(security) access to admin/store is restricted to admins & managers

also, access to admin/store/settings is not allowed to managers
2025-03-21 12:29:03 +01:00 · 2022-10-05 16:06:51 +02:00 · 2022-10-05 16:06:51 +02:00 · 794f6130d2
commit 794f6130d2
parent 8dd4463a14
3 changed files with 5 additions and 1 deletions
--- a/app/frontend/src/javascript/controllers/application.js
+++ b/app/frontend/src/javascript/controllers/application.js
@ -353,6 +353,7 @@ Application.Controllers.controller('ApplicationController', ['$rootScope', '$sco
          if (AuthService.isAuthenticated()) {
          // user is not allowed
            console.error('[ApplicationController::initialize] user is not allowed');
+            return false;
          } else {
          // user is not logged in
            openLoginModal(trans.$to().name, trans.$to().params);
--- a/app/frontend/src/javascript/router.js
+++ b/app/frontend/src/javascript/router.js
@ -1195,6 +1195,9 @@ angular.module('application.router', ['ui.router'])
      .state('app.admin.store.settings', {
        url: '/settings',
        abstract: !Fablab.storeModule,
+        data: {
+          authorizedRoles: ['admin']
+        },
        views: {
          'main@': {
            templateUrl: '/admin/store/index.html',
--- a/app/frontend/templates/admin/store/index.html
+++ b/app/frontend/templates/admin/store/index.html
@ -14,7 +14,7 @@
    <div>
      <uib-tabset justified="true" active="tabs.active">

-        <uib-tab heading="{{ 'app.admin.store.settings' | translate }}" index="0" select="selectTab()">
+        <uib-tab heading="{{ 'app.admin.store.settings' | translate }}" index="0" select="selectTab()" ng-hide="currentUser.role == 'manager'">
          <ng-include src="'/admin/store/settings.html'"></ng-include>
        </uib-tab>