fix: allow users with create permissions to scan for devices (#1611)

* fix: allow users with create permissions to scan for devices

* fix: show scan tab in frontend

backend/pb/middlewares.go

@@ -7,6 +7,32 @@ import (
 	"github.com/pocketbase/pocketbase/tools/hook"
 )
 
+func RequireScanDevicesPermission() *hook.Handler[*core.RequestEvent] {
+	return &hook.Handler[*core.RequestEvent]{
+		Func: func(e *core.RequestEvent) error {
+			if e.HasSuperuserAuth() {
+				return e.Next()
+			}
+
+			user := e.Auth
+			if user == nil {
+				return apis.NewUnauthorizedError("The request requires superuser or record authorization token to be set.", nil)
+			}
+
+			res, err := e.App.FindFirstRecordByFilter(
+				"permissions",
+				"user.id = {:userId} && create = true",
+				dbx.Params{"userId": user.Id},
+			)
+			if res == nil || err != nil {
+				return apis.NewForbiddenError("You are not allowed to perform this request.", nil)
+			}
+
+			return e.Next()
+		},
+	}
+}
+
 func RequireUpSnapPermission() *hook.Handler[*core.RequestEvent] {
 	return &hook.Handler[*core.RequestEvent]{
 		Func: func(e *core.RequestEvent) error {

backend/pb/pb.go

@@ -75,7 +75,7 @@ func StartPocketBase(distDirFS fs.FS) {
 		se.Router.GET("/api/upsnap/sleep/{id}", HandlerSleep).Bind(RequireUpSnapPermission())
 		se.Router.GET("/api/upsnap/reboot/{id}", HandlerReboot).Bind(RequireUpSnapPermission())
 		se.Router.GET("/api/upsnap/shutdown/{id}", HandlerShutdown).Bind(RequireUpSnapPermission())
-		se.Router.GET("/api/upsnap/scan", HandlerScan).Bind(apis.RequireSuperuserAuth())
+		se.Router.GET("/api/upsnap/scan", HandlerScan).Bind(RequireScanDevicesPermission())
 		se.Router.POST("/api/upsnap/init-superuser", HandlerInitSuperuser) // https://github.com/pocketbase/pocketbase/discussions/6198
 		se.Router.POST("/api/upsnap/validate-cron", HandlerValidateCron)
 		se.Router.GET("/api/upsnap/manifest.webmanifest", HandlerWebsiteManifest)