feat(admin): add IA shell and protected section skeleton routes
This commit is contained in:
@@ -21,4 +21,23 @@ describe("admin route access rules", () => {
|
||||
scope: "global",
|
||||
})
|
||||
})
|
||||
|
||||
it("maps new admin IA routes to dedicated permissions", () => {
|
||||
expect(getRequiredPermission("/pages")).toEqual({
|
||||
permission: "pages:read",
|
||||
scope: "team",
|
||||
})
|
||||
expect(getRequiredPermission("/media")).toEqual({
|
||||
permission: "media:read",
|
||||
scope: "team",
|
||||
})
|
||||
expect(getRequiredPermission("/users")).toEqual({
|
||||
permission: "users:read",
|
||||
scope: "own",
|
||||
})
|
||||
expect(getRequiredPermission("/commissions")).toEqual({
|
||||
permission: "commissions:read",
|
||||
scope: "own",
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
@@ -43,6 +43,34 @@ const guardRules: GuardRule[] = [
|
||||
scope: "global",
|
||||
},
|
||||
},
|
||||
{
|
||||
route: /^\/pages(?:\/|$)/,
|
||||
requirement: {
|
||||
permission: "pages:read",
|
||||
scope: "team",
|
||||
},
|
||||
},
|
||||
{
|
||||
route: /^\/media(?:\/|$)/,
|
||||
requirement: {
|
||||
permission: "media:read",
|
||||
scope: "team",
|
||||
},
|
||||
},
|
||||
{
|
||||
route: /^\/users(?:\/|$)/,
|
||||
requirement: {
|
||||
permission: "users:read",
|
||||
scope: "own",
|
||||
},
|
||||
},
|
||||
{
|
||||
route: /^\/commissions(?:\/|$)/,
|
||||
requirement: {
|
||||
permission: "commissions:read",
|
||||
scope: "own",
|
||||
},
|
||||
},
|
||||
{
|
||||
route: /^\/settings(?:\/|$)/,
|
||||
requirement: {
|
||||
|
||||
30
apps/admin/src/lib/route-guards.ts
Normal file
30
apps/admin/src/lib/route-guards.ts
Normal file
@@ -0,0 +1,30 @@
|
||||
import { hasPermission, type Permission, type PermissionScope, type Role } from "@cms/content/rbac"
|
||||
import { redirect } from "next/navigation"
|
||||
|
||||
import { resolveRoleFromServerContext } from "@/lib/access-server"
|
||||
|
||||
type RequirePermissionParams = {
|
||||
nextPath: string
|
||||
permission: Permission
|
||||
scope: PermissionScope
|
||||
}
|
||||
|
||||
export async function requireRoleForRoute(nextPath: string): Promise<Role> {
|
||||
const role = await resolveRoleFromServerContext()
|
||||
|
||||
if (!role) {
|
||||
redirect(`/login?next=${encodeURIComponent(nextPath)}`)
|
||||
}
|
||||
|
||||
return role
|
||||
}
|
||||
|
||||
export async function requirePermissionForRoute(params: RequirePermissionParams): Promise<Role> {
|
||||
const role = await requireRoleForRoute(params.nextPath)
|
||||
|
||||
if (!hasPermission(role, params.permission, params.scope)) {
|
||||
redirect(`/unauthorized?required=${params.permission}&scope=${params.scope}`)
|
||||
}
|
||||
|
||||
return role
|
||||
}
|
||||
Reference in New Issue
Block a user