feat: separate library and metadata pages, notification acls

2025-11-13 08:12:40 +10:00 · 2025-05-15 14:55:05 +10:00
parent 086664adfd
commit 1dba112bce
13 changed files with 209 additions and 107 deletions
--- a/server/internal/acls/index.ts
+++ b/server/internal/acls/index.ts
@ -70,6 +70,8 @@ const systemACLPrefix = "system:";

 export type SystemACL = Array<(typeof systemACLs)[number]>;

+export type GlobalACL = `${typeof systemACLPrefix}${(typeof systemACLs)[number]}` | `${typeof userACLPrefix}${(typeof userACLs)[number]}`;
+
 class ACLManager {
  private getAuthorizationToken(request: MinimumRequestObject) {
    const [type, token] =
@ -173,6 +175,36 @@ class ACLManager {

    return true;
  }
+
+  async fetchAllACLs(request: MinimumRequestObject): Promise<GlobalACL[] | undefined> {
+    const userSession = await sessionHandler.getSession(request);
+    if (!userSession) {
+      const authorizationToken = this.getAuthorizationToken(request);
+      if (!authorizationToken) return undefined;
+      const token = await prisma.aPIToken.findUnique({
+        where: { token: authorizationToken },
+      });
+      if (!token) return undefined;
+      return token.acls as GlobalACL[];
+    }
+
+    const user = await prisma.user.findUnique({
+      where: { id: userSession.userId },
+      select: {
+        admin: true,
+      },
+    });
+    if (!user)
+      throw new Error("User session without user - did something break?");
+
+    const acls = userACLs.map((e) => `${userACLPrefix}${e}`);
+
+    if (user.admin) {
+      acls.push(...systemACLs.map((e) => `${systemACLPrefix}${e}`));
+    }
+
+    return acls as GlobalACL[];
+  }
 }

 export const aclManager = new ACLManager();