From eff751996c93f6acd154ee6758e024581a8faa4d Mon Sep 17 00:00:00 2001 From: Markus Thielker Date: Fri, 4 Apr 2025 19:48:39 +0200 Subject: [PATCH] NORY-59: replace 'force-admin-role' with new permission --- dashboard/src/app/(inside)/page.tsx | 5 +++-- dashboard/src/app/(inside)/user/page.tsx | 5 +++-- dashboard/src/lib/permission.ts | 5 +++-- dashboard/src/middleware.ts | 9 ++++----- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/dashboard/src/app/(inside)/page.tsx b/dashboard/src/app/(inside)/page.tsx index dad9358..607c2c4 100644 --- a/dashboard/src/app/(inside)/page.tsx +++ b/dashboard/src/app/(inside)/page.tsx @@ -1,14 +1,15 @@ import { StatusCard } from '@/components/status-card'; import { hydraMetadata, ketoMetadata, kratosMetadata } from '@/lib/action/metadata'; -import { checkPermission, requireRole, requireSession } from '@/lib/action/authentication'; +import { checkPermission, requirePermission, requireSession } from '@/lib/action/authentication'; import InsufficientPermission from '@/components/insufficient-permission'; +import { permission, relation } from '@/lib/permission'; export default async function RootPage() { const session = await requireSession(); const identityId = session.identity!.id; - await requireRole('admin', identityId); + await requirePermission(permission.stack.dashboard, relation.access, identityId); const pmAccessStackStatus = await checkPermission(permission.stack.status, relation.access, identityId); diff --git a/dashboard/src/app/(inside)/user/page.tsx b/dashboard/src/app/(inside)/user/page.tsx index 3e52891..ebb9079 100644 --- a/dashboard/src/app/(inside)/user/page.tsx +++ b/dashboard/src/app/(inside)/user/page.tsx @@ -3,8 +3,9 @@ import { IdentityDataTable } from '@/app/(inside)/user/data-table'; import { SearchInput } from '@/components/search-input'; import { queryIdentities } from '@/lib/action/identity'; import { IdentityPagination } from '@/components/pagination'; -import { checkPermission, requireRole, requireSession } from '@/lib/action/authentication'; +import { checkPermission, requirePermission, requireSession } from '@/lib/action/authentication'; import InsufficientPermission from '@/components/insufficient-permission'; +import { permission, relation } from '@/lib/permission'; export default async function UserPage( { @@ -17,7 +18,7 @@ export default async function UserPage( const session = await requireSession(); const identityId = session.identity!.id; - await requireRole('admin', identityId); + await requirePermission(permission.stack.dashboard, relation.access, identityId); const pmAccessUser = await checkPermission(permission.user.it, relation.access, identityId); const pmEditUser = await checkPermission(permission.user.it, relation.edit, identityId); diff --git a/dashboard/src/lib/permission.ts b/dashboard/src/lib/permission.ts index 7bced61..bab8592 100644 --- a/dashboard/src/lib/permission.ts +++ b/dashboard/src/lib/permission.ts @@ -1,5 +1,6 @@ -const permission = { +export const permission = { stack: { + dashboard: 'admin.stack.dashboard', status: 'admin.stack.status', }, user: { @@ -9,7 +10,7 @@ const permission = { }, }; -const relation = { +export const relation = { access: 'access', edit: 'edit', delete: 'delete', diff --git a/dashboard/src/middleware.ts b/dashboard/src/middleware.ts index 62d78cc..8fb5913 100644 --- a/dashboard/src/middleware.ts +++ b/dashboard/src/middleware.ts @@ -1,5 +1,6 @@ import { NextRequest, NextResponse } from 'next/server'; -import { checkRole, getSession } from '@/lib/action/authentication'; +import { checkPermission, getSession } from '@/lib/action/authentication'; +import { permission, relation } from '@/lib/permission'; export async function middleware(request: NextRequest) { @@ -19,10 +20,8 @@ export async function middleware(request: NextRequest) { return NextResponse.redirect(url!); } - const allowed = await checkRole( - 'admin', - session!.identity!.id, - ); + const allowed = await checkPermission(permission.stack.dashboard, relation.access, session.identity!.id); + if (allowed) { if (request.nextUrl.pathname === '/unauthorised') {