diff --git a/routes/api/eh/image_limit.ts b/routes/api/eh/image_limit.ts index c06b66c..f469ee1 100644 --- a/routes/api/eh/image_limit.ts +++ b/routes/api/eh/image_limit.ts @@ -9,7 +9,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ManageTasks) + !(Number(user.permissions) & UserPermission.ManageTasks) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/eh/metadata.ts b/routes/api/eh/metadata.ts index 86b8e4a..feca578 100644 --- a/routes/api/eh/metadata.ts +++ b/routes/api/eh/metadata.ts @@ -16,7 +16,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ManageTasks) + !(Number(user.permissions) & UserPermission.ManageTasks) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/export/gallery/zip/[gid].ts b/routes/api/export/gallery/zip/[gid].ts index 8ebde5b..07ca0ff 100644 --- a/routes/api/export/gallery/zip/[gid].ts +++ b/routes/api/export/gallery/zip/[gid].ts @@ -9,7 +9,10 @@ import { isNumNaN, parseBigInt } from "../../../../../utils.ts"; export const handler: Handlers = { async GET(req, ctx) { const u = ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.ReadGallery)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.ReadGallery) + ) { return new Response("Permission denied", { status: 403 }); } const gid = parseBigInt(ctx.params.gid); diff --git a/routes/api/file/[id].ts b/routes/api/file/[id].ts index 279f2ef..27883d8 100644 --- a/routes/api/file/[id].ts +++ b/routes/api/file/[id].ts @@ -24,7 +24,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ReadGallery) + !(Number(user.permissions) & UserPermission.ReadGallery) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/file/random.ts b/routes/api/file/random.ts index 454a5ee..c8a6f6e 100644 --- a/routes/api/file/random.ts +++ b/routes/api/file/random.ts @@ -14,7 +14,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ReadGallery) + !(Number(user.permissions) & UserPermission.ReadGallery) ) { return new Response("Permission denied", { status: 403 }); } diff --git a/routes/api/file/upload.ts b/routes/api/file/upload.ts index b0ef866..1065a4b 100644 --- a/routes/api/file/upload.ts +++ b/routes/api/file/upload.ts @@ -14,7 +14,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.EditGallery) + !(Number(user.permissions) & UserPermission.EditGallery) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/filemeta.ts b/routes/api/filemeta.ts index cf984da..135ae52 100644 --- a/routes/api/filemeta.ts +++ b/routes/api/filemeta.ts @@ -54,7 +54,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ReadGallery) + !(Number(user.permissions) & UserPermission.ReadGallery) ) { return return_error(403, "Permission denied."); } @@ -65,7 +65,10 @@ export const handler: Handlers = { }, async POST(req, ctx) { const u = ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.EditGallery)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.EditGallery) + ) { return return_error(403, "Permission denied."); } const ct = req.headers.get("Content-Type")?.split(";")[0].trim() || ""; @@ -223,7 +226,10 @@ export const handler: Handlers = { }, async PUT(req, ctx) { const u = ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.EditGallery)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.EditGallery) + ) { return return_error(403, "Permission denied."); } const ct = req.headers.get("Content-Type")?.split(";")[0].trim() || ""; diff --git a/routes/api/filemeta/[token].ts b/routes/api/filemeta/[token].ts index 97fdd5f..45097c0 100644 --- a/routes/api/filemeta/[token].ts +++ b/routes/api/filemeta/[token].ts @@ -6,7 +6,10 @@ import { User, UserPermission } from "../../../db.ts"; export const handler: Handlers = { GET(_req, ctx) { const u = ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.ReadGallery)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.ReadGallery) + ) { return return_error(403, "Permission denied."); } const token = ctx.params.token; diff --git a/routes/api/files/[token].ts b/routes/api/files/[token].ts index a874b9b..83b0159 100644 --- a/routes/api/files/[token].ts +++ b/routes/api/files/[token].ts @@ -13,7 +13,10 @@ import { compareNum } from "../../../utils.ts"; export const handler: Handlers = { GET(_req, ctx) { const u = ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.ReadGallery)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.ReadGallery) + ) { return return_error(403, "Permission denied."); } const st = ctx.state.shared_token; diff --git a/routes/api/fs/list.ts b/routes/api/fs/list.ts index 21167d3..56436f1 100644 --- a/routes/api/fs/list.ts +++ b/routes/api/fs/list.ts @@ -21,7 +21,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ManageTasks) + !(Number(user.permissions) & UserPermission.ManageTasks) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/gallery/[gid].ts b/routes/api/gallery/[gid].ts index f0f2d95..19edd3a 100644 --- a/routes/api/gallery/[gid].ts +++ b/routes/api/gallery/[gid].ts @@ -8,7 +8,10 @@ import { compareNum, isNumNaN, parseBigInt } from "../../../utils.ts"; export const handler: Handlers = { GET(_req, ctx) { const u = ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.ReadGallery)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.ReadGallery) + ) { return return_error(403, "Permission denied."); } const gid = parseBigInt(ctx.params.gid); diff --git a/routes/api/gallery/list.ts b/routes/api/gallery/list.ts index 8567b8a..8c77050 100644 --- a/routes/api/gallery/list.ts +++ b/routes/api/gallery/list.ts @@ -27,7 +27,7 @@ export const handler: Handlers = { const user = _ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ReadGallery) + !(Number(user.permissions) & UserPermission.ReadGallery) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/gallery/meta/[gids].ts b/routes/api/gallery/meta/[gids].ts index 53d2257..f713bae 100644 --- a/routes/api/gallery/meta/[gids].ts +++ b/routes/api/gallery/meta/[gids].ts @@ -15,8 +15,8 @@ export const handler: Handlers = { const u = ctx.state.user; if ( u && !u.is_admin && - !(u.permissions & UserPermission.ReadGallery || - u.permissions & UserPermission.ManageTasks) + !(Number(u.permissions) & UserPermission.ReadGallery || + Number(u.permissions) & UserPermission.ManageTasks) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/shared_token.ts b/routes/api/shared_token.ts index 57d4b66..4102291 100644 --- a/routes/api/shared_token.ts +++ b/routes/api/shared_token.ts @@ -37,7 +37,7 @@ export const handler: Handlers = { if (typ == "gallery") { if ( user && !user.is_admin && - !(user.permissions & UserPermission.ShareGallery) + !(Number(user.permissions) & UserPermission.ShareGallery) ) { return return_error(403, "Permission denied."); } @@ -84,7 +84,7 @@ export const handler: Handlers = { if (typ == "gallery") { if ( user && !user.is_admin && - !(user.permissions & UserPermission.ShareGallery) + !(Number(user.permissions) & UserPermission.ShareGallery) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/shared_token/list.ts b/routes/api/shared_token/list.ts index 4f4330e..ec4b448 100644 --- a/routes/api/shared_token/list.ts +++ b/routes/api/shared_token/list.ts @@ -13,7 +13,7 @@ export const handler: Handlers = { if (typ == "gallery") { if ( user && !user.is_admin && - !(user.permissions & UserPermission.ShareGallery) + !(Number(user.permissions) & UserPermission.ShareGallery) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/tag/[id].ts b/routes/api/tag/[id].ts index c991af6..4dee659 100644 --- a/routes/api/tag/[id].ts +++ b/routes/api/tag/[id].ts @@ -13,7 +13,10 @@ import { isNumNaN, parseBigInt } from "../../../utils.ts"; export const handler: Handlers = { GET(_req, ctx) { const u = ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.ReadGallery)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.ReadGallery) + ) { return return_error(403, "Permission denied."); } const ids = decodeURIComponent(ctx.params.id).split(","); diff --git a/routes/api/tag/rows.ts b/routes/api/tag/rows.ts index ea1d2e1..d4df3ba 100644 --- a/routes/api/tag/rows.ts +++ b/routes/api/tag/rows.ts @@ -6,7 +6,10 @@ import { User, UserPermission } from "../../../db.ts"; export const handler: Handlers = { GET(_req, _ctx) { const u = _ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.ReadGallery)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.ReadGallery) + ) { return return_error(403, "Permission denied."); } const m = get_task_manager(); diff --git a/routes/api/task.ts b/routes/api/task.ts index ec9110c..f739c08 100644 --- a/routes/api/task.ts +++ b/routes/api/task.ts @@ -17,7 +17,10 @@ import { ImportConfig } from "../../tasks/import.ts"; export const handler: Handlers = { GET(req, ctx) { const u = ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.ManageTasks)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.ManageTasks) + ) { return return_error(403, "Permission denied."); } const t = get_task_manager(); @@ -97,7 +100,10 @@ export const handler: Handlers = { }, async PUT(req, ctx) { const u = ctx.state.user; - if (u && !u.is_admin && !(u.permissions & UserPermission.ManageTasks)) { + if ( + u && !u.is_admin && + !(Number(u.permissions) & UserPermission.ManageTasks) + ) { return return_error(403, "Permission denied."); } const t = get_task_manager(); diff --git a/routes/api/task/download_cfg.ts b/routes/api/task/download_cfg.ts index c960850..ab79b63 100644 --- a/routes/api/task/download_cfg.ts +++ b/routes/api/task/download_cfg.ts @@ -9,7 +9,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ManageTasks) + !(Number(user.permissions) & UserPermission.ManageTasks) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/task/export_zip_cfg.ts b/routes/api/task/export_zip_cfg.ts index e2e07f0..1f4fee3 100644 --- a/routes/api/task/export_zip_cfg.ts +++ b/routes/api/task/export_zip_cfg.ts @@ -9,7 +9,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ManageTasks) + !(Number(user.permissions) & UserPermission.ManageTasks) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/task/import_cfg.ts b/routes/api/task/import_cfg.ts index b212212..4154d06 100644 --- a/routes/api/task/import_cfg.ts +++ b/routes/api/task/import_cfg.ts @@ -16,7 +16,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ManageTasks) + !(Number(user.permissions) & UserPermission.ManageTasks) ) { return return_error(403, "Permission denied."); } diff --git a/routes/api/thumbnail/[id].ts b/routes/api/thumbnail/[id].ts index 298be7c..40021dd 100644 --- a/routes/api/thumbnail/[id].ts +++ b/routes/api/thumbnail/[id].ts @@ -36,7 +36,7 @@ export const handler: Handlers = { const user = ctx.state.user; if ( user && !user.is_admin && - !(user.permissions & UserPermission.ReadGallery) + !(Number(user.permissions) & UserPermission.ReadGallery) ) { return new Response("Permission denied", { status: 403 }); }