mirror of
https://github.com/ZeppelinBot/Zeppelin.git
synced 2025-03-15 05:41:51 +00:00
34 lines
1 KiB
TypeScript
34 lines
1 KiB
TypeScript
|
import { ApiPermissions, hasPermission, permissionArrToSet } from "@shared/apiPermissions";
|
||
|
|
import { isStaff } from "../staff";
|
||
|
|
import { ApiPermissionAssignments } from "../data/ApiPermissionAssignments";
|
||
|
|
import { Request, Response } from "express";
|
||
|
|
import { unauthorized } from "./responses";
|
||
|
|
|
||
|
|
const apiPermissionAssignments = new ApiPermissionAssignments();
|
||
|
|
|
||
|
|
export const hasGuildPermission = async (userId: string, guildId: string, permission: ApiPermissions) => {
|
||
|
|
if (isStaff(userId)) {
|
||
|
|
return true;
|
||
|
|
}
|
||
|
|
|
||
|
|
const permAssignment = await apiPermissionAssignments.getByGuildAndUserId(guildId, userId);
|
||
|
|
if (!permAssignment) {
|
||
|
|
return false;
|
||
|
|
}
|
||
|
|
|
||
|
|
return hasPermission(permissionArrToSet(permAssignment.permissions), permission);
|
||
|
|
};
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Requires `guildId` in req.params
|
||
|
|
*/
|
||
|
|
export function requireGuildPermission(permission: ApiPermissions) {
|
||
|
|
return async (req: Request, res: Response, next) => {
|
||
|
|
if (!(await hasGuildPermission(req.user.userId, req.params.guildId, permission))) {
|
||
|
|
return unauthorized(res);
|
||
|
|
}
|
||
|
|
|
||
|
|
next();
|
||
|
|
};
|
||
|
|
}
|