feat: add acl to notifications

not sure if i got all the acls of the different notifications down rn, but it seems to be about right
2025-11-13 08:12:40 +10:00 · 2025-05-14 22:53:09 -04:00
parent 82b123a345
commit 9d2aded70f
8 changed files with 45 additions and 2 deletions
--- a/server/api/v1/client/capability/index.post.ts
+++ b/server/api/v1/client/capability/index.post.ts
@ -55,6 +55,7 @@ export default defineClientEventHandler(
      title: `"${client.name}" can now access ${capability}`,
      description: `A device called "${client.name}" now has access to your ${capability}.`,
      actions: ["Review|/account/devices"],
+      requiredPerms: ["clients:read"],
    });

    return {};
--- a/server/api/v1/notifications/index.get.ts
+++ b/server/api/v1/notifications/index.get.ts
@ -1,4 +1,4 @@
-import aclManager from "~/server/internal/acls";
+import aclManager, { type SystemACL } from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";

 export default defineEventHandler(async (h3) => {
@ -22,5 +22,36 @@ export default defineEventHandler(async (h3) => {
    },
  });

+  let i = notifications.length;
+  while (i--) {
+    const notif = notifications[i];
+
+    const hasPermsForNotif = await aclManager.allowSystemACL(
+      h3,
+      notif.requiredPerms as SystemACL,
+    );
+
+    if (!hasPermsForNotif) {
+      // remove element
+      console.log(
+        userId,
+        "did not have perms to access",
+        notif.id,
+        "based on",
+        notif.requiredPerms,
+      );
+
+      notifications.splice(i, 1);
+    } else {
+      console.log(
+        userId,
+        "had perms to access",
+        notif.id,
+        "based on",
+        notif.requiredPerms,
+      );
+    }
+  }
+
  return notifications;
 });