import { jsonError } from "../../common.js";

export async function onRequest(context: RequestContext) {
  const { current_user: user } = context.data;

  if (!user) return jsonError("Unauthorized", 401);

  if (
    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find((i) => user.permissions & (1 << i))
  )
    return jsonError("Forbidden", 403);

  return await context.next();
}