feat: implement permission checks for various actions across multiple resources, including acoes, atas, atestados, ausencias, ferias, and simbolos

2025-12-12 09:26:30 -03:00
parent 4eb49d3e63
commit 92a9605417
8 changed files with 554 additions and 51 deletions
--- a/packages/backend/convex/acoes.ts
+++ b/packages/backend/convex/acoes.ts
@@ -1,10 +1,15 @@
 import { v } from 'convex/values';
 import { mutation, query } from './_generated/server';
 import { getCurrentUserFunction } from './auth';
+import { internal } from './_generated/api';

 export const list = query({
 	args: {},
 	handler: async (ctx) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'acoes',
+			acao: 'listar'
+		});
 		return await ctx.db.query('acoes').collect();
 	}
 });
@@ -15,6 +20,11 @@ export const create = mutation({
 		tipo: v.union(v.literal('projeto'), v.literal('lei'))
 	},
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'acoes',
+			acao: 'criar'
+		});
+
 		const user = await getCurrentUserFunction(ctx);
 		if (!user) throw new Error('Unauthorized');

@@ -33,6 +43,11 @@ export const update = mutation({
 		tipo: v.union(v.literal('projeto'), v.literal('lei'))
 	},
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'acoes',
+			acao: 'editar'
+		});
+
 		const user = await getCurrentUserFunction(ctx);
 		if (!user) throw new Error('Unauthorized');

@@ -48,6 +63,11 @@ export const remove = mutation({
 		id: v.id('acoes')
 	},
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'acoes',
+			acao: 'excluir'
+		});
+
 		const user = await getCurrentUserFunction(ctx);
 		if (!user) throw new Error('Unauthorized');