1 files changed, 64 insertions, 0 deletions

diff --git a/src/permissions/pixel.ts b/src/permissions/pixel.ts
new file mode 100644
index 0000000..2131874
--- /dev/null
+++ b/src/permissions/pixel.ts
@@ -0,0 +1,64 @@
+import { hasPermission } from '@/lib/auth';
+import { PERMISSIONS } from '@/lib/constants';
+import type { Auth } from '@/lib/types';
+import { getPixel, getTeamUser } from '@/queries/prisma';
+
+export async function canViewPixel({ user }: Auth, pixelId: string) {
+  if (user?.isAdmin) {
+    return true;
+  }
+
+  const pixel = await getPixel(pixelId);
+
+  if (pixel.userId) {
+    return user.id === pixel.userId;
+  }
+
+  if (pixel.teamId) {
+    const teamUser = await getTeamUser(pixel.teamId, user.id);
+
+    return !!teamUser;
+  }
+
+  return false;
+}
+
+export async function canUpdatePixel({ user }: Auth, pixelId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const pixel = await getPixel(pixelId);
+
+  if (pixel.userId) {
+    return user.id === pixel.userId;
+  }
+
+  if (pixel.teamId) {
+    const teamUser = await getTeamUser(pixel.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
+  }
+
+  return false;
+}
+
+export async function canDeletePixel({ user }: Auth, pixelId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const pixel = await getPixel(pixelId);
+
+  if (pixel.userId) {
+    return user.id === pixel.userId;
+  }
+
+  if (pixel.teamId) {
+    const teamUser = await getTeamUser(pixel.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
+  }
+
+  return false;
+}