Hornwitser
3be7f8be05
Rename accounts to users to be consistent with the new naming scheme where account only referes to the logged in user of the session and implement live updates of users via a user store which listens for updates from the event stream.
35 lines
850 B
TypeScript
35 lines
850 B
TypeScript
import { readUsers, type ServerUser } from "~/server/database"
|
|
import type { ApiUser } from "~/shared/types/api";
|
|
|
|
function serverUserToApi(user: ServerUser): ApiUser {
|
|
if (user.deleted) {
|
|
return {
|
|
id: user.id,
|
|
updatedAt: user.updatedAt,
|
|
deleted: true,
|
|
}
|
|
}
|
|
return {
|
|
id: user.id,
|
|
updatedAt: user.updatedAt,
|
|
type: user.type,
|
|
name: user.name,
|
|
}
|
|
}
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const session = await requireServerSession(event);
|
|
const users = await readUsers();
|
|
|
|
if (session.account.type === "admin") {
|
|
return users.map(serverUserToApi);
|
|
}
|
|
if (session.account.type === "crew") {
|
|
return users.filter(u => u.type === "crew" || u.type === "admin").map(serverUserToApi);
|
|
}
|
|
throw createError({
|
|
status: 403,
|
|
statusText: "Forbidden",
|
|
message: "You do not have permission to list users",
|
|
});
|
|
})
|