added perm checks to season pages

internal/rbac/cache_middleware.go

@@ -20,9 +20,17 @@ func (c *Checker) LoadPermissionsMiddleware() hws.Middleware {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			user := db.CurrentUser(r.Context())
 
+			// Build permission cache
+			cache := &contexts.PermissionCache{
+				Permissions: make(map[permissions.Permission]bool),
+				Roles:       make(map[roles.Role]bool),
+			}
+			defer func() {
+				ctx := context.WithValue(r.Context(), contexts.PermissionCacheKey, cache)
+				next.ServeHTTP(w, r.WithContext(ctx))
+			}()
+
 			if user == nil {
-				// No authenticated user - continue without permissions
-				next.ServeHTTP(w, r)
 				return
 			}
 
@@ -45,16 +53,9 @@ func (c *Checker) LoadPermissionsMiddleware() hws.Middleware {
 					Error:   err,
 					Level:   hws.ErrorERROR,
 				})
-				next.ServeHTTP(w, r)
 				return
 			}
 
-			// Build permission cache
-			cache := &contexts.PermissionCache{
-				Permissions: make(map[permissions.Permission]bool),
-				Roles:       make(map[roles.Role]bool),
-			}
-
 			// Check for wildcard permission
 			hasWildcard := false
 			for _, perm := range perms {
@@ -68,10 +69,6 @@ func (c *Checker) LoadPermissionsMiddleware() hws.Middleware {
 			for _, role := range roles_ {
 				cache.Roles[role.Name] = true
 			}
-
-			// Add cache to context (type-safe)
-			ctx := context.WithValue(r.Context(), contexts.PermissionCacheKey, cache)
-			next.ServeHTTP(w, r.WithContext(ctx))
 		})
 	}
 }