NORY-59: replace 'force-admin-role' with new permission

2025-04-13 13:08:41 +00:00 · 2025-04-04 19:48:39 +02:00 · 2025-04-04 19:48:39 +02:00 · a72ca49271
commit a72ca49271
parent 86412e0133
4 changed files with 13 additions and 11 deletions
--- a/dashboard/src/app/(inside)/page.tsx
+++ b/dashboard/src/app/(inside)/page.tsx
@ -1,14 +1,15 @@
 import { StatusCard } from '@/components/status-card';
 import { hydraMetadata, ketoMetadata, kratosMetadata } from '@/lib/action/metadata';
-import { checkPermission, requireRole, requireSession } from '@/lib/action/authentication';
+import { checkPermission, requirePermission, requireSession } from '@/lib/action/authentication';
 import InsufficientPermission from '@/components/insufficient-permission';
+import { permission, relation } from '@/lib/permission';

 export default async function RootPage() {

    const session = await requireSession();
    const identityId = session.identity!.id;

-    await requireRole('admin', identityId);
+    await requirePermission(permission.stack.dashboard, relation.access, identityId);

    const pmAccessStackStatus = await checkPermission(permission.stack.status, relation.access, identityId);

--- a/dashboard/src/app/(inside)/user/page.tsx
+++ b/dashboard/src/app/(inside)/user/page.tsx
@ -3,8 +3,9 @@ import { IdentityDataTable } from '@/app/(inside)/user/data-table';
 import { SearchInput } from '@/components/search-input';
 import { queryIdentities } from '@/lib/action/identity';
 import { IdentityPagination } from '@/components/pagination';
-import { checkPermission, requireRole, requireSession } from '@/lib/action/authentication';
+import { checkPermission, requirePermission, requireSession } from '@/lib/action/authentication';
 import InsufficientPermission from '@/components/insufficient-permission';
+import { permission, relation } from '@/lib/permission';

 export default async function UserPage(
    {
@ -17,7 +18,7 @@ export default async function UserPage(
    const session = await requireSession();
    const identityId = session.identity!.id;

-    await requireRole('admin', identityId);
+    await requirePermission(permission.stack.dashboard, relation.access, identityId);

    const pmAccessUser = await checkPermission(permission.user.it, relation.access, identityId);
    const pmEditUser = await checkPermission(permission.user.it, relation.edit, identityId);
--- a/dashboard/src/lib/permission.ts
+++ b/dashboard/src/lib/permission.ts
@ -1,5 +1,6 @@
-const permission = {
+export const permission = {
    stack: {
+        dashboard: 'admin.stack.dashboard',
        status: 'admin.stack.status',
    },
    user: {
@ -9,7 +10,7 @@ const permission = {
    },
 };

-const relation = {
+export const relation = {
    access: 'access',
    edit: 'edit',
    delete: 'delete',
--- a/dashboard/src/middleware.ts
+++ b/dashboard/src/middleware.ts
@ -1,5 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { checkRole, getSession } from '@/lib/action/authentication';
+import { checkPermission, getSession } from '@/lib/action/authentication';
+import { permission, relation } from '@/lib/permission';

 export async function middleware(request: NextRequest) {

@ -19,10 +20,8 @@ export async function middleware(request: NextRequest) {
        return NextResponse.redirect(url!);
    }

-    const allowed = await checkRole(
-        'admin',
-        session!.identity!.id,
-    );
+    const allowed = await checkPermission(permission.stack.dashboard, relation.access, session.identity!.id);
+

    if (allowed) {
        if (request.nextUrl.pathname === '/unauthorised') {