feat(acls): added backend acls

server/api/v1/admin/auth/invitation/index.delete.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "auth:simple:invitation:delete",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const id = body.id;

server/api/v1/admin/auth/invitation/index.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "auth:simple:invitation:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   await runTask("cleanup:invitations");
 

server/api/v1/admin/auth/invitation/index.post.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "auth:simple:invitation:new",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const isAdmin = body.isAdmin;
@@ -30,7 +33,7 @@ export default defineEventHandler(async (h3) => {
       isAdmin: isAdmin,
       username: username,
       email: email,
-      expires: expiresDate
+      expires: expiresDate,
     },
   });