| 10 | * @returns Object with effectiveSuperUser boolean and component values |
| 11 | */ |
| 12 | export async function verifyEffectiveSuperUser(userId: string): Promise<{ |
| 13 | effectiveSuperUser: boolean |
| 14 | isSuperUser: boolean |
| 15 | superUserModeEnabled: boolean |
| 16 | }> { |
| 17 | const [currentUser] = await db |
| 18 | .select({ role: user.role }) |
| 19 | .from(user) |
| 20 | .where(eq(user.id, userId)) |
| 21 | .limit(1) |
| 22 | |
| 23 | const [userSettings] = await db |
| 24 | .select({ superUserModeEnabled: settings.superUserModeEnabled }) |
| 25 | .from(settings) |
| 26 | .where(eq(settings.userId, userId)) |
| 27 | .limit(1) |
| 28 | |
| 29 | const isSuperUser = currentUser?.role === 'admin' |
| 30 | const superUserModeEnabled = userSettings?.superUserModeEnabled ?? false |
| 31 | |
| 32 | return { |
| 33 | effectiveSuperUser: isSuperUser && superUserModeEnabled, |
| 34 | isSuperUser, |
| 35 | superUserModeEnabled, |
| 36 | } |
| 37 | } |
| 38 | |
| 39 | /** |
| 40 | * True when the user is a platform admin (`role === 'admin'`). A single-column read |