31 lines
867 B
TypeScript
31 lines
867 B
TypeScript
import { hasPermission, type Permission, type PermissionScope, type Role } from "@cms/content/rbac"
|
|
import { redirect } from "next/navigation"
|
|
|
|
import { resolveRoleFromServerContext } from "@/lib/access-server"
|
|
|
|
type RequirePermissionParams = {
|
|
nextPath: string
|
|
permission: Permission
|
|
scope: PermissionScope
|
|
}
|
|
|
|
export async function requireRoleForRoute(nextPath: string): Promise<Role> {
|
|
const role = await resolveRoleFromServerContext()
|
|
|
|
if (!role) {
|
|
redirect(`/login?next=${encodeURIComponent(nextPath)}`)
|
|
}
|
|
|
|
return role
|
|
}
|
|
|
|
export async function requirePermissionForRoute(params: RequirePermissionParams): Promise<Role> {
|
|
const role = await requireRoleForRoute(params.nextPath)
|
|
|
|
if (!hasPermission(role, params.permission, params.scope)) {
|
|
redirect(`/unauthorized?required=${params.permission}&scope=${params.scope}`)
|
|
}
|
|
|
|
return role
|
|
}
|