matthias/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix permissions

Browse Source
This commit is contained in:
Matthias Hochmeister
2026-03-24 17:10:01 +01:00
parent a0d99dce8d
commit f9f54b7e07
7 changed files with 190 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/src/controllers/issue.controller.ts
View File

@@ -10,7 +10,7 @@ class IssueController {
try {
const userId = req.user!.id;
const groups: string[] = (req.user as any).groups || [];
const canViewAll = permissionService.hasPermission(groups, 'issues:view_all');
const canViewAll = groups.includes('dashboard_admin') || permissionService.hasPermission(groups, 'issues:view_all');
// Parse filter query params
const filters: {
@@ -60,7 +60,7 @@ class IssueController {
}
const userId = req.user!.id;
const groups: string[] = (req.user as any).groups || [];
const canViewAll = permissionService.hasPermission(groups, 'issues:view_all');
const canViewAll = groups.includes('dashboard_admin') || permissionService.hasPermission(groups, 'issues:view_all');
if (!canViewAll && issue.erstellt_von !== userId && issue.zugewiesen_an !== userId) {
res.status(403).json({ success: false, message: 'Kein Zugriff' });
return;
@@ -227,7 +227,7 @@ class IssueController {
}
const userId = req.user!.id;
const groups: string[] = (req.user as any).groups || [];
const canViewAll = permissionService.hasPermission(groups, 'issues:view_all');
const canViewAll = groups.includes('dashboard_admin') || permissionService.hasPermission(groups, 'issues:view_all');
if (!canViewAll && issue.erstellt_von !== userId && issue.zugewiesen_an !== userId) {
res.status(403).json({ success: false, message: 'Kein Zugriff' });
return;

20
backend/src/database/migrations/056_issues_widget_permission.sql Normal file
View File

@@ -0,0 +1,20 @@
-- Migration 056: Add issues:widget permission
-- Gated permission for the Issue Quick Add dashboard widget.
-- Granted to all groups that currently have issues:create.
-- 1. Insert the new permission
INSERT INTO permissions (id, feature_group_id, label, description, sort_order)
VALUES ('issues:widget', 'issues', 'Widget', 'Issue-Schnelleingabe auf dem Dashboard', 8)
ON CONFLICT (id) DO NOTHING;
-- 2. Grant to every group that already has issues:create
INSERT INTO group_permissions (authentik_group, permission_id)
SELECT authentik_group, 'issues:widget'
FROM group_permissions
WHERE permission_id = 'issues:create'
ON CONFLICT DO NOTHING;
-- 3. Add dependency: issues:widget requires issues:create
UPDATE app_settings
SET value = value || '{"issues:widget": ["issues:create"]}'::jsonb
WHERE key = 'permission_deps';