Return 403 if user cannot see any queue item type

regalijan · Oct 19, 2023 · 5d90d0b · 5d90d0b
1 parent 5a9c663
commit 5d90d0b
Showing 1 changed file with 28 additions and 1 deletion.
diff --git a/pages/mod-queue.page.server.tsx b/pages/mod-queue.page.server.tsx
@@ -1,4 +1,14 @@
 export async function onBeforeRender(pageContext: PageContext) {
+  const { current_user: currentUser } = pageContext;
+
+  if (!currentUser)
+    return {
+      pageContext: {
+        logged_in: false,
+      },
+      status: 401,
+    };
+
   const typePermissions = {
     appeal: [1 << 0, 1 << 1],
     gma: [1 << 5],
@@ -8,13 +18,30 @@ export async function onBeforeRender(pageContext: PageContext) {
     pageContext.urlOriginal,
     "http://localhost:8788"
   );
+
+  const allowedTypes = [];
+
+  for (const [type, ints] of Object.entries(typePermissions)) {
+    if (ints.find((i) => currentUser.permissions & i)) allowedTypes.push(type);
+  }
+
+  if (!allowedTypes.length)
+    return {
+      pageContext: {
+        allowedTypes,
+      },
+      status: 403,
+    };
+
   const includeClosed = searchParams.get("includeClosed");
   const type = searchParams.get("type");
   const sort = searchParams.get("sort") ?? "asc";
 
   return {
     pageContext: {
-      pageProps: {},
+      pageProps: {
+        allowedTypes,
+      },
     },
   };
 }