diff options
| author | Fuwn <[email protected]> | 2026-01-24 13:09:50 +0000 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-01-24 13:09:50 +0000 |
| commit | 396acf3bbbe00a192cb0ea0a9ccf91b1d8d2850b (patch) | |
| tree | b9df4ca6a70db45cfffbae6fdd7252e20fb8e93c /src/permissions/pixel.ts | |
| download | umami-396acf3bbbe00a192cb0ea0a9ccf91b1d8d2850b.tar.xz umami-396acf3bbbe00a192cb0ea0a9ccf91b1d8d2850b.zip | |
Created from https://vercel.com/new
Diffstat (limited to 'src/permissions/pixel.ts')
| -rw-r--r-- | src/permissions/pixel.ts | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/src/permissions/pixel.ts b/src/permissions/pixel.ts new file mode 100644 index 0000000..2131874 --- /dev/null +++ b/src/permissions/pixel.ts @@ -0,0 +1,64 @@ +import { hasPermission } from '@/lib/auth'; +import { PERMISSIONS } from '@/lib/constants'; +import type { Auth } from '@/lib/types'; +import { getPixel, getTeamUser } from '@/queries/prisma'; + +export async function canViewPixel({ user }: Auth, pixelId: string) { + if (user?.isAdmin) { + return true; + } + + const pixel = await getPixel(pixelId); + + if (pixel.userId) { + return user.id === pixel.userId; + } + + if (pixel.teamId) { + const teamUser = await getTeamUser(pixel.teamId, user.id); + + return !!teamUser; + } + + return false; +} + +export async function canUpdatePixel({ user }: Auth, pixelId: string) { + if (user.isAdmin) { + return true; + } + + const pixel = await getPixel(pixelId); + + if (pixel.userId) { + return user.id === pixel.userId; + } + + if (pixel.teamId) { + const teamUser = await getTeamUser(pixel.teamId, user.id); + + return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate); + } + + return false; +} + +export async function canDeletePixel({ user }: Auth, pixelId: string) { + if (user.isAdmin) { + return true; + } + + const pixel = await getPixel(pixelId); + + if (pixel.userId) { + return user.id === pixel.userId; + } + + if (pixel.teamId) { + const teamUser = await getTeamUser(pixel.teamId, user.id); + + return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete); + } + + return false; +} |