local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Add /users/:id (own) and /members/:id/show/edit for redirect and normal_user

Browse source 
- read_only and normal_user: allow /users/:id, /users/:id/edit, /users/:id/show/edit (own only)
- normal_user: allow /members/:id/show/edit
- Fixes redirect loop when sidebar links to profile
This commit is contained in:
Moritz 2026-01-30 10:22:27 +01:00
parent 3a7e4000c0
commit d318dad612
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/mv/authorization/permission_sets.ex
View file

@ -155,8 +155,11 @@ defmodule Mv.Authorization.PermissionSets do
], ],
pages: [ pages: [
"/", "/",
# Own profile # Own profile (sidebar links to /users/:id; redirect target must be allowed)
"/profile", "/profile",
"/users/:id",
"/users/:id/edit",
"/users/:id/show/edit",
# Member list # Member list
"/members", "/members",
# Member detail # Member detail
@ -202,14 +205,18 @@ defmodule Mv.Authorization.PermissionSets do
], ],
pages: [ pages: [
"/", "/",
# Own profile # Own profile (sidebar links to /users/:id; redirect target must be allowed)
"/profile", "/profile",
"/users/:id",
"/users/:id/edit",
"/users/:id/show/edit",
"/members", "/members",
# Create member # Create member
"/members/new", "/members/new",
"/members/:id", "/members/:id",
# Edit member # Edit member
"/members/:id/edit", "/members/:id/edit",
"/members/:id/show/edit",
"/custom_field_values", "/custom_field_values",
# Custom field value detail # Custom field value detail
"/custom_field_values/:id", "/custom_field_values/:id",