marcel/familienarchiv
1
0
Fork 0
Code Issues 119 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

refactor(shared): extract hasWriteAll(locals) permission helper

Browse Source 
The locals.user.groups.some(...WRITE_ALL) derivation was copy-pasted across
the persons directory, persons review and the two document loaders touched by
this PR. Extract a single tested hasWriteAll(locals) helper in
$lib/shared/server and reuse it, removing the ad-hoc casts.

Refs #667

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-27 14:14:00 +02:00
parent 1a0be4130e
commit 3a758393bf
6 changed files with 52 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
frontend/src/routes/documents/[id]/edit/+page.server.ts
View File

@@ -2,6 +2,7 @@ import { error, fail, redirect } from '@sveltejs/kit';
import { env } from '$env/dynamic/private';
import { createApiClient, extractErrorCode } from '$lib/shared/api.server';
import { parseBackendError, getErrorMessage } from '$lib/shared/errors';
import { hasWriteAll } from '$lib/shared/server/permissions';
export async function load({
params,
@@ -15,11 +16,7 @@ export async function load({
depends: (dep: string) => void;
}) {
depends('app:document');
const canWrite =
locals.user?.groups?.some((g: { permissions: string[] }) =>
g.permissions.includes('WRITE_ALL')
) ?? false;
if (!canWrite) throw error(403, 'Forbidden');
if (!hasWriteAll(locals)) throw error(403, 'Forbidden');
const { id } = params;
const api = createApiClient(fetch);

7
frontend/src/routes/documents/new/+page.server.ts
View File

@@ -2,6 +2,7 @@ import { fail, redirect } from '@sveltejs/kit';
import { env } from '$env/dynamic/private';
import { createApiClient } from '$lib/shared/api.server';
import { parseBackendError, getErrorMessage } from '$lib/shared/errors';
import { hasWriteAll } from '$lib/shared/server/permissions';
export async function load({
fetch,
@@ -12,11 +13,7 @@ export async function load({
locals: App.Locals;
url: URL;
}) {
const canWrite =
locals.user?.groups?.some((g: { permissions: string[] }) =>
g.permissions.includes('WRITE_ALL')
) ?? false;
if (!canWrite) throw redirect(303, '/');
if (!hasWriteAll(locals)) throw redirect(303, '/');
const senderId = url.searchParams.get('senderId') || '';
const receiverId = url.searchParams.get('receiverId') || '';