forked from administration/panel
86 lines
2.3 KiB
TypeScript
86 lines
2.3 KiB
TypeScript
import { getServerSession } from "next-auth";
|
|
|
|
type Permission =
|
|
| "authifier"
|
|
| `accounts${
|
|
| ""
|
|
| `/fetch${"" | "/by-id"}`
|
|
| "/disable"
|
|
| "/restore"
|
|
| `/deletion${"" | "/queue" | "/cancel"}`}`
|
|
| `bots${
|
|
| ""
|
|
| `/fetch${"" | "/by-id" | "/by-user"}`
|
|
| `/update${"" | "/discoverability"}`}`
|
|
| `channels${"" | `/fetch${"" | "/by-id" | "/dm"}` | `/create${"" | "/dm"}`}`
|
|
| `messages${"" | `/fetch${"" | "/by-id"}`}`
|
|
| `reports${
|
|
| ""
|
|
| `/fetch${
|
|
| ""
|
|
| "/by-id"
|
|
| "/open"
|
|
| `/related${"" | "/by-content" | "/by-user"}`
|
|
| `/snapshots${"" | "/by-report" | "/by-user"}`}`
|
|
| `/update${
|
|
| ""
|
|
| "/notes"
|
|
| "/resolve"
|
|
| "/reject"
|
|
| "/reopen"
|
|
| `/bulk-close${"" | "/by-user"}`}`}`
|
|
| `sessions${"" | `/fetch${"" | "/by-account-id"}`}`
|
|
| `servers${
|
|
| ""
|
|
| `/fetch${"" | "/by-id"}`
|
|
| `/update${"" | "/flags" | "/discoverability"}`}`
|
|
| `users${
|
|
| ""
|
|
| `/fetch${"" | "/by-id" | "/memberships"}`
|
|
| `/create${"" | "/alert" | "/strike"}`
|
|
| `/update${"" | "/badges"}`
|
|
| `/action${"" | "/unsuspend" | "/suspend" | "/wipe" | "/ban"}`}`;
|
|
|
|
const PermissionSets = {
|
|
"view-open-reports": [
|
|
// Required for viewing open reports
|
|
"users/fetch/by-id",
|
|
"reports/fetch/open",
|
|
"reports/fetch/by-id",
|
|
"reports/fetch/related",
|
|
"reports/fetch/snapshots/by-report",
|
|
] as Permission[],
|
|
};
|
|
|
|
const Roles = {
|
|
moderator: [...PermissionSets["view-open-reports"]],
|
|
};
|
|
|
|
const ACL: Record<string, Set<Permission>> = {
|
|
"insert@revolt.chat": new Set([...Roles["moderator"]] as Permission[]),
|
|
};
|
|
|
|
function hasPermission(email: string, permission: Permission) {
|
|
const segments = permission.split("/");
|
|
while (segments.length) {
|
|
if (ACL[email].has(segments.join("/") as Permission)) {
|
|
return true;
|
|
}
|
|
|
|
segments.pop();
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
export async function hasPermissionFromSession(permission: Permission) {
|
|
const session = await getServerSession();
|
|
if (!session?.user?.email) throw "Not authenticated.";
|
|
return hasPermission(session.user.email, permission);
|
|
}
|
|
|
|
export async function checkPermission(permission: Permission) {
|
|
if (!(await hasPermissionFromSession(permission)))
|
|
throw `Missing permission ${permission}`;
|
|
}
|