Start the work of clearly distingushing client side types, server side types and types shared over the API by renaming "AccountSession" and "Session" names used on the server to "ServerSession".
22 lines
617 B
TypeScript
22 lines
617 B
TypeScript
import { readAccounts } from "~/server/database"
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const session = await requireServerSession(event);
|
|
const accounts = await readAccounts();
|
|
const account = accounts.find(a => a.id === session.accountId);
|
|
if (!account) {
|
|
throw new Error("Account does not exist");
|
|
}
|
|
|
|
if (account.type === "admin") {
|
|
return accounts;
|
|
}
|
|
if (account.type === "crew") {
|
|
return accounts.filter(a => a.type === "crew" || a.type === "admin");
|
|
}
|
|
throw createError({
|
|
status: 403,
|
|
statusText: "Forbidden",
|
|
message: "You do not have permission to list accounts",
|
|
});
|
|
})
|