fix(auth): keep admin out of personal workbench
This commit is contained in:
@@ -230,18 +230,22 @@ export function isCurrentDirectManagerForRequest(request, user) {
|
||||
return managerNames.length > 0 && identityIntersects(managerNames, currentNames)
|
||||
}
|
||||
|
||||
export function canAccessAppView(user, viewId) {
|
||||
if (!viewId || !user) {
|
||||
return false
|
||||
}
|
||||
|
||||
if (!DEFAULT_APP_VIEW_ORDER.includes(viewId)) {
|
||||
return false
|
||||
}
|
||||
|
||||
if (viewId === 'budget') {
|
||||
if (isPlatformAdminUser(user)) {
|
||||
return true
|
||||
export function canAccessAppView(user, viewId) {
|
||||
if (!viewId || !user) {
|
||||
return false
|
||||
}
|
||||
|
||||
if (!DEFAULT_APP_VIEW_ORDER.includes(viewId)) {
|
||||
return false
|
||||
}
|
||||
|
||||
if (viewId === 'workbench' && isPlatformAdminUser(user)) {
|
||||
return false
|
||||
}
|
||||
|
||||
if (viewId === 'budget') {
|
||||
if (isPlatformAdminUser(user)) {
|
||||
return true
|
||||
}
|
||||
const roleCodes = normalizedRoleCodes(user)
|
||||
return VIEW_ROLE_RULES.budget.some((roleCode) => roleCodes.includes(roleCode))
|
||||
@@ -268,7 +272,11 @@ export function filterNavItemsByAccess(navItems, user) {
|
||||
return navItems.filter((item) => canAccessAppView(user, item.id))
|
||||
}
|
||||
|
||||
export function resolveDefaultAuthorizedRoute(user) {
|
||||
const firstVisibleView = getAccessibleViewIds(user)[0]
|
||||
return { name: `app-${firstVisibleView || 'workbench'}` }
|
||||
}
|
||||
export function resolveDefaultAuthorizedRoute(user) {
|
||||
if (isPlatformAdminUser(user) && canAccessAppView(user, 'overview')) {
|
||||
return { name: 'app-overview' }
|
||||
}
|
||||
|
||||
const firstVisibleView = getAccessibleViewIds(user)[0]
|
||||
return { name: `app-${firstVisibleView || 'workbench'}` }
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user