( resource: Resource, action: Permissions[Resource]['action'], handler: PermissionHandler<TReq, TRes, Resource> )
| 27 | * get current user |
| 28 | */ |
| 29 | export const definePermissionEventHandler = < |
| 30 | TReq extends EventHandlerRequest, |
| 31 | TRes extends EventHandlerResponse, |
| 32 | Resource extends keyof Permissions, |
| 33 | >( |
| 34 | resource: Resource, |
| 35 | action: Permissions[Resource]['action'], |
| 36 | handler: PermissionHandler<TReq, TRes, Resource> |
| 37 | ) => { |
| 38 | return defineEventHandler(async (event) => { |
| 39 | const user = await getCurrentUser(event); |
| 40 | |
| 41 | const permissions = hasPermissionsWithData(user, resource, action); |
| 42 | |
| 43 | // if no data is required, check permissions |
| 44 | if (permissions.isBoolean()) { |
| 45 | permissions.check(); |
| 46 | } |
| 47 | |
| 48 | const response = await handler({ |
| 49 | event, |
| 50 | user, |
| 51 | checkPermissions: permissions.check, |
| 52 | }); |
| 53 | |
| 54 | // if data is required, make sure permissions were checked |
| 55 | if (!permissions.checked) { |
| 56 | throw createError({ |
| 57 | statusCode: 500, |
| 58 | statusMessage: 'Permission was not checked', |
| 59 | }); |
| 60 | } |
| 61 | |
| 62 | return response; |
| 63 | }); |
| 64 | }; |
| 65 | |
| 66 | // which api route is allowed for each setup step |
| 67 | // 0 is done, 1 is start |
no test coverage detected