fix: incorrect perms when deleting objects

2025-11-14 16:51:15 +10:00 · 2025-04-11 19:32:30 -04:00
parent dc89ff95d8
commit 228d109692
5 changed files with 39 additions and 12 deletions
--- a/server/api/v1/admin/game/image/index.delete.ts
+++ b/server/api/v1/admin/game/image/index.delete.ts
@ -35,7 +35,7 @@ export default defineEventHandler(async (h3) => {
    throw createError({ statusCode: 400, statusMessage: "Image not found" });

  game.mImageLibrary.splice(imageIndex, 1);
-  await objectHandler.deleteWithPermission(imageId);
+  await objectHandler.deleteAsServer(imageId);

  if (game.mBannerId === imageId) {
    game.mBannerId = game.mImageLibrary[0];
--- a/server/api/v1/auth/signup/simple.post.ts
+++ b/server/api/v1/auth/signup/simple.post.ts
@ -5,7 +5,6 @@ import * as jdenticon from "jdenticon";
 import objectHandler from "~/server/internal/objects";
 import { type } from "arktype";
 import { randomUUID } from "node:crypto";
-import { writeNonLiteralDefaultMessage } from "arktype/internal/parser/shift/operator/default.ts";

 const userValidator = type({
  username: "string >= 5",
@ -64,7 +63,7 @@ export default defineEventHandler(async (h3) => {
    profilePictureId,
    async () => jdenticon.toPng(user.username, 256),
    {},
-    [`internal:read`, `${userId}:delete`]
+    [`internal:read`, `${userId}:read`]
  );
  const [linkMec] = await prisma.$transaction([
    prisma.linkedAuthMec.create({