matthias/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix permissions

Browse Source
This commit is contained in:
Matthias Hochmeister
2026-03-24 17:20:31 +01:00
parent f9f54b7e07
commit e6ddf67d95
3 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/src/controllers/issue.controller.ts
View File

@@ -10,7 +10,7 @@ class IssueController {
try {
const userId = req.user!.id;
const groups: string[] = (req.user as any).groups || [];
const canViewAll = groups.includes('dashboard_admin') || permissionService.hasPermission(groups, 'issues:view_all');
const canViewAll = permissionService.hasPermission(groups, 'issues:view_all');
// Parse filter query params
const filters: {
@@ -60,7 +60,7 @@ class IssueController {
}
const userId = req.user!.id;
const groups: string[] = (req.user as any).groups || [];
const canViewAll = groups.includes('dashboard_admin') || permissionService.hasPermission(groups, 'issues:view_all');
const canViewAll = permissionService.hasPermission(groups, 'issues:view_all');
if (!canViewAll && issue.erstellt_von !== userId && issue.zugewiesen_an !== userId) {
res.status(403).json({ success: false, message: 'Kein Zugriff' });
return;
@@ -227,7 +227,7 @@ class IssueController {
}
const userId = req.user!.id;
const groups: string[] = (req.user as any).groups || [];
const canViewAll = groups.includes('dashboard_admin') || permissionService.hasPermission(groups, 'issues:view_all');
const canViewAll = permissionService.hasPermission(groups, 'issues:view_all');
if (!canViewAll && issue.erstellt_von !== userId && issue.zugewiesen_an !== userId) {
res.status(403).json({ success: false, message: 'Kein Zugriff' });
return;

10
backend/src/database/migrations/056_issues_widget_permission.sql
View File

@@ -1,13 +1,15 @@
-- Migration 056: Add issues:widget permission
-- Gated permission for the Issue Quick Add dashboard widget.
-- Granted to all groups that currently have issues:create.
--
-- Adds the widget permission for the Issue Quick Add dashboard widget.
-- dashboard_admin gets it automatically via the permission cache (loadCache
-- populates it with every permission in the system).
-- 1. Insert the new permission
-- 1. Insert the new widget permission
INSERT INTO permissions (id, feature_group_id, label, description, sort_order)
VALUES ('issues:widget', 'issues', 'Widget', 'Issue-Schnelleingabe auf dem Dashboard', 8)
ON CONFLICT (id) DO NOTHING;
-- 2. Grant to every group that already has issues:create
-- 2. Grant issues:widget to every group that already has issues:create
INSERT INTO group_permissions (authentik_group, permission_id)
SELECT authentik_group, 'issues:widget'
FROM group_permissions

5
backend/src/services/permission.service.ts
View File

@@ -87,6 +87,11 @@ class PermissionService {
}
newMap.get(row.authentik_group)!.add(row.permission_id);
}
// dashboard_admin always holds every permission in the system
const allPermsResult = await pool.query('SELECT id FROM permissions');
newMap.set('dashboard_admin', new Set(allPermsResult.rows.map((r: any) => r.id)));
this.groupPermissions = newMap;
// Load maintenance flags