2024-03-02 09:24:07 +00:00
|
|
|
import { ApiPermissions, hasPermission, permissionArrToSet } from "@zeppelinbot/shared";
|
2020-05-23 16:22:03 +03:00
|
|
|
import { Request, Response } from "express";
|
2024-04-09 20:57:18 +03:00
|
|
|
import { ApiPermissionAssignments } from "../data/ApiPermissionAssignments.js";
|
|
|
|
|
import { isStaff } from "../staff.js";
|
|
|
|
|
import { unauthorized } from "./responses.js";
|
2020-05-23 16:22:03 +03:00
|
|
|
|
|
|
|
|
const apiPermissionAssignments = new ApiPermissionAssignments();
|
|
|
|
|
|
|
|
|
|
export const hasGuildPermission = async (userId: string, guildId: string, permission: ApiPermissions) => {
|
|
|
|
|
if (isStaff(userId)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const permAssignment = await apiPermissionAssignments.getByGuildAndUserId(guildId, userId);
|
|
|
|
|
if (!permAssignment) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return hasPermission(permissionArrToSet(permAssignment.permissions), permission);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Requires `guildId` in req.params
|
|
|
|
|
*/
|
|
|
|
|
export function requireGuildPermission(permission: ApiPermissions) {
|
|
|
|
|
return async (req: Request, res: Response, next) => {
|
2020-11-09 20:03:57 +02:00
|
|
|
if (!(await hasGuildPermission(req.user!.userId, req.params.guildId, permission))) {
|
2020-05-23 16:22:03 +03:00
|
|
|
return unauthorized(res);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
next();
|
|
|
|
|
};
|
|
|
|
|
}
|
