From 3addd38bba46d661b01f205554e746a51663918a Mon Sep 17 00:00:00 2001
From: Vitor Hideyoshi <vitor.h.n.batista@gmail.com>
Date: Sat, 11 Apr 2026 02:01:36 -0300
Subject: [PATCH] feat: add admin role check for article deletion in
 storage.external.ts

---
 src/lib/storage/storage.external.ts | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/lib/storage/storage.external.ts b/src/lib/storage/storage.external.ts
index 908c2b2..a97ebeb 100644
--- a/src/lib/storage/storage.external.ts
+++ b/src/lib/storage/storage.external.ts
@@ -1,5 +1,6 @@
 'use server';
 
+import { getSessionData } from '@/lib/session/session-storage';
 import { createStorageProvider } from '@/lib/storage/storage.factory';
 import { StorageProvider } from '@/lib/storage/storage.interface';
 import { TypedResult } from '@/utils/types/results';
@@ -13,6 +14,10 @@ export const getSignedUrl = async (
     if (!storageProvider) {
         storageProvider = storage;
     }
+    const session = await getSessionData();
+    if (!session || !session?.user || session?.user.role !== 'admin') {
+        throw new Error('Unauthorized: Only admin users can delete articles.');
+    }
     return await storageProvider.get(key);
 };
 
@@ -23,6 +28,10 @@ export const checkExists = async (
     if (!storageProvider) {
         storageProvider = storage;
     }
+    const session = await getSessionData();
+    if (!session || !session?.user || session?.user.role !== 'admin') {
+        throw new Error('Unauthorized: Only admin users can delete articles.');
+    }
     return await storageProvider.exists(key);
 };
 
@@ -34,6 +43,10 @@ export const getPutUrl = async (
     if (!storageProvider) {
         storageProvider = storage;
     }
+    const session = await getSessionData();
+    if (!session || !session?.user || session?.user.role !== 'admin') {
+        throw new Error('Unauthorized: Only admin users can delete articles.');
+    }
     return await storageProvider.put(key, contentType);
 };
 
@@ -44,5 +57,9 @@ export const deleteByKey = async (
     if (!storageProvider) {
         storageProvider = storage;
     }
+    const session = await getSessionData();
+    if (!session || !session?.user || session?.user.role !== 'admin') {
+        throw new Error('Unauthorized: Only admin users can delete articles.');
+    }
     return await storageProvider.delete(key);
 };