( resourceType: string, resourceId: string, minRole: ShareRole | "owner" = "viewer", ctx: AccessContext = currentAccess(), )
| 214 | * least the given role. Used at the top of update/delete actions. |
| 215 | */ |
| 216 | export async function assertAccess( |
| 217 | resourceType: string, |
| 218 | resourceId: string, |
| 219 | minRole: ShareRole | "owner" = "viewer", |
| 220 | ctx: AccessContext = currentAccess(), |
| 221 | ): Promise<ResolvedAccess> { |
| 222 | const access = await resolveAccess(resourceType, resourceId, ctx); |
| 223 | if (!access) { |
| 224 | throw new ForbiddenError(`No access to ${resourceType} ${resourceId}`); |
| 225 | } |
| 226 | if (ROLE_RANK[access.role] < ROLE_RANK[minRole]) { |
| 227 | throw new ForbiddenError( |
| 228 | `Requires ${minRole} role on ${resourceType} ${resourceId} (have ${access.role})`, |
| 229 | ); |
| 230 | } |
| 231 | return access; |
| 232 | } |
no test coverage detected