marcel/familienarchiv
1
0
Fork 0
Code Issues 111 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f98792f10baf60d50d1bafa64df8edbf13723fc5
familienarchiv/frontend/src/routes/documents/new/+page.server.ts
Marcel f98792f10b
Some checks failed
CI / Unit & Component Tests (pull_request) Has been cancelled
Details
CI / Backend Unit Tests (pull_request) Has been cancelled
Details
CI / E2E Tests (pull_request) Has been cancelled
Details
CI / Unit & Component Tests (push) Successful in 2m5s
Details
CI / Backend Unit Tests (push) Successful in 2m0s
Details
CI / E2E Tests (push) Failing after 21m36s
Details
fix(permissions): redirect read-only users from /documents/new to home 
throw error(403) kept the URL at /documents/new (the error page renders
in-place). Changed to throw redirect(303, '/') so the URL actually changes,
matching the E2E test expectation that a read-only user is redirected away.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 23:01:45 +01:00

77 lines
2.0 KiB
TypeScript
Raw Blame History

import { fail, redirect } from '@sveltejs/kit';
import { env } from '$env/dynamic/private';
import { createApiClient } from '$lib/api.server';
import { parseBackendError, getErrorMessage } from '$lib/errors';
export async function load({
fetch,
locals,
url
}: {
fetch: typeof globalThis.fetch;
locals: App.Locals;
url: URL;
}) {
const canWrite =
locals.user?.groups?.some((g: { permissions: string[] }) =>
g.permissions.includes('WRITE_ALL')
) ?? false;
if (!canWrite) throw redirect(303, '/');
const senderId = url.searchParams.get('senderId') || '';
const receiverId = url.searchParams.get('receiverId') || '';
const api = createApiClient(fetch);
let initialSenderName = '';
let initialReceivers: { id: string; firstName: string; lastName: string }[] = [];
const requests: Promise<void>[] = [];
if (senderId) {
requests.push(
api.GET('/api/persons/{id}', { params: { path: { id: senderId } } }).then(({ data }) => {
if (data) initialSenderName = `${data.firstName} ${data.lastName}`;
})
);
}
if (receiverId) {
requests.push(
api.GET('/api/persons/{id}', { params: { path: { id: receiverId } } }).then(({ data }) => {
if (data)
initialReceivers = [{ id: data.id!, firstName: data.firstName, lastName: data.lastName }];
})
);
}
const [personsResult] = await Promise.all([api.GET('/api/persons'), ...requests]);
return {
persons: personsResult.response.ok ? personsResult.data : [],
initialSenderId: senderId,
initialSenderName,
initialReceivers
};
}
export const actions = {
default: async ({ request, fetch }) => {
const baseUrl = env.API_INTERNAL_URL || 'http://localhost:8080';
const formData = await request.formData();
const res = await fetch(`${baseUrl}/api/documents`, {
method: 'POST',
body: formData
});
if (!res.ok) {
const backendError = await parseBackendError(res);
return fail(res.status, { error: getErrorMessage(backendError?.code) });
}
const created = await res.json();
throw redirect(303, `/documents/${created.id}`);
}
};
Reference in New Issue View Git Blame Copy Permalink