fix: admin permissions + restrict nav settings
This commit is contained in:
parent
10f17c5712
commit
4f16dd0c81
@ -36,6 +36,20 @@ router.get('/healthz', (req, res, next) => {
|
||||
* Administration
|
||||
*/
|
||||
router.get(['/a', '/a/*'], (req, res, next) => {
|
||||
if (!WIKI.auth.checkAccess(req.user, [
|
||||
'manage:system',
|
||||
'write:users',
|
||||
'manage:users',
|
||||
'write:groups',
|
||||
'manage:groups',
|
||||
'manage:navigation',
|
||||
'manage:theme',
|
||||
'manage:api'
|
||||
])) {
|
||||
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
|
||||
return res.render('unauthorized', { action: 'view' })
|
||||
}
|
||||
|
||||
_.set(res.locals, 'pageMeta.title', 'Admin')
|
||||
res.render('admin')
|
||||
})
|
||||
|
@ -15,8 +15,8 @@ extend type Mutation {
|
||||
# -----------------------------------------------
|
||||
|
||||
type NavigationQuery {
|
||||
tree: [NavigationTree]!
|
||||
config: NavigationConfig!
|
||||
tree: [NavigationTree]! @auth(requires: ["manage:navigation", "manage:system"])
|
||||
config: NavigationConfig! @auth(requires: ["manage:navigation", "manage:system"])
|
||||
}
|
||||
|
||||
# -----------------------------------------------
|
||||
|
Loading…
Reference in New Issue
Block a user