| 12345678910111213141516171819202122232425 |
- export default async function authorize(user, resource, permissions) {
- if (_isNil(user)) {
- throw new AuthError(`You must be signed in to modify ${resource}s.`, {
- resource,
- permissions
- })
- }
- permissions = _flatten([permissions])
- // noinspection JSUnresolvedReference
- const result = await auth.api.userHasPermission({
- body: {
- userId: user.id,
- permissions: { [resource]: permissions }
- }
- })
- if (!result.success) {
- throw new AuthError(
- `${user.username} isn't allowed to modify ${resource}s.`,
- { resource, permissions }
- )
- }
- }
|
