HorizonStackSoftware/optima
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
Files
1dc3c7ce07ec3e23eef69e58902e074442b27f71
optima/src/api/user/checkPermission.ts
T
HoloPanio 70284bc14e a lot of things
2026-02-20 11:46:30 -06:00

48 lines
1.5 KiB
TypeScript
Raw Blame History

import { ContentfulStatusCode } from "hono/utils/http-status";
import { z } from "zod";
import { apiResponse } from "../../modules/api-utils/apiResponse";
import { createRoute } from "../../modules/api-utils/createRoute";
import { authMiddleware } from "../middleware/authorization";
import { users } from "../../managers/users";
import GenericError from "../../Errors/GenericError";
const checkPermissionSchema = z.object({
permissions: z
.array(z.string().min(1, "Permission node cannot be empty"))
.min(1, "At least one permission is required"),
});
/* POST /v1/user/users/:identifier/check-permission */
export default createRoute(
"post",
["/users/:identifier/check-permission"],
async (c) => {
const identifier = c.req.param("identifier");
const user = await users.fetchUser({ id: identifier });
if (!user)
throw new GenericError({
name: "UserNotFound",
message: `User with identifier '${identifier}' was not found.`,
status: 404,
});
const body = await c.req.json();
const { permissions } = checkPermissionSchema.parse(body);
const results = await Promise.all(
permissions.map(async (permission) => ({
permission,
hasPermission: await user.hasPermission(permission),
})),
);
const response = apiResponse.successful("Permission check completed.", {
results,
});
return c.json(response, response.status as ContentfulStatusCode);
},
authMiddleware({ permissions: ["user.read.other"] }),
);
Reference in New Issue View Git Blame Copy Permalink