Removed grant checks.

src/lib/auth.ts

@@ -21,7 +21,7 @@ export async function checkAuth(request: Request) {
   const shareToken = await parseShareToken(request);
 
   let user = null;
-  const { userId, authKey, grant } = payload || {};
+  const { userId, authKey } = payload || {};
 
   if (userId) {
     user = await getUser(userId);
@@ -33,7 +33,7 @@ export async function checkAuth(request: Request) {
     }
   }
 
-  log({ token, shareToken, payload, user, grant });
+  log({ token, payload, authKey, shareToken, user });
 
   if (!user?.id && !shareToken) {
     log('User not authorized');
@@ -45,11 +45,10 @@ export async function checkAuth(request: Request) {
   }
 
   return {
-    user,
-    grant,
     token,
-    shareToken,
     authKey,
+    shareToken,
+    user,
   };
 }
 

src/lib/types.ts

@@ -1,5 +1,5 @@
 import { UseQueryOptions } from '@tanstack/react-query';
-import { DATA_TYPE, PERMISSIONS, ROLES, OPERATORS } from './constants';
+import { DATA_TYPE, ROLES, OPERATORS } from './constants';
 import { TIME_UNIT } from './date';
 
 export type ObjectValues<T> = T[keyof T];
@@ -7,7 +7,6 @@ export type ObjectValues<T> = T[keyof T];
 export type ReactQueryOptions<T = any> = Omit<UseQueryOptions<T, Error, T>, 'queryKey' | 'queryFn'>;
 
 export type TimeUnit = ObjectValues<typeof TIME_UNIT>;
-export type Permission = ObjectValues<typeof PERMISSIONS>;
 export type Role = ObjectValues<typeof ROLES>;
 export type DynamicDataType = ObjectValues<typeof DATA_TYPE>;
 export type Operator = (typeof OPERATORS)[keyof typeof OPERATORS];
@@ -19,7 +18,6 @@ export interface Auth {
     role: string;
     isAdmin: boolean;
   };
-  grant?: Permission[];
   shareToken?: {
     websiteId: string;
   };

src/permissions/team.ts

@@ -3,8 +3,6 @@ import { PERMISSIONS } from '@/lib/constants';
 import { getTeamUser } from '@/queries';
 import { hasPermission } from '@/lib/auth';
 
-const cloudMode = !!process.env.CLOUD_URL;
-
 export async function canViewTeam({ user }: Auth, teamId: string) {
   if (user.isAdmin) {
     return true;
@@ -13,11 +11,7 @@ export async function canViewTeam({ user }: Auth, teamId: string) {
   return getTeamUser(teamId, user.id);
 }
 
-export async function canCreateTeam({ user, grant }: Auth) {
-  if (cloudMode) {
-    return !!grant?.find(a => a === PERMISSIONS.teamCreate);
-  }
-
+export async function canCreateTeam({ user }: Auth) {
   if (user.isAdmin) {
     return true;
   }
@@ -25,15 +19,11 @@ export async function canCreateTeam({ user, grant }: Auth) {
   return !!user;
 }
 
-export async function canUpdateTeam({ user, grant }: Auth, teamId: string) {
+export async function canUpdateTeam({ user }: Auth, teamId: string) {
   if (user.isAdmin) {
     return true;
   }
 
-  if (cloudMode) {
-    return !!grant?.find(a => a === PERMISSIONS.teamUpdate);
-  }
-
   const teamUser = await getTeamUser(teamId, user.id);
 
   return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
@@ -49,11 +39,7 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) {
   return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamDelete);
 }
 
-export async function canAddUserToTeam({ user, grant }: Auth) {
-  if (cloudMode) {
-    return !!grant?.find(a => a === PERMISSIONS.teamUpdate);
-  }
-
+export async function canAddUserToTeam({ user }: Auth) {
   return user.isAdmin;
 }
 

src/permissions/website.ts

@@ -3,8 +3,6 @@ import { PERMISSIONS } from '@/lib/constants';
 import { hasPermission } from '@/lib/auth';
 import { getTeamUser, getWebsite } from '@/queries';
 
-const cloudMode = !!process.env.CLOUD_URL;
-
 export async function canViewWebsite({ user, shareToken }: Auth, websiteId: string) {
   if (user?.isAdmin) {
     return true;
@@ -33,11 +31,7 @@ export async function canViewAllWebsites({ user }: Auth) {
   return user.isAdmin;
 }
 
-export async function canCreateWebsite({ user, grant }: Auth) {
-  if (cloudMode) {
-    return !!grant?.find(a => a === PERMISSIONS.websiteCreate);
-  }
-
+export async function canCreateWebsite({ user }: Auth) {
   if (user.isAdmin) {
     return true;
   }