feat(usePermissions): add new composable

Author: johnleider

apps/docs/src/components/app/AppBar.vue

@@ -1,6 +1,6 @@
 <script setup lang="ts">
   // Components
-  import { Atom, useBreakpoints } from '@vuetify/v0'
+  import { Atom, useBreakpoints, useFeatures, usePermissions } from '@vuetify/v0'
 
   // Composables
   import { useAppStore } from '@/stores/app'
@@ -18,6 +18,14 @@
     auth = useAuthStore()
   }
   const breakpoints = useBreakpoints()
+  const permissions = usePermissions()
+  const features = useFeatures()
+
+  const devmode = features.get('devmode')!
+
+  function onClickDevmode () {
+    devmode.toggle()
+  }
 </script>
 
 <template>
@@ -44,6 +52,16 @@
     </div>
 
     <div class="flex align-center items-center gap-3">
+      <!-- update when latest @vuetify/one is released -->
+      <button
+        v-if="permissions.can((auth?.user as any)?.role, 'use', 'devmode')"
+        class="text-white pa-1 inline-flex rounded opacity-90 hover:opacity-100"
+        :class="devmode.isSelected.value ? 'bg-red' : 'bg-gray-400'"
+        @click="onClickDevmode"
+      >
+        <AppIcon icon="dev" />
+      </button>
+
       <a
         class="bg-[#5661ea] text-white pa-1 inline-flex rounded opacity-90 hover:opacity-100"
         href="https://discord.gg/vK6T89eNP7"

apps/docs/src/pages/composables/plugins/use-permissions.md

@@ -0,0 +1,257 @@
+---
+meta:
+  title: usePermissions
+  description: Role-based permissions composable for managing user access control with support for actions, subjects, and contexts.
+  keywords: permissions, authorization, RBAC, role-based access control, access control, plugin, Vue, composable
+features:
+  category: Plugin
+  label: 'E: usePermissions'
+  github: /composables/usePermissions/
+---
+
+# usePermissions
+
+Manage role-based permissions across your app. Register permissions for roles, actions, and subjects with optional context-aware conditions.
+
+<DocsPageFeatures :frontmatter />
+
+## Usage
+
+Install the Permissions plugin once, then access the context anywhere via `createPermissions`.
+
+```ts
+import { createApp } from 'vue'
+import { createPermissionsPlugin } from '@vuetify/v0'
+import App from './App.vue'
+
+const app = createApp(App)
+
+app.use(
+  createPermissionsPlugin({
+    permissions: {
+      admin: [
+        [['read', 'write'], 'user', true],
+        [['read', 'write'], 'post', true],
+        ['delete', ['user', 'post'], true],
+      ],
+      editor: [
+        [['read', 'write'], 'post', true],
+        ['read', 'user', true],
+        ['delete', 'post', (context) => context.isOwner],
+      ],
+      viewer: [
+        ['read', ['user', 'post'], true],
+      ],
+    },
+  })
+)
+
+app.mount('#app')
+```
+
+Now in any component, check permissions for specific roles:
+
+```vue
+<script lang="ts" setup>
+  import { usePermissions } from '@vuetify/v0'
+
+  const permissions = usePermissions()
+  const currentUser = { role: 'editor', id: 'user123' }
+</script>
+
+<template>
+  <div>
+    <button v-if="permissions.can('admin', 'delete', 'user')">
+      Delete User (Admin Only)
+    </button>
+
+    <button v-if="permissions.can('editor', 'write', 'post')">
+      Edit Post
+    </button>
+
+    <button
+      v-if="permissions.can('editor', 'delete', 'post', { isOwner: true })"
+    >
+      Delete Own Post
+    </button>
+  </div>
+</template>
+```
+
+Optionally register permissions at runtime:
+
+```vue
+<script lang="ts" setup>
+  import { usePermissions } from '@vuetify/v0'
+
+  const permissions = usePermissions()
+
+  // Register permission at runtime
+  permissions.register({
+    id: 'moderator.ban.user',
+    value: (context) => context.userLevel < 3
+  })
+
+  // Check the permission
+  const canBan = permissions.can('moderator', 'ban', 'user', { userLevel: 2 })
+</script>
+```
+
+## API
+
+### Extensions
+
+| Composable | Description |
+|---|---|
+| [useTokens](/composables/registration/use-tokens/) | Base tokens composable for managing token collections with namespaced access. |
+
+### `usePermissions`
+
+* **Type**
+  ```ts
+  interface PermissionTicket extends TokenTicket {
+    value: boolean | ((context: Record<string, any>) => boolean)
+  }
+
+  interface PermissionContext<Z extends PermissionTicket = PermissionTicket> extends TokenContext<Z> {
+    can (id: string, action: string, subject: string, context?: Record<string, any>): boolean
+  }
+
+  interface PermissionPluginOptions {
+    adapter?: PermissionAdapter
+    permissions?: Record<ID, Array<[string | string[], string | string[], boolean | Function]>>
+  }
+
+  interface PermissionOptions extends PermissionPluginOptions {}
+  ```
+* **Details**
+  - `can (id: string, action: string, subject: string, context?: Record<string, any>): boolean`: Check if a role has permission to perform an action on a subject, optionally with context.
+
+### `can`
+
+ - **Type**
+   ```ts
+   function can (id: string, action: string, subject: string, context?: Record<string, any>): boolean
+   ```
+
+- **Details**
+  Check if a role has permission to perform a specific action on a subject. The method constructs a permission key in the format `{role}.{action}.{subject}` and evaluates the associated condition.
+
+- **Parameters**
+  - `id`: The role identifier (e.g., 'admin', 'editor', 'viewer')
+  - `action`: The action to check (e.g., 'read', 'write', 'delete')
+  - `subject`: The subject/resource (e.g., 'user', 'post', 'comment')
+  - `context`: Optional context object for conditional permissions
+
+- **Example**
+  ```ts
+  // main.ts
+  import { createApp } from 'vue'
+  import { createPermissionsPlugin } from '@vuetify/v0'
+  import App from './App.vue'
+
+  const app = createApp(App)
+
+  app.use(
+    createPermissionsPlugin({
+      permissions: {
+        admin: [
+          [['read', 'write', 'delete'], ['user', 'post'], true],
+        ],
+        editor: [
+          [['read', 'write'], 'post', true],
+          ['delete', 'post', (context) => context.isOwner],
+        ],
+        viewer: [
+          ['read', ['user', 'post'], true],
+        ],
+      },
+    })
+  )
+  ```
+  ```vue
+  <!-- Component.vue -->
+  <script lang="ts" setup>
+    import { usePermissions } from '@vuetify/v0'
+
+    const permissions = usePermissions()
+
+    permissions.can('admin', 'delete', 'user') // true
+    permissions.can('editor', 'write', 'post') // true
+    permissions.can('editor', 'delete', 'post', { isOwner: true }) // true
+    permissions.can('editor', 'delete', 'post', { isOwner: false }) // false
+    permissions.can('viewer', 'write', 'post') // false
+  </script>
+  ```
+
+### Permission Structure
+
+Permissions are defined as arrays of tuples in the format:
+```ts
+[actions, subjects, condition]
+```
+
+- **actions**: String or array of action names
+- **subjects**: String or array of subject names
+- **condition**: Boolean value or function that receives context and returns boolean
+
+### Custom Adapters
+
+You can provide a custom adapter to implement different permission checking logic:
+
+```ts
+import { PermissionAdapter } from '@vuetify/v0'
+
+class CustomPermissionAdapter extends PermissionAdapter {
+  can(role, action, subject, context, permissions) {
+    // Custom permission logic here
+    return true
+  }
+}
+
+app.use(
+  createPermissionsPlugin({
+    adapter: new CustomPermissionAdapter(),
+    permissions: {
+      // ... your permissions
+    },
+  })
+)
+```
+
+## Examples
+
+### Basic RBAC Setup
+
+```ts
+const permissions = {
+  admin: [
+    [['create', 'read', 'update', 'delete'], ['user', 'post', 'comment'], true],
+  ],
+  moderator: [
+    [['read', 'update', 'delete'], ['post', 'comment'], true],
+    ['read', 'user', true],
+  ],
+  user: [
+    ['read', ['post', 'comment'], true],
+    [['create', 'update'], 'post', (context) => context.userId === context.authorId],
+  ],
+}
+```
+
+### Context-Aware Permissions
+
+```ts
+const permissions = {
+  editor: [
+    ['edit', 'post', (context) => {
+      return context.post.authorId === context.currentUserId ||
+             context.currentUser.isAdmin
+    }],
+    ['publish', 'post', (context) => {
+      return context.post.status === 'draft' &&
+             context.currentUser.department === 'editorial'
+    }],
+  ],
+}
+```

apps/docs/src/plugins/icons.ts

@@ -16,12 +16,14 @@ import {
   mdiOpenInNew,
   mdiPencil,
   mdiTagOutline,
+  mdiDevTo,
 } from '@mdi/js'
 
 // Types
 import type { App } from 'vue'
 
 export const [useIconContext, provideIconContext, context] = createTokensContext('v0:icons', {
+  'dev': mdiDevTo,
   'cog': mdiCog,
   'alert': mdiAlert,
   'pencil': mdiPencil,

apps/docs/src/plugins/zero.ts

@@ -1,5 +1,5 @@
 // Vuetify0
-import { createBreakpointsPlugin, createHydrationPlugin, createLoggerPlugin, createThemePlugin } from '@vuetify/v0'
+import { createBreakpointsPlugin, createFeaturesPlugin, createHydrationPlugin, createLoggerPlugin, createPermissionsPlugin, createThemePlugin } from '@vuetify/v0'
 
 // Plugins
 import { createIconPlugin } from './icons'
@@ -12,6 +12,23 @@ export default function zero (app: App) {
   app.use(createLoggerPlugin())
   app.use(createHydrationPlugin())
   app.use(createBreakpointsPlugin())
+  app.use(
+    createFeaturesPlugin({
+      features: {
+        devmode: {
+          $value: false,
+          $description: 'Enables development mode with additional logging and warnings',
+        },
+      },
+    }),
+  )
+  app.use(
+    createPermissionsPlugin({
+      permissions: {
+        super: [['use', 'devmode']],
+      },
+    }),
+  )
   app.use(
     createThemePlugin({
       default: 'light',

apps/docs/src/stores/app.ts

@@ -84,6 +84,7 @@ export const useAppStore = defineStore('app', {
               { name: 'useFeatures', to: '/composables/plugins/use-features' },
               { name: 'useLocale', to: '/composables/plugins/use-locale' },
               { name: 'useLogger', to: '/composables/plugins/use-logger' },
+              { name: 'usePermissions', to: '/composables/plugins/use-permissions' },
               { name: 'useStorage', to: '/composables/plugins/use-storage' },
               { name: 'useTheme', to: '/composables/plugins/use-theme' },
             ],

apps/docs/src/typed-router.d.ts

@@ -38,6 +38,7 @@ declare module 'vue-router/auto-routes' {
     '/composables/plugins/use-hydration': RouteRecordInfo<'/composables/plugins/use-hydration', '/composables/plugins/use-hydration', Record<never, never>, Record<never, never>>,
     '/composables/plugins/use-locale': RouteRecordInfo<'/composables/plugins/use-locale', '/composables/plugins/use-locale', Record<never, never>, Record<never, never>>,
     '/composables/plugins/use-logger': RouteRecordInfo<'/composables/plugins/use-logger', '/composables/plugins/use-logger', Record<never, never>, Record<never, never>>,
+    '/composables/plugins/use-permissions': RouteRecordInfo<'/composables/plugins/use-permissions', '/composables/plugins/use-permissions', Record<never, never>, Record<never, never>>,
     '/composables/plugins/use-storage': RouteRecordInfo<'/composables/plugins/use-storage', '/composables/plugins/use-storage', Record<never, never>, Record<never, never>>,
     '/composables/plugins/use-theme': RouteRecordInfo<'/composables/plugins/use-theme', '/composables/plugins/use-theme', Record<never, never>, Record<never, never>>,
     '/composables/registration/use-registry': RouteRecordInfo<'/composables/registration/use-registry', '/composables/registration/use-registry', Record<never, never>, Record<never, never>>,
@@ -156,6 +157,10 @@ declare module 'vue-router/auto-routes' {
       routes: '/composables/plugins/use-logger'
       views: never
     }
+    'src/pages/composables/plugins/use-permissions.md': {
+      routes: '/composables/plugins/use-permissions'
+      views: never
+    }
     'src/pages/composables/plugins/use-storage.md': {
       routes: '/composables/plugins/use-storage'
       views: never

packages/0/src/composables/index.ts

@@ -11,6 +11,7 @@ export * from './useKeydown'
 export * from './useLocale'
 export * from './useLogger'
 export * from './useMutationObserver'
+export * from './usePermissions'
 export * from './useProxyModel'
 export * from './useRegistry'
 export * from './useResizeObserver'