car-crushers-portal/functions/api/events-team/team-members/_middleware.ts

export async function onRequest(context: RequestContext) {
  if (
    ![1 << 4, 1 << 12].find((p) => context.data.current_user?.permissions & p)
  )
    return new Response('{"error":"Forbidden"}', {
      headers: {
        "content-type": "application/json",
      },
      status: 403,
    });

  return await context.next();
}