familienarchiv/frontend/src/routes/documents/bulk-edit/+page.server.ts

import { redirect } from '@sveltejs/kit';

export async function load({ locals }: { locals: App.Locals }) {
	// Defensive: a UserGroup row with NULL permissions returns undefined here
	// rather than throwing on .includes() — treat that as "not WRITE_ALL".
	const canWrite =
		locals.user?.groups?.some(
			(g: { permissions?: string[] }) => g.permissions?.includes('WRITE_ALL') ?? false
		) ?? false;
	if (!canWrite) throw redirect(303, '/documents');
	return { canWrite };
}