next/lib/server/middlewareButNotReally/storyPrivileges.ts

29 lines
845 B
TypeScript

import type { H3Event, EventHandlerRequest } from "h3";
import { IStory } from "@models/stories";
import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn";
import { IDraft } from "@models/stories/draft";
export function canDelete(event: H3Event<EventHandlerRequest>, story: IStory) {
isLoggedIn(event);
return (
event.context.currentUser?.profile.isAdmin ||
story.author._id === event.context.currentUser?._id
);
}
export function canDeleteDraft(
event: H3Event<EventHandlerRequest>,
story: IDraft,
) {
isLoggedIn(event);
return story.author === event.context.currentUser?._id;
}
export function canModify(
event: H3Event<EventHandlerRequest>,
story: IStory | IDraft,
) {
isLoggedIn(event);
return (
event.context.currentUser?._id === story.author._id ||
story.coAuthor?._id === event.context.currentUser?._id
);
}