fix: add authorization check for Roles link in navbar
Only show Roles link in Settings dropdown for users with admin permissions, preventing unauthorized access attempts.
This commit is contained in:
parent
cf220b9730
commit
dd1b126c14
1 changed files with 6 additions and 3 deletions
|
|
@ -7,6 +7,7 @@ defmodule MvWeb.Layouts.Navbar do
|
||||||
use MvWeb, :verified_routes
|
use MvWeb, :verified_routes
|
||||||
|
|
||||||
alias Mv.Membership
|
alias Mv.Membership
|
||||||
|
import MvWeb.Authorization
|
||||||
|
|
||||||
attr :current_user, :map,
|
attr :current_user, :map,
|
||||||
required: true,
|
required: true,
|
||||||
|
|
@ -33,9 +34,11 @@ defmodule MvWeb.Layouts.Navbar do
|
||||||
<li>
|
<li>
|
||||||
<.link navigate="/settings">{gettext("Global Settings")}</.link>
|
<.link navigate="/settings">{gettext("Global Settings")}</.link>
|
||||||
</li>
|
</li>
|
||||||
|
<%= if can_access_page?(@current_user, "/admin/roles") do %>
|
||||||
<li>
|
<li>
|
||||||
<.link navigate="/admin/roles">{gettext("Roles")}</.link>
|
<.link navigate="/admin/roles">{gettext("Roles")}</.link>
|
||||||
</li>
|
</li>
|
||||||
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
</details>
|
</details>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue