3a758393bf
The locals.user.groups.some(...WRITE_ALL) derivation was copy-pasted across the persons directory, persons review and the two document loaders touched by this PR. Extract a single tested hasWriteAll(locals) helper in $lib/shared/server and reuse it, removing the ad-hoc casts. Refs #667 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
15 lines
605 B
TypeScript
15 lines
605 B
TypeScript
/**
|
|
* Server-side permission predicates derived from the authenticated user in `locals`.
|
|
*
|
|
* The user shape is intentionally narrowed to the only field these checks read
|
|
* (`groups[].permissions`) so the helper works against `App.Locals` without importing it.
|
|
*/
|
|
type PermissionLocals = {
|
|
user?: { groups?: { permissions: string[] }[] } | null;
|
|
};
|
|
|
|
/** True when any of the user's groups grants WRITE_ALL. False for anonymous users. */
|
|
export function hasWriteAll(locals: PermissionLocals): boolean {
|
|
return locals.user?.groups?.some((group) => group.permissions.includes('WRITE_ALL')) ?? false;
|
|
}
|