Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(auth): classify planning and resource read audiences

Browse Source
This commit is contained in:
Hartmut Nörenberg
2026-03-30 08:51:07 +02:00
parent f6daf21983
commit db45829eca
7 changed files with 154 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/api/src/router/resource.ts
+6 -14
View File
@@ -51,7 +51,7 @@ Write a 23 sentence professional bio. Be specific, use skill names. No fluff.
import { TRPCError } from "@trpc/server";
import { z } from "zod";
import { findUniqueOrThrow } from "../db/helpers.js";
import { adminProcedure, controllerProcedure, createTRPCRouter, managerProcedure, protectedProcedure, requirePermission } from "../trpc.js";
import { adminProcedure, controllerProcedure, createTRPCRouter, managerProcedure, protectedProcedure, requirePermission, resourceOverviewProcedure } from "../trpc.js";
import { ROLE_BRIEF_SELECT } from "../db/selects.js";
import type { TRPCContext } from "../trpc.js";
@@ -831,7 +831,7 @@ export const resourceRouter = createTRPCRouter({
return resource;
}),
resolveResponsiblePersonName: protectedProcedure
resolveResponsiblePersonName: resourceOverviewProcedure
.input(z.object({ name: z.string() }))
.query(async ({ ctx, input }) => {
const exact = await ctx.db.resource.findFirst({
@@ -1176,7 +1176,7 @@ export const resourceRouter = createTRPCRouter({
};
}),
listSummaries: protectedProcedure
listSummaries: resourceOverviewProcedure
.input(z.object({
search: z.string().optional(),
country: z.string().optional(),
@@ -1199,7 +1199,7 @@ export const resourceRouter = createTRPCRouter({
return resources.map(mapResourceSummary);
}),
listSummariesDetail: protectedProcedure
listSummariesDetail: resourceOverviewProcedure
.input(z.object({
search: z.string().optional(),
country: z.string().optional(),
@@ -1433,17 +1433,9 @@ export const resourceRouter = createTRPCRouter({
return { resources, total, page, limit, nextCursor };
}),
listStaff: protectedProcedure
listStaff: resourceOverviewProcedure
.input(ResourceListQuerySchema)
.query(async ({ ctx, input }) => {
if (!canReadAllResources(ctx)) {
throw new TRPCError({
code: "FORBIDDEN",
message: "You need resource overview access to list staff resource data",
});
}
return listStaffResources(ctx, input);
}),
.query(async ({ ctx, input }) => listStaffResources(ctx, input)),
/** Lightweight resource card for hover tooltips on the timeline. */
getHoverCard: protectedProcedure