NORY-46: refactor permission checks after rebase

dashboard/src/lib/action/client.ts

@@ -2,24 +2,18 @@
 
 import { clientFormSchema } from '@/lib/forms/client-form';
 import { z } from 'zod';
-import { getFrontendApi, getOAuth2Api } from '@/ory/sdk/server';
-import { cookies } from 'next/headers';
+import { getOAuth2Api } from '@/ory/sdk/server';
+import { checkPermission, requireSession } from '@/lib/action/authentication';
+import { permission, relation } from '@/lib/permission';
 
 export async function createClient(
     formData: z.infer<typeof clientFormSchema>,
 ) {
 
-    const cookie = await cookies();
-    const frontendApi = await getFrontendApi();
-
-    const session = await frontendApi
-        .toSession({ cookie: 'ory_kratos_session=' + cookie.get('ory_kratos_session')?.value })
-        .then((response) => response.data)
-        .catch(() => null);
-
-    if (!session) {
-        console.log('Unauthorised action call');
-        throw 'Unauthorised';
+    const session = await requireSession();
+    const allowed = await checkPermission(permission.client.it, relation.create, session.identity!.id);
+    if (!allowed) {
+        throw Error('Unauthorised');
     }
 
     console.log(session.identity?.traits.email, 'posted form', formData);

dashboard/src/lib/permission.ts

@@ -13,6 +13,9 @@ export const permission = {
         state: 'admin.user.state',
         trait: 'admin.user.trait',
     },
+    client: {
+        it: 'admin.client',
+    },
 };
 
 export const relation = {