feat: implement permission checks for various actions across multiple resources, including acoes, atas, atestados, ausencias, ferias, and simbolos

packages/backend/convex/atas.ts

@@ -2,10 +2,15 @@ import { v } from 'convex/values';
 import { mutation, query } from './_generated/server';
 import type { Id } from './_generated/dataModel';
 import { getCurrentUserFunction } from './auth';
+import { internal } from './_generated/api';
 
 export const list = query({
 	args: {},
 	handler: async (ctx) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'listar'
+		});
 		return await ctx.db.query('atas').collect();
 	}
 });
@@ -13,6 +18,10 @@ export const list = query({
 export const get = query({
 	args: { id: v.id('atas') },
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'ver'
+		});
 		return await ctx.db.get(args.id);
 	}
 });
@@ -20,6 +29,10 @@ export const get = query({
 export const getObjetos = query({
 	args: { id: v.id('atas') },
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'ver'
+		});
 		const links = await ctx.db
 			.query('atasObjetos')
 			.withIndex('by_ataId', (q) => q.eq('ataId', args.id))
@@ -35,6 +48,10 @@ export const listByObjetoIds = query({
 		objetoIds: v.array(v.id('objetos'))
 	},
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'listar'
+		});
 		if (args.objetoIds.length === 0) return [];
 
 		// Buscar todos os vínculos ata-objeto para os objetos informados
@@ -66,6 +83,11 @@ export const create = mutation({
 		objetosIds: v.array(v.id('objetos'))
 	},
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'criar'
+		});
+
 		const user = await getCurrentUserFunction(ctx);
 		if (!user) throw new Error('Unauthorized');
 
@@ -103,6 +125,11 @@ export const update = mutation({
 		objetosIds: v.array(v.id('objetos'))
 	},
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'editar'
+		});
+
 		const user = await getCurrentUserFunction(ctx);
 		if (!user) throw new Error('Unauthorized');
 
@@ -139,6 +166,11 @@ export const update = mutation({
 export const remove = mutation({
 	args: { id: v.id('atas') },
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'excluir'
+		});
+
 		const user = await getCurrentUserFunction(ctx);
 		if (!user) throw new Error('Unauthorized');
 
@@ -170,6 +202,10 @@ export const remove = mutation({
 export const generateUploadUrl = mutation({
 	args: {},
 	handler: async (ctx) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'editar'
+		});
 		return await ctx.storage.generateUploadUrl();
 	}
 });
@@ -183,6 +219,11 @@ export const saveDocumento = mutation({
 		tamanho: v.number()
 	},
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'editar'
+		});
+
 		const user = await getCurrentUserFunction(ctx);
 		if (!user) throw new Error('Unauthorized');
 
@@ -201,6 +242,11 @@ export const saveDocumento = mutation({
 export const removeDocumento = mutation({
 	args: { id: v.id('atasDocumentos') },
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'editar'
+		});
+
 		const user = await getCurrentUserFunction(ctx);
 		if (!user) throw new Error('Unauthorized');
 
@@ -215,6 +261,11 @@ export const removeDocumento = mutation({
 export const getDocumentos = query({
 	args: { ataId: v.id('atas') },
 	handler: async (ctx, args) => {
+		await ctx.runQuery(internal.permissoesAcoes.assertPermissaoAcaoAtual, {
+			recurso: 'atas',
+			acao: 'ver'
+		});
+
 		const docs = await ctx.db
 			.query('atasDocumentos')
 			.withIndex('by_ataId', (q) => q.eq('ataId', args.ataId))