refactor: allow only one required permission in require-permission decorator

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>

backend/src/permissions/permissions.guard.ts

@@ -32,12 +32,12 @@ export class PermissionsGuard implements CanActivate {
   }
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
-    const permissions = this.reflector.get<RequiredPermission[]>(
+    const permission = this.reflector.get<RequiredPermission>(
       PERMISSION_METADATA_KEY,
       context.getHandler(),
     );
     // If no permissions are set this is probably an error and this guard should not let the request pass
-    if (!permissions) {
+    if (!permission) {
       this.logger.error(
         'Could not find permission metadata. This should never happen. If you see this, please open an issue at https://github.com/hedgedoc/hedgedoc/issues',
       );
@@ -46,7 +46,7 @@ export class PermissionsGuard implements CanActivate {
     const request: CompleteRequest = context.switchToHttp().getRequest();
     const user = request.user ?? null;
     // handle CREATE permissions, as this does not need any note
-    if (permissions[0] === RequiredPermission.CREATE) {
+    if (permission === RequiredPermission.CREATE) {
       return this.permissionsService.mayCreate(user);
     }
     // Attention: This gets the note an additional time if used in conjunction with GetNoteInterceptor or NoteHeaderInterceptor
@@ -58,7 +58,7 @@ export class PermissionsGuard implements CanActivate {
       return false;
     }
     return await this.permissionsService.checkPermissionOnNote(
-      permissions[0],
+      permission,
       user,
       note,
     );

backend/src/permissions/require-permission.decorator.ts

@@ -11,9 +11,9 @@ export const PERMISSION_METADATA_KEY = 'requiredPermission';
 
 /**
  * This decorator gathers the {@link RequiredPermission Permission} a user must hold for the {@link PermissionsGuard}
- * @param permissions - an array of permissions. In practice this should always contain exactly one {@link RequiredPermission}
+ * @param {RequiredPermission} permission the required permission for the decorated action.
  */
 // eslint-disable-next-line func-style,@typescript-eslint/naming-convention
 export const RequirePermission = (
-  ...permissions: RequiredPermission[]
+  permission: RequiredPermission,
-): CustomDecorator => SetMetadata(PERMISSION_METADATA_KEY, permissions);
+): CustomDecorator => SetMetadata(PERMISSION_METADATA_KEY, permission);