next/lib/server/middlewareButNotReally/storyPrivileges.ts

30 lines
909 B
TypeScript
Raw Normal View History

import type { H3Event, EventHandlerRequest } from "h3";
import { IStory } from "@models/stories";
import { isLoggedIn } from "@server/middlewareButNotReally";
import { IDraft } from "@models/stories/draft";
import { IUser } from "@models/user";
export function canDelete(event: H3Event<EventHandlerRequest>, story: IStory) {
isLoggedIn(event);
return (
event.context.currentUser?.profile.isAdmin ||
(story.author as IUser)._id === event.context.currentUser?._id
);
}
export function canDeleteDraft(
event: H3Event<EventHandlerRequest>,
story: IDraft,
) {
isLoggedIn(event);
return story.author === event.context.currentUser?._id;
}
export function canModify(
event: H3Event<EventHandlerRequest>,
story: IStory | IDraft,
) {
isLoggedIn(event);
return (
event.context.currentUser?._id === (story.author as IUser)._id ||
(story.coAuthor as IUser)?._id === event.context.currentUser?._id
);
}