Return 403 if user cannot see any queue item type

2023-10-19 16:49:06 -04:00 · 2023-10-19 16:49:06 -04:00 · 5d90d0b1b1
commit 5d90d0b1b1
parent 5a9c663479
1 changed files with 28 additions and 1 deletions
--- a/pages/mod-queue.page.server.tsx
+++ b/pages/mod-queue.page.server.tsx
@ -1,4 +1,14 @@
 export async function onBeforeRender(pageContext: PageContext) {
+  const { current_user: currentUser } = pageContext;
+
+  if (!currentUser)
+    return {
+      pageContext: {
+        logged_in: false,
+      },
+      status: 401,
+    };
+
  const typePermissions = {
    appeal: [1 << 0, 1 << 1],
    gma: [1 << 5],
@ -8,13 +18,30 @@ export async function onBeforeRender(pageContext: PageContext) {
    pageContext.urlOriginal,
    "http://localhost:8788"
  );
+
+  const allowedTypes = [];
+
+  for (const [type, ints] of Object.entries(typePermissions)) {
+    if (ints.find((i) => currentUser.permissions & i)) allowedTypes.push(type);
+  }
+
+  if (!allowedTypes.length)
+    return {
+      pageContext: {
+        allowedTypes,
+      },
+      status: 403,
+    };
+
  const includeClosed = searchParams.get("includeClosed");
  const type = searchParams.get("type");
  const sort = searchParams.get("sort") ?? "asc";

  return {
    pageContext: {
-      pageProps: {},
+      pageProps: {
+        allowedTypes,
+      },
    },
  };
 }