Skip to content

Refactor: Maybe remove function `hasPermission`

src/permission.js has a function

function hasPermission(roles, permissionRoles) {
  if (roles.indexOf('admin') >= 0) return true // admin permission passed directly
  if (!permissionRoles) return true
  return roles.some(role => permissionRoles.indexOf(role) >= 0)
}

In practice this seems to always return true because the only place I see the function being called has to.meta.roles for permissionRoles. And none of the routes have meta.roles.

AFAICT this is used to return 401 for calls to the BE that a user shouldn't be able to do. But imo it should be up to the BE to determine what is allowed or not, not the FE.

So basically, I believe this function and everything that uses it and the 401 routes can/should all be removed.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information