43 lines
1.7 KiB
TypeScript
43 lines
1.7 KiB
TypeScript
import getCurrentUser from "./getCurrentUser";
|
|
import "server-only";
|
|
import getUserPermissions from "./getUserPermissions";
|
|
|
|
/**
|
|
* Deprecated. Use dashboard service instead
|
|
* Checks if the current user has the specified permissions.
|
|
*
|
|
* @deprecated
|
|
* @param permission - The specific permission to check. If it's "guest-only", the function returns true if the user is not authenticated. If it's "authenticated-only", it returns true if the user is authenticated. For other permissions, it checks against the user's roles and direct permissions.
|
|
* @param currentUser - Optional. The current user object. If not provided, the function retrieves the current user.
|
|
* @returns true if the user has the required permission, otherwise false.
|
|
*/
|
|
export default async function checkPermission(
|
|
permission: "guest-only" | "authenticated-only" | "*" | (string & {}),
|
|
currentUser?: Awaited<ReturnType<typeof getCurrentUser>>
|
|
): Promise<boolean> {
|
|
// Allow if no specific permission is required.
|
|
if (permission === "*") return true;
|
|
|
|
// Retrieve current user if not provided.
|
|
const user = currentUser ?? (await getCurrentUser());
|
|
|
|
// Handle non-authenticated users.
|
|
if (!user) {
|
|
return permission === "guest-only";
|
|
}
|
|
|
|
// Allow authenticated users if the permission is 'authenticated-only'.
|
|
if (permission === "authenticated-only") {
|
|
return true;
|
|
}
|
|
|
|
// Short-circuit for super-admin role to allow all permissions.
|
|
if (user.roles.some((role) => role.code === "super-admin")) return true;
|
|
|
|
// Aggregate all role codes and direct permissions into a set for efficient lookup.
|
|
const permissions = await getUserPermissions()
|
|
|
|
// Check if the user has the required permission.
|
|
return permissions.includes(permission);
|
|
}
|