regalijan/car-crushers-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Return 403 if user cannot see any queue item type

Browse Source
This commit is contained in:
regalijan 2023-10-19 16:49:06 -04:00
parent 5a9c663479
commit 5d90d0b1b1
Signed by: regalijan
GPG Key ID: 5D4196DA269EF520
1 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
pages/mod-queue.page.server.tsx
View File

@ -1,4 +1,14 @@
export async function onBeforeRender(pageContext: PageContext) { export async function onBeforeRender(pageContext: PageContext) {
const { current_user: currentUser } = pageContext;
if (!currentUser)
return {
pageContext: {
logged_in: false,
},
status: 401,
};
const typePermissions = { const typePermissions = {
appeal: [1 << 0, 1 << 1], appeal: [1 << 0, 1 << 1],
gma: [1 << 5], gma: [1 << 5],
@ -8,13 +18,30 @@ export async function onBeforeRender(pageContext: PageContext) {
pageContext.urlOriginal, pageContext.urlOriginal,
"http://localhost:8788" "http://localhost:8788"
); );
const allowedTypes = [];
for (const [type, ints] of Object.entries(typePermissions)) {
if (ints.find((i) => currentUser.permissions & i)) allowedTypes.push(type);
}
if (!allowedTypes.length)
return {
pageContext: {
allowedTypes,
},
status: 403,
};
const includeClosed = searchParams.get("includeClosed"); const includeClosed = searchParams.get("includeClosed");
const type = searchParams.get("type"); const type = searchParams.get("type");
const sort = searchParams.get("sort") ?? "asc"; const sort = searchParams.get("sort") ?? "asc";
return { return {
pageContext: { pageContext: {
pageProps: {}, pageProps: {
allowedTypes,
},
}, },
}; };
} }