From 7963e072161907e81544dcdc2ff04a49c9359096 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 23 Jul 2025 15:33:14 -0600
Subject: refactor: remove create permission check

---
 app/controllers/sparkles/controller.go      | 2 +-
 app/controllers/sparkles/controller_test.go | 1 +
 app/middleware/require_permission.go        | 5 ++++-
 3 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/controllers/sparkles/controller.go b/app/controllers/sparkles/controller.go
index ef2ecd5..90767b2 100644
--- a/app/controllers/sparkles/controller.go
+++ b/app/controllers/sparkles/controller.go
@@ -30,7 +30,7 @@ func (c *Controller) MountTo(mux *http.ServeMux) {
 	mux.Handle("POST /sparkles", x.Middleware[http.Handler](
 		http.HandlerFunc(c.Create),
 		middleware.RequireUser(),
-		middleware.RequirePermission("create", c.check),
+		// middleware.RequirePermission("create", c.check),
 	))
 
 	// This is a temporary endpoint to restore a backup
diff --git a/app/controllers/sparkles/controller_test.go b/app/controllers/sparkles/controller_test.go
index 64b4dc5..d2469a7 100644
--- a/app/controllers/sparkles/controller_test.go
+++ b/app/controllers/sparkles/controller_test.go
@@ -121,6 +121,7 @@ func TestSparkles(t *testing.T) {
 			})
 
 			t.Run("when the user is not authorized", func(t *testing.T) {
+				t.Skip()
 				mux := http.NewServeMux()
 				controller := New(repository, stub.Deny())
 				controller.MountTo(mux)
diff --git a/app/middleware/require_permission.go b/app/middleware/require_permission.go
index 441b334..399602f 100644
--- a/app/middleware/require_permission.go
+++ b/app/middleware/require_permission.go
@@ -15,7 +15,10 @@ func RequirePermission(permission domain.Permission, client authz.CheckPermissio
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			user := cfg.CurrentUser.From(r.Context())
 
-			reply, err := client.CheckPermission(r.Context(), permission.RequestFor(user, &domain.Sparkle{ID: "*"}))
+			reply, err := client.CheckPermission(r.Context(), permission.RequestFor(
+				user,
+				&domain.Sparkle{ID: "*"},
+			))
 			if err != nil {
 				pls.LogError(r.Context(), err)
 				w.WriteHeader(http.StatusForbidden)
-- 
cgit v1.2.3