feat(core) : add usePermissions composable and rbac roles admin front

frontend/modules/core/composables/usePermissions.ts

@@ -0,0 +1,27 @@
+export function usePermissions() {
+    const auth = useAuthStore()
+
+    function isAdmin(): boolean {
+        return auth.user?.roles?.includes('ROLE_ADMIN') ?? false
+    }
+
+    function can(code: string): boolean {
+        if (!auth.user) {
+            return false
+        }
+        if (isAdmin()) {
+            return true
+        }
+        return auth.user.effectivePermissions?.includes(code) ?? false
+    }
+
+    function canAny(codes: string[]): boolean {
+        return codes.some((c) => can(c))
+    }
+
+    function canAll(codes: string[]): boolean {
+        return codes.every((c) => can(c))
+    }
+
+    return { can, canAny, canAll, isAdmin }
+}

frontend/modules/core/services/permissions.ts

@@ -0,0 +1,22 @@
+import type { HydraCollection } from '~/utils/api'
+import { extractHydraMembers } from '~/utils/api'
+
+export type Permission = {
+    id: number
+    '@id'?: string
+    code: string
+    label: string
+    module: string
+    orphan?: boolean
+}
+
+export function usePermissionService() {
+    const api = useApi()
+
+    async function list(): Promise<Permission[]> {
+        const data = await api.get<HydraCollection<Permission>>('/permissions')
+        return extractHydraMembers(data)
+    }
+
+    return { list }
+}

frontend/modules/core/services/roles.ts

@@ -0,0 +1,50 @@
+import type { Permission } from './permissions'
+import type { HydraCollection } from '~/utils/api'
+import { extractHydraMembers } from '~/utils/api'
+
+export type Role = {
+    id: number
+    '@id'?: string
+    code: string
+    label: string
+    description?: string | null
+    isSystem: boolean
+    permissions: Permission[]
+}
+
+export type RoleWrite = {
+    code?: string
+    label: string
+    description?: string | null
+    /** IRIs of the granted permissions (e.g. /api/permissions/3). */
+    permissions: string[]
+}
+
+export function useRoleService() {
+    const api = useApi()
+
+    async function list(): Promise<Role[]> {
+        const data = await api.get<HydraCollection<Role>>('/roles')
+        return extractHydraMembers(data)
+    }
+
+    async function create(payload: RoleWrite): Promise<Role> {
+        return api.post<Role>('/roles', payload as Record<string, unknown>, {
+            toastSuccessKey: 'admin.roles.created',
+        })
+    }
+
+    async function update(id: number, payload: Partial<RoleWrite>): Promise<Role> {
+        return api.patch<Role>(`/roles/${id}`, payload as Record<string, unknown>, {
+            toastSuccessKey: 'admin.roles.updated',
+        })
+    }
+
+    async function remove(id: number): Promise<void> {
+        await api.delete(`/roles/${id}`, {}, {
+            toastSuccessKey: 'admin.roles.deleted',
+        })
+    }
+
+    return { list, create, update, remove }
+}