counterweight/arbret
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(auth): unify authorization patterns with MANAGE_OWN_PROFILE permission

Browse source 
Issue #2: The profile route used a custom role-based check instead
of the permission-based pattern used everywhere else.

Changes:
- Add MANAGE_OWN_PROFILE permission to backend Permission enum
- Add permission to ROLE_REGULAR role definition
- Update profile routes to use require_permission(MANAGE_OWN_PROFILE)
- Remove custom require_regular_user dependency
- Update frontend Permission constant and profile page
- Update invites page to use permission instead of role check
- Update profile tests with proper permission mocking

This ensures consistent authorization patterns across all routes.
This commit is contained in:
counterweight 2025-12-21 23:50:06 +01:00
parent 81cd34b0e7
commit 21698203fe
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
7 changed files with 40 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

3
frontend/app/invites/page.tsx
View file

@ -6,6 +6,7 @@ import { Header } from "../components/Header";
import { useRequireAuth } from "../hooks/useRequireAuth";
import { components } from "../generated/api";
import constants from "../../../shared/constants.json";
import { Permission } from "../auth-context";
import {
layoutStyles,
cardStyles,
@ -19,7 +20,7 @@ type Invite = components["schemas"]["UserInviteResponse"];
export default function InvitesPage() {
const { user, isLoading, isAuthorized } = useRequireAuth({
requiredRole: constants.roles.REGULAR,
requiredPermission: Permission.VIEW_OWN_INVITES,
fallbackRedirect: "/audit",
});
const [invites, setInvites] = useState<Invite[]>([]);