local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

feat: restrict own_data to profile and linked member pages

Browse source 
- Remove "/" from own_data pages (Mitglied redirected to profile at root).
- Add /users/:id, /users/:id/edit, /users/:id/show/edit and member edit pages
  for own_data so members can access own profile and linked member only.
This commit is contained in:
Moritz 2026-01-29 23:56:03 +01:00
parent b10b9c893c
commit 626e8a872e
Signed by: moritz
GPG key ID: 1020A035E5DD0824
1 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
lib/mv/authorization/permission_sets.ex
View file

@ -118,12 +118,16 @@ defmodule Mv.Authorization.PermissionSets do
%{resource: "Group", action: :read, scope: :all, granted: true} %{resource: "Group", action: :read, scope: :all, granted: true}
], ],
pages: [ pages: [
# Home page # No "/" - Mitglied must not see member index at root (same content as /members).
"/", # Own profile (sidebar links to /users/:id) and own user edit
# Own profile
"/profile", "/profile",
# Linked member detail (filtered by policy) "/users/:id",
"/members/:id" "/users/:id/edit",
"/users/:id/show/edit",
# Linked member detail and edit (data access filtered by policy scope: :linked)
"/members/:id",
"/members/:id/edit",
"/members/:id/show/edit"
] ]
} }
end end