From 6e0e63688b4c39be25bc9113afff23c5e0266de2 Mon Sep 17 00:00:00 2001
From: Tilman Vatteroth <git@tilmanvatteroth.de>
Date: Fri, 19 May 2023 14:25:56 +0200
Subject: [PATCH] refactor: allow only one required permission in
 require-permission decorator

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
---
 backend/src/permissions/permissions.guard.ts            | 8 ++++----
 backend/src/permissions/require-permission.decorator.ts | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/backend/src/permissions/permissions.guard.ts b/backend/src/permissions/permissions.guard.ts
index ddc969f53..6bb858593 100644
--- a/backend/src/permissions/permissions.guard.ts
+++ b/backend/src/permissions/permissions.guard.ts
@@ -32,12 +32,12 @@ export class PermissionsGuard implements CanActivate {
   }
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
-    const permissions = this.reflector.get<RequiredPermission[]>(
+    const permission = this.reflector.get<RequiredPermission>(
       PERMISSION_METADATA_KEY,
       context.getHandler(),
     );
     // If no permissions are set this is probably an error and this guard should not let the request pass
-    if (!permissions) {
+    if (!permission) {
       this.logger.error(
         'Could not find permission metadata. This should never happen. If you see this, please open an issue at https://github.com/hedgedoc/hedgedoc/issues',
       );
@@ -46,7 +46,7 @@ export class PermissionsGuard implements CanActivate {
     const request: CompleteRequest = context.switchToHttp().getRequest();
     const user = request.user ?? null;
     // handle CREATE permissions, as this does not need any note
-    if (permissions[0] === RequiredPermission.CREATE) {
+    if (permission === RequiredPermission.CREATE) {
       return this.permissionsService.mayCreate(user);
     }
     // Attention: This gets the note an additional time if used in conjunction with GetNoteInterceptor or NoteHeaderInterceptor
@@ -58,7 +58,7 @@ export class PermissionsGuard implements CanActivate {
       return false;
     }
     return await this.permissionsService.checkPermissionOnNote(
-      permissions[0],
+      permission,
       user,
       note,
     );
diff --git a/backend/src/permissions/require-permission.decorator.ts b/backend/src/permissions/require-permission.decorator.ts
index 3971b92ce..02a39894e 100644
--- a/backend/src/permissions/require-permission.decorator.ts
+++ b/backend/src/permissions/require-permission.decorator.ts
@@ -11,9 +11,9 @@ export const PERMISSION_METADATA_KEY = 'requiredPermission';
 
 /**
  * This decorator gathers the {@link RequiredPermission Permission} a user must hold for the {@link PermissionsGuard}
- * @param permissions - an array of permissions. In practice this should always contain exactly one {@link RequiredPermission}
+ * @param {RequiredPermission} permission the required permission for the decorated action.
  */
 // eslint-disable-next-line func-style,@typescript-eslint/naming-convention
 export const RequirePermission = (
-  ...permissions: RequiredPermission[]
-): CustomDecorator => SetMetadata(PERMISSION_METADATA_KEY, permissions);
+  permission: RequiredPermission,
+): CustomDecorator => SetMetadata(PERMISSION_METADATA_KEY, permission);