jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Prevent views from getting accessed by non priviledged users

Browse Source
This commit is contained in:
Johannes Zellner
2025-03-25 11:18:14 +01:00
parent 128e7fccdb
commit e312c3147a
2 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dashboard/src/views/AppConfigureView.vue
View File

@@ -33,7 +33,7 @@ const installationStateLabel = AppsModel.installationStateLabel;
const busy = ref(true);
const id = ref('');
const app = ref({});
const app = ref(null);
const view = ref('');
const link = ref('');
const infoMenu = ref([]);
@@ -64,7 +64,13 @@ async function onToggleRunState() {
let refreshTimer = null;
async function refresh() {
const [error, result] = await appsModel.get(id.value);
if (error) return console.error(error);
if (error) {
if (error.status === 403) return window.location.hash = '/';
return console.error(error);
}
// prevent users who have no acces to
if (result.accessLevel !== 'admin' && result.accessLevel !== 'operator') return window.location.hash = '/';
app.value = result;
@@ -143,6 +149,7 @@ onMounted(async () => {
id.value = parts[0];
await refresh();
if (!app.value) return;
onSetView(parts[1] || 'info');