From 794f6130d22f31ecebda7de8ee2bd1e62b0e7603 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 5 Oct 2022 16:06:51 +0200 Subject: [PATCH] (security) access to admin/store is restricted to admins & managers also, access to admin/store/settings is not allowed to managers --- app/frontend/src/javascript/controllers/application.js | 1 + app/frontend/src/javascript/router.js | 3 +++ app/frontend/templates/admin/store/index.html | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/app/frontend/src/javascript/controllers/application.js b/app/frontend/src/javascript/controllers/application.js index d2ae5b337..a83572f24 100644 --- a/app/frontend/src/javascript/controllers/application.js +++ b/app/frontend/src/javascript/controllers/application.js @@ -353,6 +353,7 @@ Application.Controllers.controller('ApplicationController', ['$rootScope', '$sco if (AuthService.isAuthenticated()) { // user is not allowed console.error('[ApplicationController::initialize] user is not allowed'); + return false; } else { // user is not logged in openLoginModal(trans.$to().name, trans.$to().params); diff --git a/app/frontend/src/javascript/router.js b/app/frontend/src/javascript/router.js index cab02c6cc..791fe5889 100644 --- a/app/frontend/src/javascript/router.js +++ b/app/frontend/src/javascript/router.js @@ -1195,6 +1195,9 @@ angular.module('application.router', ['ui.router']) .state('app.admin.store.settings', { url: '/settings', abstract: !Fablab.storeModule, + data: { + authorizedRoles: ['admin'] + }, views: { 'main@': { templateUrl: '/admin/store/index.html', diff --git a/app/frontend/templates/admin/store/index.html b/app/frontend/templates/admin/store/index.html index d13802c80..72a403e96 100644 --- a/app/frontend/templates/admin/store/index.html +++ b/app/frontend/templates/admin/store/index.html @@ -14,7 +14,7 @@
- +