docs(permissions): note requireWriteAll can replace the inline guard elsewhere

Architect/Developer review suggestion: flag that other WRITE_ALL-gated author loads (e.g. documents/[id]/edit) still inline the throw-403 guard and can adopt requireWriteAll so it doesn't diverge. Comment-only. Addresses PR #832 review (Architect suggestion). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-14 00:33:38 +02:00
parent d48a89ba5c
commit 719274ef88
1 changed files with 4 additions and 0 deletions
--- a/frontend/src/lib/shared/server/permissions.ts
+++ b/frontend/src/lib/shared/server/permissions.ts
@@ -20,6 +20,10 @@ export function hasWriteAll(locals: PermissionLocals): boolean {
 * — `hasWriteAll` returns false for a null user, so a single check covers both
 * the unauthenticated and the under-privileged case. Server-side gate; the
 * frontend canWrite flag only hides entry-point buttons.
+ *
+ * Other WRITE_ALL-gated author loads (e.g. `documents/[id]/edit`) still inline
+ * `if (!hasWriteAll(locals)) throw error(403)` — they can adopt this helper so
+ * the guard doesn't quietly diverge across routes.
 */
 export function requireWriteAll(locals: PermissionLocals): void {
 	if (!hasWriteAll(locals)) throw error(403, 'Forbidden');