feat(rbac): enforce admin access checks and document permission model

2026-02-10 12:16:36 +01:00
parent 4041a4ac4a
commit 947cb0a3d7
13 changed files with 458 additions and 8 deletions
--- a/apps/admin/src/app/unauthorized/page.tsx
+++ b/apps/admin/src/app/unauthorized/page.tsx
@@ -0,0 +1,57 @@
+import Link from "next/link"
+
+type SearchParams = Promise<Record<string, string | string[] | undefined>>
+
+function getSingleValue(input: string | string[] | undefined): string | undefined {
+  if (Array.isArray(input)) {
+    return input[0]
+  }
+
+  return input
+}
+
+export default async function UnauthorizedPage({ searchParams }: { searchParams: SearchParams }) {
+  const params = await searchParams
+
+  const required = getSingleValue(params.required)
+  const scope = getSingleValue(params.scope)
+  const reason = getSingleValue(params.reason)
+
+  return (
+    <main className="mx-auto flex min-h-screen w-full max-w-xl flex-col gap-6 px-6 py-20">
+      <header className="space-y-3">
+        <p className="text-sm uppercase tracking-[0.2em] text-neutral-500">Admin App</p>
+        <h1 className="text-4xl font-semibold tracking-tight">Access denied</h1>
+        <p className="text-neutral-600">
+          You do not have the required role/permission for this admin route.
+        </p>
+      </header>
+
+      <section className="rounded-xl border border-neutral-200 p-5">
+        <dl className="space-y-2 text-sm">
+          <div className="flex items-center justify-between gap-3">
+            <dt className="text-neutral-500">Reason</dt>
+            <dd className="font-medium text-neutral-800">{reason ?? "insufficient-permission"}</dd>
+          </div>
+
+          <div className="flex items-center justify-between gap-3">
+            <dt className="text-neutral-500">Required permission</dt>
+            <dd className="font-medium text-neutral-800">{required ?? "n/a"}</dd>
+          </div>
+
+          <div className="flex items-center justify-between gap-3">
+            <dt className="text-neutral-500">Required scope</dt>
+            <dd className="font-medium text-neutral-800">{scope ?? "n/a"}</dd>
+          </div>
+        </dl>
+      </section>
+
+      <Link
+        href="/"
+        className="inline-flex w-fit rounded-md border border-neutral-300 px-4 py-2 text-sm font-medium hover:bg-neutral-100"
+      >
+        Back to dashboard
+      </Link>
+    </main>
+  )
+}