big ole refactor

2026-02-14 19:48:59 +11:00
parent 0fc3bb0c94
commit 4a2396bca8
66 changed files with 989 additions and 1114 deletions
--- a/internal/rbac/preview_middleware.go
+++ b/internal/rbac/preview_middleware.go
@@ -15,7 +15,7 @@ import (
 // LoadPreviewRoleMiddleware loads the preview role from the session cookie if present
 // and adds it to the request context. This must run after authentication but before
 // the RBAC cache middleware.
-func LoadPreviewRoleMiddleware(s *hws.Server, conn *bun.DB) func(http.Handler) http.Handler {
+func LoadPreviewRoleMiddleware(s *hws.Server, conn *db.DB) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			// Check if there's a preview role in the cookie
@@ -26,10 +26,25 @@ func LoadPreviewRoleMiddleware(s *hws.Server, conn *bun.DB) func(http.Handler) h
 				return
 			}

+			user := db.CurrentUser(r.Context())
+			if user == nil {
+				// User not logged in,
+				ClearPreviewRoleCookie(w)
+				next.ServeHTTP(w, r)
+				return
+			}
+
 			// Load the preview role from the database
 			var previewRole *db.Role
-			if ok := db.WithReadTx(s, w, r, conn, func(ctx context.Context, tx bun.Tx) (bool, error) {
-				var err error
+			if ok := conn.WithReadTx(s, w, r, func(ctx context.Context, tx bun.Tx) (bool, error) {
+				isAdmin, err := user.IsAdmin(ctx, tx)
+				if err != nil {
+					return false, errors.Wrap(err, "user.IsAdmin")
+				}
+				if !isAdmin {
+					ClearPreviewRoleCookie(w)
+					return true, nil
+				}
 				previewRole, err = db.GetRoleByID(ctx, tx, roleID)
 				if err != nil {
 					return false, errors.Wrap(err, "db.GetRoleByID")