NORY-59: replace 'force-admin-role' with new permission

2025-04-19 09:01:18 +00:00 · 2025-04-04 19:48:39 +02:00 · 2025-04-04 19:48:39 +02:00 · eff751996c
commit eff751996c
parent 6b80e93bf0
4 changed files with 13 additions and 11 deletions
--- a/dashboard/src/app/(inside)/page.tsx
+++ b/dashboard/src/app/(inside)/page.tsx
@ -1,14 +1,15 @@
 import { StatusCard } from '@/components/status-card';
 import { hydraMetadata, ketoMetadata, kratosMetadata } from '@/lib/action/metadata';
-import { checkPermission, requireRole, requireSession } from '@/lib/action/authentication';
+import { checkPermission, requirePermission, requireSession } from '@/lib/action/authentication';
 import InsufficientPermission from '@/components/insufficient-permission';
 import { permission, relation } from '@/lib/permission';
 export default async function RootPage() {
    const session = await requireSession();
    const identityId = session.identity!.id;
-    await requireRole('admin', identityId);
+    await requirePermission(permission.stack.dashboard, relation.access, identityId);
    const pmAccessStackStatus = await checkPermission(permission.stack.status, relation.access, identityId);
--- a/dashboard/src/app/(inside)/user/page.tsx
+++ b/dashboard/src/app/(inside)/user/page.tsx
@ -3,8 +3,9 @@ import { IdentityDataTable } from '@/app/(inside)/user/data-table';
 import { SearchInput } from '@/components/search-input';
 import { queryIdentities } from '@/lib/action/identity';
 import { IdentityPagination } from '@/components/pagination';
-import { checkPermission, requireRole, requireSession } from '@/lib/action/authentication';
+import { checkPermission, requirePermission, requireSession } from '@/lib/action/authentication';
 import InsufficientPermission from '@/components/insufficient-permission';
 import { permission, relation } from '@/lib/permission';
 export default async function UserPage(
    {
@ -17,7 +18,7 @@ export default async function UserPage(
    const session = await requireSession();
    const identityId = session.identity!.id;
-    await requireRole('admin', identityId);
+    await requirePermission(permission.stack.dashboard, relation.access, identityId);
    const pmAccessUser = await checkPermission(permission.user.it, relation.access, identityId);
    const pmEditUser = await checkPermission(permission.user.it, relation.edit, identityId);
--- a/dashboard/src/lib/permission.ts
+++ b/dashboard/src/lib/permission.ts
@ -1,5 +1,6 @@
-const permission = {
+export const permission = {
    stack: {
        dashboard: 'admin.stack.dashboard',
        status: 'admin.stack.status',
    },
    user: {
@ -9,7 +10,7 @@ const permission = {
    },
 };
-const relation = {
+export const relation = {
    access: 'access',
    edit: 'edit',
    delete: 'delete',
--- a/dashboard/src/middleware.ts
+++ b/dashboard/src/middleware.ts
@ -1,5 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { checkRole, getSession } from '@/lib/action/authentication';
+import { checkPermission, getSession } from '@/lib/action/authentication';
 import { permission, relation } from '@/lib/permission';
 export async function middleware(request: NextRequest) {
@ -19,10 +20,8 @@ export async function middleware(request: NextRequest) {
        return NextResponse.redirect(url!);
    }
-    const allowed = await checkRole(
+    const allowed = await checkPermission(permission.stack.dashboard, relation.access, session.identity!.id);
-        'admin',
+
        session!.identity!.id,
    );
    if (allowed) {
        if (request.nextUrl.pathname === '/unauthorised') {