local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Gate sidebar menu items by can_access_page?

Browse source 
Members, Fee Types and Administration subitems only shown when user
has page permission. Add admin_menu_visible? helper. Sidebar test
uses admin user so menu items render.
This commit is contained in:
Moritz 2026-02-03 16:35:35 +01:00
parent 3d84b1f030
commit bda1edebcb
2 changed files with 51 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

25
lib/mv_web/components/layouts/sidebar.ex
View file

@ -70,33 +70,56 @@ defmodule MvWeb.Layouts.Sidebar do
defp sidebar_menu(assigns) do defp sidebar_menu(assigns) do
~H""" ~H"""
<ul class="menu flex-1 w-full p-2" role="menubar"> <ul class="menu flex-1 w-full p-2" role="menubar">
<%= if can_access_page?(@current_user, "/members") do %>
<.menu_item <.menu_item
href={~p"/members"} href={~p"/members"}
icon="hero-users" icon="hero-users"
label={gettext("Members")} label={gettext("Members")}
/> />
<% end %>
<%= if can_access_page?(@current_user, "/membership_fee_types") do %>
<.menu_item <.menu_item
href={~p"/membership_fee_types"} href={~p"/membership_fee_types"}
icon="hero-currency-euro" icon="hero-currency-euro"
label={gettext("Fee Types")} label={gettext("Fee Types")}
/> />
<% end %>
<!-- Nested Admin Menu --> <%= if admin_menu_visible?(@current_user) do %>
<.menu_group icon="hero-cog-6-tooth" label={gettext("Administration")}> <.menu_group icon="hero-cog-6-tooth" label={gettext("Administration")}>
<%= if can_access_page?(@current_user, "/users") do %>
<.menu_subitem href={~p"/users"} label={gettext("Users")} /> <.menu_subitem href={~p"/users"} label={gettext("Users")} />
<% end %>
<%= if can_access_page?(@current_user, "/groups") do %>
<.menu_subitem href={~p"/groups"} label={gettext("Groups")} /> <.menu_subitem href={~p"/groups"} label={gettext("Groups")} />
<% end %>
<%= if can_access_page?(@current_user, "/admin/roles") do %>
<.menu_subitem href={~p"/admin/roles"} label={gettext("Roles")} /> <.menu_subitem href={~p"/admin/roles"} label={gettext("Roles")} />
<% end %>
<%= if can_access_page?(@current_user, "/membership_fee_settings") do %>
<.menu_subitem <.menu_subitem
href={~p"/membership_fee_settings"} href={~p"/membership_fee_settings"}
label={gettext("Fee Settings")} label={gettext("Fee Settings")}
/> />
<% end %>
<%= if can_access_page?(@current_user, "/settings") do %>
<.menu_subitem href={~p"/settings"} label={gettext("Settings")} /> <.menu_subitem href={~p"/settings"} label={gettext("Settings")} />
<% end %>
</.menu_group> </.menu_group>
<% end %>
</ul> </ul>
""" """
end end
defp admin_menu_visible?(user) do
Enum.any?(admin_page_paths(), &can_access_page?(user, &1))
end
defp admin_page_paths do
["/users", "/groups", "/admin/roles", "/membership_fee_settings", "/settings"]
end
attr :href, :string, required: true, doc: "Navigation path" attr :href, :string, required: true, doc: "Navigation path"
attr :icon, :string, required: true, doc: "Heroicon name" attr :icon, :string, required: true, doc: "Heroicon name"
attr :label, :string, required: true, doc: "Menu item label" attr :label, :string, required: true, doc: "Menu item label"

7
test/mv_web/components/layouts/sidebar_test.exs
View file

@ -22,9 +22,14 @@ defmodule MvWeb.Layouts.SidebarTest do
# ============================================================================= # =============================================================================
# Returns assigns for an authenticated user with all required attributes. # Returns assigns for an authenticated user with all required attributes.
# User has admin role so can_access_page? returns true for all sidebar links.
defp authenticated_assigns(mobile \\ false) do defp authenticated_assigns(mobile \\ false) do
%{ %{
current_user: %{id: "user-123", email: "test@example.com"}, current_user: %{
id: "user-123",
email: "test@example.com",
role: %{permission_set_name: "admin"}
},
club_name: "Test Club", club_name: "Test Club",
mobile: mobile mobile: mobile
} }