( request: Request, permission: PermissionString, )
| 4 | import { type PermissionString, parsePermissionString } from './user.ts' |
| 5 | |
| 6 | export async function requireUserWithPermission( |
| 7 | request: Request, |
| 8 | permission: PermissionString, |
| 9 | ) { |
| 10 | const userId = await requireUserId(request) |
| 11 | const permissionData = parsePermissionString(permission) |
| 12 | const user = await prisma.user.findFirst({ |
| 13 | select: { id: true }, |
| 14 | where: { |
| 15 | id: userId, |
| 16 | roles: { |
| 17 | some: { |
| 18 | permissions: { |
| 19 | some: { |
| 20 | ...permissionData, |
| 21 | access: permissionData.access |
| 22 | ? { in: permissionData.access } |
| 23 | : undefined, |
| 24 | }, |
| 25 | }, |
| 26 | }, |
| 27 | }, |
| 28 | }, |
| 29 | }) |
| 30 | if (!user) { |
| 31 | throw json( |
| 32 | { |
| 33 | error: 'Unauthorized', |
| 34 | requiredPermission: permissionData, |
| 35 | message: `Unauthorized: required permissions: ${permission}`, |
| 36 | }, |
| 37 | { status: 403 }, |
| 38 | ) |
| 39 | } |
| 40 | return user.id |
| 41 | } |
| 42 | |
| 43 | export async function requireUserWithRole(request: Request, name: string) { |
| 44 | const userId = await requireUserId(request) |
no test coverage detected