local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

feat: restrict own_data to profile and linked member pages

Browse source 
- Remove "/" from own_data pages (Mitglied redirected to profile at root).
- Add /users/:id, /users/:id/edit, /users/:id/show/edit and member edit pages
  for own_data so members can access own profile and linked member only.
This commit is contained in:
Moritz 2026-01-29 23:56:03 +01:00
parent b10b9c893c
commit 626e8a872e
Signed by: moritz
GPG key ID: 1020A035E5DD0824
1 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
lib/mv/authorization/permission_sets.ex
View file

@ -118,12 +118,16 @@ defmodule Mv.Authorization.PermissionSets do
%{resource: "Group", action: :read, scope: :all, granted: true}
],
pages: [
# Home page
"/",
# Own profile
# No "/" - Mitglied must not see member index at root (same content as /members).
# Own profile (sidebar links to /users/:id) and own user edit
"/profile",
# Linked member detail (filtered by policy)
"/members/:id"
"/users/:id",
"/users/:id/edit",
"/users/:id/show/edit",
# Linked member detail and edit (data access filtered by policy scope: :linked)
"/members/:id",
"/members/:id/edit",
"/members/:id/show/edit"
]
}
end