import { jsonError } from "../../common.js";

export async function onRequest(context: RequestContext) {
  const { current_user: currentUser } = context.data;

  if (!currentUser) return jsonError("Not logged in", 401);

  if (![1 << 5, 1 << 8].find((perm) => currentUser.permissions & perm))
    return jsonError("Forbidden", 403);

  return await context.next();
}