DRY & KISS Principles

How does this implementation of permission checks violate the KISS principle?

function checkPermission(user, action, resource) {
  if (!user || !user.roles) return false;

  const roleHierarchy = {
    admin: ['manager', 'editor', 'user'],
    manager: ['editor', 'user'],
    editor: ['user'],
    user: []
  };

  const permissionMatrix = {
    user: {
      read: ['post', 'comment'],
      write: ['comment']
    },
    editor: {
      read: ['post', 'comment', 'draft'],
      write: ['post', 'comment']
    },
    manager: {
      read: ['post', 'comment', 'draft', 'user'],
      write: ['post', 'comment', 'draft'],
      delete: ['post', 'comment']
    },
    admin: {
      read: ['*'],
      write: ['*'],
      delete: ['*']
    }
  };

  return user.roles.some(role => {
    const roles = [role, ...roleHierarchy[role]];
    return roles.some(r => {
      const permissions = permissionMatrix[r];
      if (!permissions) return false;
      
      const allowedResources = permissions[action];
      if (!allowedResources) return false;
      
      return allowedResources.includes('*') || 
             allowedResources.includes(resource);
    });
  });
}

The function name is not descriptive
The permission matrix is incomplete
The logic is overly complex with nested checks
This code violates the KISS principle by implementing overly complex permission checking logic with nested role hierarchies and permission matrices. A simpler approach would be: const ROLE_PERMISSIONS = { admin: () => true, // Admin can do everything manager: (action, resource) => { const allowed = { read: ['post', 'comment', 'draft', 'user'], write: ['post', 'comment', 'draft'], delete: ['post', 'comment'] }; return allowed[action]?.includes(resource) ?? false; }, editor: (action, resource) => { const allowed = { read: ['post', 'comment', 'draft'], write: ['post', 'comment'] }; return allowed[action]?.includes(resource) ?? false; }, user: (action, resource) => { const allowed = { read: ['post', 'comment'], write: ['comment'] }; return allowed[action]?.includes(resource) ?? false; } }; function checkPermission(user, action, resource) { return user?.roles?.some(role => ROLE_PERMISSIONS[role]?.(action, resource) ) ?? false; }
The role hierarchy is too simple

Next Question (19/20)