From 396acf3bbbe00a192cb0ea0a9ccf91b1d8d2850b Mon Sep 17 00:00:00 2001
From: Fuwn <50817549+Fuwn@users.noreply.github.com>
Date: Sat, 24 Jan 2026 13:09:50 +0000
Subject: Initial commit

Created from https://vercel.com/new
---
 src/permissions/pixel.ts | 64 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 src/permissions/pixel.ts

(limited to 'src/permissions/pixel.ts')

diff --git a/src/permissions/pixel.ts b/src/permissions/pixel.ts
new file mode 100644
index 0000000..2131874
--- /dev/null
+++ b/src/permissions/pixel.ts
@@ -0,0 +1,64 @@
+import { hasPermission } from '@/lib/auth';
+import { PERMISSIONS } from '@/lib/constants';
+import type { Auth } from '@/lib/types';
+import { getPixel, getTeamUser } from '@/queries/prisma';
+
+export async function canViewPixel({ user }: Auth, pixelId: string) {
+  if (user?.isAdmin) {
+    return true;
+  }
+
+  const pixel = await getPixel(pixelId);
+
+  if (pixel.userId) {
+    return user.id === pixel.userId;
+  }
+
+  if (pixel.teamId) {
+    const teamUser = await getTeamUser(pixel.teamId, user.id);
+
+    return !!teamUser;
+  }
+
+  return false;
+}
+
+export async function canUpdatePixel({ user }: Auth, pixelId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const pixel = await getPixel(pixelId);
+
+  if (pixel.userId) {
+    return user.id === pixel.userId;
+  }
+
+  if (pixel.teamId) {
+    const teamUser = await getTeamUser(pixel.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
+  }
+
+  return false;
+}
+
+export async function canDeletePixel({ user }: Auth, pixelId: string) {
+  if (user.isAdmin) {
+    return true;
+  }
+
+  const pixel = await getPixel(pixelId);
+
+  if (pixel.userId) {
+    return user.id === pixel.userId;
+  }
+
+  if (pixel.teamId) {
+    const teamUser = await getTeamUser(pixel.teamId, user.id);
+
+    return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
+  }
+
+  return false;
+}
-- 
cgit v1.2.3