From 290bf07faf33ebe5aacfc6c10b9fa0b10e57faf3 Mon Sep 17 00:00:00 2001 From: Bernd Storath <999999bst@gmail.com> Date: Tue, 11 Feb 2025 11:30:20 +0100 Subject: [PATCH] add me abac --- src/server/api/me/index.post.ts | 3 ++- src/server/api/me/password.post.ts | 3 ++- src/shared/utils/permissions.ts | 10 ++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/server/api/me/index.post.ts b/src/server/api/me/index.post.ts index 324b4552..10b338ef 100644 --- a/src/server/api/me/index.post.ts +++ b/src/server/api/me/index.post.ts @@ -1,7 +1,8 @@ import { UserUpdateSchema } from '#db/repositories/user/types'; export default definePermissionEventHandler( - actions.CLIENT, + 'me', + 'update', async ({ event, user }) => { const { name, email } = await readValidatedBody( event, diff --git a/src/server/api/me/password.post.ts b/src/server/api/me/password.post.ts index 50a593a4..b7fad3d3 100644 --- a/src/server/api/me/password.post.ts +++ b/src/server/api/me/password.post.ts @@ -1,7 +1,8 @@ import { UserUpdatePasswordSchema } from '#db/repositories/user/types'; export default definePermissionEventHandler( - actions.CLIENT, + 'me', + 'update', async ({ event, user }) => { const { newPassword, currentPassword } = await readValidatedBody( event, diff --git a/src/shared/utils/permissions.ts b/src/shared/utils/permissions.ts index 138527ad..901d8bb6 100644 --- a/src/shared/utils/permissions.ts +++ b/src/shared/utils/permissions.ts @@ -47,6 +47,10 @@ export type Permissions = { dataType: never; action: 'any'; }; + me: { + dataType: UserType; + action: 'update'; + }; }; export const ROLES = { @@ -61,6 +65,9 @@ export const ROLES = { admin: { any: true, }, + me: { + update: (loggedIn, toChange) => loggedIn.id === toChange.id, + }, }, CLIENT: { clients: { @@ -73,6 +80,9 @@ export const ROLES = { admin: { any: false, }, + me: { + update: (loggedIn, toChange) => loggedIn.id === toChange.id, + }, }, } as const satisfies RolesWithPermissions;