local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Add /users/:id (own) and /members/:id/show/edit for redirect and normal_user

Browse source 
- read_only and normal_user: allow /users/:id, /users/:id/edit, /users/:id/show/edit (own only)
- normal_user: allow /members/:id/show/edit
- Fixes redirect loop when sidebar links to profile
This commit is contained in:
Moritz 2026-01-30 10:22:27 +01:00
parent 3a7e4000c0
commit d318dad612
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/mv/authorization/permission_sets.ex
View file

@ -155,8 +155,11 @@ defmodule Mv.Authorization.PermissionSets do
],
pages: [
"/",
# Own profile
# Own profile (sidebar links to /users/:id; redirect target must be allowed)
"/profile",
"/users/:id",
"/users/:id/edit",
"/users/:id/show/edit",
# Member list
"/members",
# Member detail
@ -202,14 +205,18 @@ defmodule Mv.Authorization.PermissionSets do
],
pages: [
"/",
# Own profile
# Own profile (sidebar links to /users/:id; redirect target must be allowed)
"/profile",
"/users/:id",
"/users/:id/edit",
"/users/:id/show/edit",
"/members",
# Create member
"/members/new",
"/members/:id",
# Edit member
"/members/:id/edit",
"/members/:id/show/edit",
"/custom_field_values",
# Custom field value detail
"/custom_field_values/:id",