Feat/um 114 roles and permissions (#1683)

* Auth checkpoint.

* Merge branch 'dev' into feat/um-114-roles-and-permissions

pages/api/websites/[id]/pageviews.ts

@@ -1,7 +1,6 @@
 import { WebsitePageviews } from 'interface/api/models';
 import { NextApiRequestQueryBody } from 'interface/api/nextApi';
-import { allowQuery } from 'lib/auth';
-import { UmamiApi } from 'lib/constants';
+import { canViewWebsite } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
 import moment from 'moment-timezone';
 import { NextApiResponse } from 'next';
@@ -32,25 +31,28 @@ export default async (
   await useCors(req, res);
   await useAuth(req, res);
 
+  const {
+    user: { id: userId },
+  } = req.auth;
+  const {
+    id: websiteId,
+    start_at,
+    end_at,
+    unit,
+    tz,
+    url,
+    referrer,
+    os,
+    browser,
+    device,
+    country,
+  } = req.query;
+
   if (req.method === 'GET') {
-    if (!(await allowQuery(req, UmamiApi.AuthType.Website))) {
+    if (!(await canViewWebsite(userId, websiteId))) {
       return unauthorized(res);
     }
 
-    const {
-      id: websiteId,
-      start_at,
-      end_at,
-      unit,
-      tz,
-      url,
-      referrer,
-      os,
-      browser,
-      device,
-      country,
-    } = req.query;
-
     const startDate = new Date(+start_at);
     const endDate = new Date(+end_at);