car-crushers-portal/functions/api/events-team/events/_middleware.ts

export async function onRequest(context: RequestContext) {
  if (
    ![1 << 3, 1 << 4, 1 << 12].find(
      (int) => context.data.current_user?.permissions & int,
    )
  )
    return new Response('{"error":"Forbidden"}', {
      headers: {
        "content-type": "application/json",
      },
      status: 401,
    });

  return await context.next();
}