From b44b2eb03040bd2402290baa63497c72c8c44406 Mon Sep 17 00:00:00 2001
From: Albert Yosef <albert.yosef.dev@gmail.com>
Date: Wed, 17 Dec 2025 11:43:02 +0000
Subject: [PATCH] =?UTF-8?q?chore:=20applied=20change=20=E2=80=94=20Update?=
 =?UTF-8?q?=20`src/lib/permissions.ts`=20to=20return=20a=20clear=20`Permis?=
 =?UTF-8?q?sionDenied`=20result=20object=20(instead=20of=20throwing)=20for?=
 =?UTF-8?q?=20denied=20chec?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/lib/action.ts      |  4 ++--
 src/lib/permissions.ts | 22 ++++++++++++++++------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/src/lib/action.ts b/src/lib/action.ts
index 18ed681..92ec121 100644
--- a/src/lib/action.ts
+++ b/src/lib/action.ts
@@ -89,8 +89,8 @@ export const protectedAction = authActionClient.use(async ({ next, ctx, parsedIn
     }
   });
 
-  if (!projectMember || !hasProjectPermission(projectMember.role, requiredRoles)) {
-    throw new Error('Not authorized to perform this action on this project.');
+  if (!projectMember || hasProjectPermission(projectMember.role, requiredRoles).success === false) {
+    throw new Error('Permission denied: Not authorized to perform this action on this project.');
   }
 
   return next({
diff --git a/src/lib/permissions.ts b/src/lib/permissions.ts
index cd2b58f..c58f307 100644
--- a/src/lib/permissions.ts
+++ b/src/lib/permissions.ts
@@ -1,13 +1,23 @@
 import { Role } from '@/generated/prisma/client';
+import { Result, success, error, ErrorCodes } from '@/lib/result';
 
-export function hasProjectPermission(userRole: Role, requiredRoles: Role[]): boolean {
-  return requiredRoles.includes(userRole);
+export function hasProjectPermission(userRole: Role, requiredRoles: Role[]): Result<boolean> {
+  if (requiredRoles.includes(userRole)) {
+    return success(true);
+  }
+  return error<boolean>("Permission denied", ErrorCodes.FORBIDDEN);
 }
 
-export function isProjectAdmin(userRole: Role): boolean {
-  return userRole === Role.ADMIN;
+export function isProjectAdmin(userRole: Role): Result<boolean> {
+  if (userRole === Role.ADMIN) {
+    return success(true);
+  }
+  return error<boolean>("Permission denied", ErrorCodes.FORBIDDEN);
 }
 
-export function isProjectMember(userRole: Role): boolean {
-  return userRole === Role.USER || userRole === Role.ADMIN;
+export function isProjectMember(userRole: Role): Result<boolean> {
+  if (userRole === Role.USER || userRole === Role.ADMIN) {
+    return success(true);
+  }
+  return error<boolean>("Permission denied", ErrorCodes.FORBIDDEN);
 }