListSearch";
 import usePagination from "@/hooks/usePagination";
+import { EntityWithRoles } from "@/interfaces/entity";
 import {GroupWithUsers, User} from "@/interfaces/user";
 import {sessionOptions} from "@/lib/session";
 import {USER_TYPE_LABELS} from "@/resources/user";
-import { redirect } from "@/utils";
+import { mapBy, redirect, serialize } from "@/utils";
 import { requestUser } from "@/utils/api";
+import { getEntitiesWithRoles, getEntityWithRoles } from "@/utils/entities.be";
 import {convertToUsers, getGroup} from "@/utils/groups.be";
 import {shouldRedirectHome} from "@/utils/navigation.disabled";
-import {checkAccess, getTypesOfUser} from "@/utils/permissions";
+import {checkAccess, doesEntityAllow, findAllowedEntities, getTypesOfUser} from "@/utils/permissions";
 import {getUserName} from "@/utils/users";
-import {getLinkedUsers, getSpecificUsers} from "@/utils/users.be";
+import {getEntityUsers, getLinkedUsers, getSpecificUsers} from "@/utils/users.be";
 import axios from "axios";
 import clsx from "clsx";
 import {withIronSessionSsr} from "iron-session/next";
@@ -34,21 +37,20 @@ export const getServerSideProps = withIronSessionSsr(async ({req, res, params})
 	const {id} = params as {id: string};
 
 	const group = await getGroup(id);
-	if (!group || (checkAccess(user, getTypesOfUser(["admin", "developer"])) && group.admin !== user.id && !group.participants.includes(user.id))) {
+	if (!group || !group.entity) return redirect("/classrooms")
-		return {
-			redirect: {
-				destination: "/groups",
-				permanent: false,
-			},
-		};
-	}
 
-	const linkedUsers = await getLinkedUsers(user.id, user.type);
+	const entity = await getEntityWithRoles(group.entity)
+	if (!entity) return redirect("/classrooms")
+
+	const canView = doesEntityAllow(user, entity, "view_classrooms")
+	if (!canView) return redirect("/")
+
+	const linkedUsers = await getEntityUsers(entity.id)
 	const users = await getSpecificUsers([...group.participants, group.admin]);
 	const groupWithUser = convertToUsers(group, users);
 
 	return {
-		props: {user, group: JSON.parse(JSON.stringify(groupWithUser)), users: JSON.parse(JSON.stringify(linkedUsers.users))},
+		props: serialize({user, group: groupWithUser, users: linkedUsers, entity}),
 	};
 }, sessionOptions);
 
@@ -56,13 +58,19 @@ interface Props {
 	user: User;
 	group: GroupWithUsers;
 	users: User[];
+	entity: EntityWithRoles
 }
 
-export default function Home({user, group, users}: Props) {
+export default function Home({user, group, users, entity}: Props) {
 	const [isAdding, setIsAdding] = useState(false);
 	const [isLoading, setIsLoading] = useState(false);
 	const [selectedUsers, setSelectedUsers] = useState<string[]>([]);
 
+	const canAddParticipants = useEntityPermission(user, entity, "add_to_classroom")
+	const canRemoveParticipants = useEntityPermission(user, entity, "remove_from_classroom")
+	const canRenameClassroom = useEntityPermission(user, entity, "rename_classrooms")
+	const canDeleteClassroom = useEntityPermission(user, entity, "delete_classroom")
+
 	const nonParticipantUsers = useMemo(
 		() => users.filter((x) => ![...group.participants.map((g) => g.id), group.admin.id, user.id].includes(x.id)),
 		[users, group.participants, group.admin.id, user.id],
@@ -82,7 +90,7 @@ export default function Home({user, group, users}: Props) {
 
 	const removeParticipants = () => {
 		if (selectedUsers.length === 0) return;
-		if (!allowGroupEdit) return;
+		if (!canRemoveParticipants) return;
 		if (!confirm(`Are you sure you want to remove ${selectedUsers.length} participant${selectedUsers.length === 1 ? "" : "s"} from this group?`))
 			return;
 
@@ -103,7 +111,7 @@ export default function Home({user, group, users}: Props) {
 
 	const addParticipants = () => {
 		if (selectedUsers.length === 0) return;
-		if (!allowGroupEdit || !isAdding) return;
+		if (!canAddParticipants || !isAdding) return;
 		if (!confirm(`Are you sure you want to add ${selectedUsers.length} participant${selectedUsers.length === 1 ? "" : "s"} to this group?`))
 			return;
 
@@ -123,7 +131,7 @@ export default function Home({user, group, users}: Props) {
 	};
 
 	const renameGroup = () => {
-		if (!allowGroupEdit) return;
+		if (!canRenameClassroom) return;
 
 		const name = prompt("Rename this group:", group.name);
 		if (!name) return;
@@ -143,7 +151,7 @@ export default function Home({user, group, users}: Props) {
 	};
 
 	const deleteGroup = () => {
-		if (!allowGroupEdit) return;
+		if (!canDeleteClassroom) return;
 		if (!confirm("Are you sure you want to delete this group?")) return;
 
 		setIsLoading(true);
@@ -192,18 +200,18 @@ export default function Home({user, group, users}: Props) {
 									<BsFillPersonVcardFill className="text-xl" /> {getUserName(group.admin)}
 								</span>
 							</div>
-							{allowGroupEdit && !isAdding && (
+							{!isAdding && (
 								<div className="flex items-center gap-2">
 									<button
 										onClick={renameGroup}
-										disabled={isLoading}
+										disabled={isLoading || !canRenameClassroom}
 										className="flex items-center gap-1 px-2 py-2 border rounded-full hover:bg-neutral-100 disabled:hover:bg-transparent disabled:opacity-50 disabled:cursor-not-allowed cursor-pointer transition ease-in-out duration-300">
 										<BsTag />
 										<span className="text-xs">Rename Group</span>
 									</button>
 									<button
 										onClick={deleteGroup}
-										disabled={isLoading}
+										disabled={isLoading || !canDeleteClassroom}
 										className="flex items-center gap-1 px-2 py-2 border border-mti-rose rounded-full bg-mti-rose-light text-white hover:bg-mti-rose-dark disabled:hover:bg-mti-rose-light disabled:opacity-50 disabled:cursor-not-allowed cursor-pointer transition ease-in-out duration-300">
 										<BsTrash />
 										<span className="text-xs">Delete Group</span>
@@ -214,25 +222,25 @@ export default function Home({user, group, users}: Props) {
 						<Divider />
 						<div className="flex items-center justify-between mb-4">
 							<span className="font-semibold text-xl">Participants</span>
-							{allowGroupEdit && !isAdding && (
+							{!isAdding && (
 								<div className="flex items-center gap-2">
 									<button
 										onClick={() => setIsAdding(true)}
-										disabled={isLoading}
+										disabled={isLoading || !canAddParticipants}
 										className="flex items-center gap-1 px-2 py-2 border rounded-full hover:bg-neutral-100 disabled:hover:bg-transparent disabled:opacity-50 disabled:cursor-not-allowed cursor-pointer transition ease-in-out duration-300">
 										<BsPlus />
 										<span className="text-xs">Add Participants</span>
 									</button>
 									<button
 										onClick={removeParticipants}
-										disabled={selectedUsers.length === 0 || isLoading}
+										disabled={selectedUsers.length === 0 || isLoading || !canRemoveParticipants}
 										className="flex items-center gap-1 px-2 py-2 border border-mti-rose rounded-full bg-mti-rose-light text-white hover:bg-mti-rose-dark disabled:hover:bg-mti-rose-light disabled:opacity-50 disabled:cursor-not-allowed cursor-pointer transition ease-in-out duration-300">
 										<BsTrash />
 										<span className="text-xs">Remove Participants</span>
 									</button>
 								</div>
 							)}
-							{allowGroupEdit && isAdding && (
+							{isAdding && (
 								<div className="flex items-center gap-2">
 									<button
 										onClick={() => setIsAdding(false)}
@@ -243,7 +251,7 @@ export default function Home({user, group, users}: Props) {
 									</button>
 									<button
 										onClick={addParticipants}
-										disabled={selectedUsers.length === 0 || isLoading}
+										disabled={selectedUsers.length === 0 || isLoading || !canAddParticipants}
 										className="flex items-center gap-1 px-2 py-2 border rounded-full border-mti-green bg-mti-green-light text-white hover:bg-mti-green-dark disabled:hover:bg-mti-green-light disabled:opacity-50 disabled:cursor-not-allowed cursor-pointer transition ease-in-out duration-300">
 										<BsPlus />
 										<span className="text-xs">Add Participants</span>
@@ -261,7 +269,7 @@ export default function Home({user, group, users}: Props) {
 						{items.map((u) => (
 							<button
 								onClick={() => toggleUser(u)}
-								disabled={!allowGroupEdit}
+								disabled={isAdding ? !canAddParticipants : !canRemoveParticipants}
 								key={u.id}
 								className={clsx(
 									"p-4 pr-6 h-48 relative border rounded-xl flex flex-col gap-3 justify-between text-left cursor-pointer",

src/pages/classrooms/create.tsx

@@ -5,12 +5,12 @@ import Select from "@/components/Low/Select";
 import Tooltip from "@/components/Low/Tooltip";
 import {useListSearch} from "@/hooks/useListSearch";
 import usePagination from "@/hooks/usePagination";
-import {Entity} from "@/interfaces/entity";
+import {Entity, EntityWithRoles} from "@/interfaces/entity";
 import {User} from "@/interfaces/user";
 import {sessionOptions} from "@/lib/session";
 import {USER_TYPE_LABELS} from "@/resources/user";
 import {mapBy, redirect, serialize} from "@/utils";
-import {getEntities} from "@/utils/entities.be";
+import {getEntities, getEntitiesWithRoles} from "@/utils/entities.be";
 import {shouldRedirectHome} from "@/utils/navigation.disabled";
 import {getUserName} from "@/utils/users";
 import {getLinkedUsers} from "@/utils/users.be";
@@ -26,6 +26,7 @@ import {useState} from "react";
 import {BsCheck, BsChevronLeft, BsClockFill, BsEnvelopeFill, BsStopwatchFill} from "react-icons/bs";
 import {toast, ToastContainer} from "react-toastify";
 import { requestUser } from "@/utils/api";
+import { findAllowedEntities } from "@/utils/permissions";
 
 export const getServerSideProps = withIronSessionSsr(async ({req, res}) => {
 	const user = await requestUser(req, res)
@@ -34,17 +35,18 @@ export const getServerSideProps = withIronSessionSsr(async ({req, res}) => {
 	if (shouldRedirectHome(user)) return redirect("/")
 
 	const linkedUsers = await getLinkedUsers(user.id, user.type);
-	const entities = await getEntities(mapBy(user.entities, "id"));
+	const entities = await getEntitiesWithRoles(mapBy(user.entities, "id"));
+	const allowedEntities = findAllowedEntities(user, entities, "create_classroom")
 
 	return {
-		props: serialize({user, entities, users: linkedUsers.users.filter((x) => x.id !== user.id)}),
+		props: serialize({user, entities: allowedEntities, users: linkedUsers.users.filter((x) => x.id !== user.id)}),
 	};
 }, sessionOptions);
 
 interface Props {
 	user: User;
 	users: User[];
-	entities: Entity[];
+	entities: EntityWithRoles[];
 }
 
 export default function Home({user, users, entities}: Props) {

src/pages/classrooms/index.tsx

@@ -14,8 +14,12 @@ import {uniq} from "lodash";
 import {BsPlus} from "react-icons/bs";
 import CardList from "@/components/High/CardList";
 import Separator from "@/components/Low/Separator";
-import {mapBy, redirect} from "@/utils";
+import {mapBy, redirect, serialize} from "@/utils";
 import { requestUser } from "@/utils/api";
+import { findAllowedEntities } from "@/utils/permissions";
+import { getEntities, getEntitiesWithRoles } from "@/utils/entities.be";
+import { useAllowedEntities } from "@/hooks/useEntityPermissions";
+import { EntityWithRoles } from "@/interfaces/entity";
 
 export const getServerSideProps = withIronSessionSsr(async ({req, res}) => {
 	const user = await requestUser(req, res)
@@ -24,13 +28,16 @@ export const getServerSideProps = withIronSessionSsr(async ({req, res}) => {
 	if (shouldRedirectHome(user)) return redirect("/")
 
 	const entityIDS = mapBy(user.entities, "id");
-	const groups = await getGroupsForEntities(entityIDS);
+	const entities = await getEntitiesWithRoles(entityIDS)
+	const allowedEntities = findAllowedEntities(user, entities, "view_classrooms")
+
+	const groups = await getGroupsForEntities(mapBy(allowedEntities, 'id'));
 
 	const users = await getSpecificUsers(uniq(groups.flatMap((g) => [...g.participants.slice(0, 5), g.admin])));
 	const groupsWithUsers: GroupWithUsers[] = groups.map((g) => convertToUsers(g, users));
 
 	return {
-		props: {user, groups: JSON.parse(JSON.stringify(groupsWithUsers))},
+		props: serialize({user, groups: groupsWithUsers, entities: allowedEntities}),
 	};
 }, sessionOptions);
 
@@ -47,8 +54,11 @@ const SEARCH_FIELDS = [
 interface Props {
 	user: User;
 	groups: GroupWithUsers[];
+	entities: EntityWithRoles[]
 }
-export default function Home({user, groups}: Props) {
+export default function Home({user, groups, entities}: Props) {
+	const entitiesAllowCreate = useAllowedEntities(user, entities, 'create_classroom')
+
 	const renderCard = (group: GroupWithUsers) => (
 		<Link
 			href={`/classrooms/${group.id}`}
@@ -98,7 +108,12 @@ export default function Home({user, groups}: Props) {
 						<Separator />
 					</div>
 
-					<CardList<GroupWithUsers> list={groups} searchFields={SEARCH_FIELDS} renderCard={renderCard} firstCard={firstCard} />
+					<CardList<GroupWithUsers>
+						list={groups}
+						searchFields={SEARCH_FIELDS}
+						renderCard={renderCard}
+						firstCard={entitiesAllowCreate.length === 0 ? undefined : firstCard}
+					/>
 				</section>
 			</Layout>
 		</>

src/pages/entities/[id]/index.tsx

@@ -40,7 +40,7 @@ import {
 	BsTrash,
 	BsX,
 } from "react-icons/bs";
-import {toast, ToastContainer} from "react-toastify";
+import {toast} from "react-toastify";
 
 export const getServerSideProps = withIronSessionSsr(async ({req, params}) => {
 	const user = req.session.user as User;

src/pages/entities/[id]/roles/[role].tsx

@@ -80,6 +80,14 @@ const ENTITY_MANAGEMENT: PermissionLayout[] = [
 	{label: "Delete Entity Role", key: "delete_entity_role"},
 ]
 
+const ASSIGNMENT_MANAGEMENT: PermissionLayout[] = [
+	{label: "View Assignments", key: "view_assignments"},
+	{label: "Create Assignments", key: "create_assignment"},
+	{label: "Start Assignments", key: "start_assignment"},
+	{label: "Delete Assignments", key: "delete_assignment"},
+	{label: "Archive Assignments", key: "archive_assignment"},
+]
+
 export const getServerSideProps = withIronSessionSsr(async ({req, res, params}) => {
 	const user = await requestUser(req, res)
 	if (!user) return redirect("/login")
@@ -318,6 +326,26 @@ export default function Role({user, entity, role, userCount}: Props) {
 							)) }
 							</div>
 						</div>
+
+						<div className="flex flex-col gap-4">
+							<div className="w-full flex items-center justify-between">
+								<b>Assignment Management</b>
+								<Checkbox
+									isChecked={mapBy(ASSIGNMENT_MANAGEMENT, 'key').every(k => permissions.includes(k))}
+									onChange={() => mapBy(ASSIGNMENT_MANAGEMENT, 'key').forEach(togglePermissions)}
+								>
+									Select all
+								</Checkbox>
+							</div>
+							<Separator />
+							<div className="grid grid-cols-2 gap-4">
+							{ASSIGNMENT_MANAGEMENT.map(({label, key}) => (
+								<Checkbox disabled={!canEditPermissions} key={key} isChecked={permissions.includes(key)} onChange={() => togglePermissions(key)}>
+									{ label }
+								</Checkbox>
+							)) }
+							</div>
+						</div>
 					</section>
 				</section>
 			</Layout>

src/pages/entities/index.tsx

@@ -9,7 +9,7 @@ import {shouldRedirectHome} from "@/utils/navigation.disabled";
 import {getUserName} from "@/utils/users";
 import {convertToUsers, getGroupsForUser} from "@/utils/groups.be";
 import {countEntityUsers, getEntityUsers, getSpecificUsers} from "@/utils/users.be";
-import {checkAccess, getTypesOfUser} from "@/utils/permissions";
+import {checkAccess, findAllowedEntities, getTypesOfUser} from "@/utils/permissions";
 import Link from "next/link";
 import {uniq} from "lodash";
 import {BsPlus} from "react-icons/bs";
@@ -18,7 +18,7 @@ import {getEntitiesWithRoles} from "@/utils/entities.be";
 import {EntityWithRoles} from "@/interfaces/entity";
 import Separator from "@/components/Low/Separator";
 import { requestUser } from "@/utils/api";
-import { redirect } from "@/utils";
+import { mapBy, redirect, serialize } from "@/utils";
 
 type EntitiesWithCount = {entity: EntityWithRoles; users: User[]; count: number};
 
@@ -28,16 +28,16 @@ export const getServerSideProps = withIronSessionSsr(async ({req, res}) => {
 
 	if (shouldRedirectHome(user)) return redirect("/")
 
-	const entities = await getEntitiesWithRoles(
+	const entityIDs = mapBy(user.entities, 'id')
-		checkAccess(user, getTypesOfUser(["admin", "developer"])) ? user.entities.map((x) => x.id) : undefined,
+	const entities = await getEntitiesWithRoles(entityIDs);
-	);
+	const allowedEntities = findAllowedEntities(user, entities, 'view_entities')
 
 	const entitiesWithCount = await Promise.all(
-		entities.map(async (e) => ({entity: e, count: await countEntityUsers(e.id), users: await getEntityUsers(e.id, 5)})),
+		allowedEntities.map(async (e) => ({entity: e, count: await countEntityUsers(e.id), users: await getEntityUsers(e.id, 5)})),
 	);
 
 	return {
-		props: {user, entities: JSON.parse(JSON.stringify(entitiesWithCount))},
+		props: serialize({user, entities: entitiesWithCount}),
 	};
 }, sessionOptions);
 

src/resources/entityPermissions.ts

@@ -36,4 +36,10 @@ export type RolePermission =
 	"rename_entity_role" |
 	"edit_role_permissions" |
 	"assign_to_role" |
-	"delete_entity_role";
+	"delete_entity_role" |
+	"view_assignments" |
+	"create_assignment" |
+	"edit_assignment" |
+	"delete_assignment" |
+	"start_assignment" |
+	"archive_assignment";

src/utils/entities.be.ts

@@ -1,9 +1,17 @@
 import {Entity, EntityWithRoles, Role} from "@/interfaces/entity";
 import client from "@/lib/mongodb";
+import { RolePermission } from "@/resources/entityPermissions";
 import { v4 } from "uuid";
 import {getRolesByEntities, getRolesByEntity} from "./roles.be";
 
 const db = client.db(process.env.MONGODB_DB);
+const DEFAULT_PERMISSIONS: RolePermission[] = [
+	"view_students",
+	"view_teachers",
+	"view_assignments",
+	"view_classrooms",
+	"view_entity_roles"
+]
 
 export const getEntityWithRoles = async (id: string): Promise<EntityWithRoles | undefined> => {
 	const entity = await getEntity(id);
@@ -40,7 +48,7 @@ export const createEntity = async (entity: Entity) => {
 	await db.collection("roles").insertOne({
 		id: v4(),
 		label: "Default",
-		permissions: [],
+		permissions: DEFAULT_PERMISSIONS,
 		entityID: entity.id
 	})
 }