fix: admin permissions + restrict nav settings

This commit is contained in:
NGPixel 2020-07-19 15:26:51 -04:00
parent 10f17c5712
commit 4f16dd0c81
2 changed files with 16 additions and 2 deletions

View File

@ -36,6 +36,20 @@ router.get('/healthz', (req, res, next) => {
* Administration * Administration
*/ */
router.get(['/a', '/a/*'], (req, res, next) => { router.get(['/a', '/a/*'], (req, res, next) => {
if (!WIKI.auth.checkAccess(req.user, [
'manage:system',
'write:users',
'manage:users',
'write:groups',
'manage:groups',
'manage:navigation',
'manage:theme',
'manage:api'
])) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'view' })
}
_.set(res.locals, 'pageMeta.title', 'Admin') _.set(res.locals, 'pageMeta.title', 'Admin')
res.render('admin') res.render('admin')
}) })

View File

@ -15,8 +15,8 @@ extend type Mutation {
# ----------------------------------------------- # -----------------------------------------------
type NavigationQuery { type NavigationQuery {
tree: [NavigationTree]! tree: [NavigationTree]! @auth(requires: ["manage:navigation", "manage:system"])
config: NavigationConfig! config: NavigationConfig! @auth(requires: ["manage:navigation", "manage:system"])
} }
# ----------------------------------------------- # -----------------------------------------------