mirror of
https://github.com/Drop-OSS/drop.git
synced 2026-01-31 15:37:09 +01:00
60 lines
1.3 KiB
TypeScript
60 lines
1.3 KiB
TypeScript
import aclManager, { type SystemACL } from "~/server/internal/acls";
|
|
import prisma from "~/server/internal/db/database";
|
|
|
|
export default defineEventHandler(async (h3) => {
|
|
const userId = await aclManager.getUserIdACL(h3, ["notifications:read"]);
|
|
if (!userId) throw createError({ statusCode: 403 });
|
|
|
|
const acls = await aclManager.fetchAllACLs(h3);
|
|
if (!acls)
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: "Got userId but no ACLs - what?",
|
|
});
|
|
|
|
const notifications = await prisma.notification.findMany({
|
|
where: {
|
|
userId,
|
|
acls: {
|
|
hasSome: acls,
|
|
},
|
|
},
|
|
orderBy: {
|
|
created: "desc", // Newest first
|
|
},
|
|
});
|
|
|
|
let i = notifications.length;
|
|
while (i--) {
|
|
const notif = notifications[i];
|
|
|
|
const hasPermsForNotif = await aclManager.allowSystemACL(
|
|
h3,
|
|
notif.requiredPerms as SystemACL,
|
|
);
|
|
|
|
if (!hasPermsForNotif) {
|
|
// remove element
|
|
console.log(
|
|
userId,
|
|
"did not have perms to access",
|
|
notif.id,
|
|
"based on",
|
|
notif.requiredPerms,
|
|
);
|
|
|
|
notifications.splice(i, 1);
|
|
} else {
|
|
console.log(
|
|
userId,
|
|
"had perms to access",
|
|
notif.id,
|
|
"based on",
|
|
notif.requiredPerms,
|
|
);
|
|
}
|
|
}
|
|
|
|
return notifications;
|
|
});
|