a lot of things

src/api/user/checkPermission.ts

@@ -0,0 +1,47 @@
+import { ContentfulStatusCode } from "hono/utils/http-status";
+import { z } from "zod";
+import { apiResponse } from "../../modules/api-utils/apiResponse";
+import { createRoute } from "../../modules/api-utils/createRoute";
+import { authMiddleware } from "../middleware/authorization";
+import { users } from "../../managers/users";
+import GenericError from "../../Errors/GenericError";
+
+const checkPermissionSchema = z.object({
+  permissions: z
+    .array(z.string().min(1, "Permission node cannot be empty"))
+    .min(1, "At least one permission is required"),
+});
+
+/* POST /v1/user/users/:identifier/check-permission */
+export default createRoute(
+  "post",
+  ["/users/:identifier/check-permission"],
+
+  async (c) => {
+    const identifier = c.req.param("identifier");
+
+    const user = await users.fetchUser({ id: identifier });
+    if (!user)
+      throw new GenericError({
+        name: "UserNotFound",
+        message: `User with identifier '${identifier}' was not found.`,
+        status: 404,
+      });
+
+    const body = await c.req.json();
+    const { permissions } = checkPermissionSchema.parse(body);
+
+    const results = await Promise.all(
+      permissions.map(async (permission) => ({
+        permission,
+        hasPermission: await user.hasPermission(permission),
+      })),
+    );
+
+    const response = apiResponse.successful("Permission check completed.", {
+      results,
+    });
+    return c.json(response, response.status as ContentfulStatusCode);
+  },
+  authMiddleware({ permissions: ["user.read.other"] }),
+);