feat(acls): added backend acls

server/api/v1/admin/auth/invitation/index.delete.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "auth:simple:invitation:delete",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const id = body.id;

server/api/v1/admin/auth/invitation/index.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "auth:simple:invitation:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   await runTask("cleanup:invitations");
 

server/api/v1/admin/auth/invitation/index.post.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "auth:simple:invitation:new",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const isAdmin = body.isAdmin;
@@ -30,7 +33,7 @@ export default defineEventHandler(async (h3) => {
       isAdmin: isAdmin,
       username: username,
       email: email,
-      expires: expiresDate
+      expires: expiresDate,
     },
   });
 

server/api/v1/admin/game/image/index.delete.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:image:delete",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const gameId = body.gameId;

server/api/v1/admin/game/image/index.post.ts

@@ -1,9 +1,12 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import { handleFileUpload } from "~/server/internal/utils/handlefileupload";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:image:new",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const form = await readMultipartFormData(h3);
   if (!form)

server/api/v1/admin/game/index.delete.ts

@@ -1,9 +1,12 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:delete",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = getQuery(h3);
   const gameId = query.id?.toString();

server/api/v1/admin/game/index.get.ts

@@ -1,9 +1,12 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = getQuery(h3);
   const gameId = query.id?.toString();

server/api/v1/admin/game/index.patch.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:update",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const id = body.id;

server/api/v1/admin/game/metadata.post.ts

@@ -1,9 +1,12 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import { handleFileUpload } from "~/server/internal/utils/handlefileupload";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:update",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const form = await readMultipartFormData(h3);
   if (!form)

server/api/v1/admin/game/version/index.delete.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:version:delete",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const gameId = body.id.toString();

server/api/v1/admin/game/version/index.patch.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:version:update",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const gameId = body.id?.toString();

server/api/v1/admin/import/game/index.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:game:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const unimportedGames = await libraryManager.fetchAllUnimportedGames();
   return { unimportedGames };

server/api/v1/admin/import/game/index.post.ts

@@ -1,3 +1,4 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 import {
   GameMetadataSearchResult,
@@ -5,8 +6,10 @@ import {
 } from "~/server/internal/metadata/types";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:game:new",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
 

server/api/v1/admin/import/game/search.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:game:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = getQuery(h3);
   const search = query.q?.toString();

server/api/v1/admin/import/version/index.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:version:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = await getQuery(h3);
   const gameId = query.id?.toString();

server/api/v1/admin/import/version/index.post.ts

@@ -1,10 +1,13 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import libraryManager from "~/server/internal/library";
 import { parsePlatform } from "~/server/internal/utils/parseplatform";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:version:new",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const gameId = body.id;

server/api/v1/admin/import/version/preload.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:version:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = await getQuery(h3);
   const gameId = query.id?.toString();

server/api/v1/admin/index.get.ts

@@ -1,6 +0,0 @@
-export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getUser(h3);
-  if (!user)
-    throw createError({ statusCode: 403, statusMessage: "Not authenticated" });
-  return { admin: user.admin };
-});

server/api/v1/admin/library/index.get.ts

@@ -1,8 +1,9 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, ["library:read"]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const unimportedGames = await libraryManager.fetchAllUnimportedGames();
   const games = await libraryManager.fetchGamesWithStatus();

server/api/v1/admin/user/index.get.ts

@@ -1,8 +1,9 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, ["user:read"]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const users = await prisma.user.findMany({});