1 files changed, 64 insertions, 0 deletions

diff --git a/src/permissions/link.ts b/src/permissions/link.ts
new file mode 100644
index 0000000..c027a0b
--- /dev/null
+++ b/src/permissions/link.ts
@@ -0,0 +1,64 @@
+import { hasPermission } from '@/lib/auth';
+import { PERMISSIONS } from '@/lib/constants';
+import type { Auth } from '@/lib/types';
+import { getLink, getTeamUser } from '@/queries/prisma';
+
+export async function canViewLink({ user }: Auth, linkId: string) {
+  if (user?.isAdmin) {
+    return true;
+  }
+
+  const link = await getLink(linkId);
+
+  if (link.userId) {
+    return user.id === link.userId;
+  }
+
+  if (link.teamId) {
+    const teamUser = await getTeamUser(link.teamId, user.id);
+
+    return !!teamUser;
+  }
+
+  return false;
+}
+
+export async function canUpdateLink({ user }: Auth, linkId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const link = await getLink(linkId);
+
+  if (link.userId) {
+    return user.id === link.userId;
+  }
+
+  if (link.teamId) {
+    const teamUser = await getTeamUser(link.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
+  }
+
+  return false;
+}
+
+export async function canDeleteLink({ user }: Auth, linkId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const link = await getLink(linkId);
+
+  if (link.userId) {
+    return user.id === link.userId;
+  }
+
+  if (link.teamId) {
+    const teamUser = await getTeamUser(link.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
+  }
+
+  return false;
+}