hide "add channel" button if the user cant create channels + public user object now shows permissions

frontend/src/components/Sidebar.svelte

@@ -49,12 +49,14 @@
                 {/if}
             </button>
         {/each}
+        {#if $userInfoStore && $userInfoStore.permissions.create_channel}
             <button on:click="{ () => overlayStore.open('createChannel') }" class="sidebar-button">
                 <div>
                     <PlusIcon />
                 </div>
                 <span>Create Channel</span>
             </button>
+        {/if}
         <button on:click="{ () => overlayStore.open('settings') }" class="sidebar-button">
             <div>
                 <SettingsIcon />

src/auth.ts

@@ -2,6 +2,7 @@ import { NextFunction, Request, Response } from "express";
 import { JwtPayload, sign, verify } from "jsonwebtoken";
 import { query } from "./database";
 import { errors } from "./errors";
+import serverConfig from "./serverconfig";
 
 const jwtSecret = process.env.JWT_SECRET || "[generic token]";
 
@@ -15,8 +16,14 @@ if (jwtSecret === "[generic token]") {
     process.exit(1);
 }
 
+export function getUserPermissions(user: User) {
+    return {
+        create_channel: serverConfig.superuserRequirement.createChannel ? user.is_superuser : true
+    };
+}
+
 export function getPublicUserObject(user: User) {
-    const newUser = { ...user };
+    const newUser = { ...user, permissions: getUserPermissions(user) };
     newUser.password = undefined;
     delete newUser.password;