corrad-bp/server/api/permissions/index.get.js

export default defineEventHandler(async (event) => {
  try {
    // Define standard permission types for process management
    const permissions = [
      {
        id: 'public',
        name: 'Anyone',
        description: 'Public access for all users (including guests)',
        category: 'execution'
      },
      {
        id: 'authenticated',
        name: 'Authenticated Users',
        description: 'Only logged-in users can access',
        category: 'execution'
      },
      {
        id: 'roles',
        name: 'Specific Roles',
        description: 'Users with specific roles can access',
        category: 'execution'
      },
      {
        id: 'admin',
        name: 'Administrators Only',
        description: 'Only system administrators can access',
        category: 'execution'
      },
      {
        id: 'owner',
        name: 'Process Owner Only',
        description: 'Only the process creator can modify',
        category: 'modification'
      },
      {
        id: 'managers',
        name: 'Process Managers',
        description: 'Process managers and administrators can modify',
        category: 'modification'
      }
    ];
    
    return {
      success: true,
      data: {
        permissions: permissions
      }
    };
  } catch (error) {
    console.error('Error fetching permissions:', error);
    
    return {
      success: false,
      error: 'Failed to fetch permissions'
    };
  }
});