import { jsonError } from "../../common.js";

export async function onRequest(context: RequestContext) {
  const { current_user: user } = context.data;

  if (!user) return jsonError("Unauthorized", 401);

  if (
    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
      (i) => user.permissions & (1 << i),
    ) === "undefined"
  )
    return jsonError("Forbidden", 403);

  return await context.next();
}