fix(dash/src): 🔥 More fine grained permissions

BuildTheEarth · Jan 11, 2025 · 4c34cd4 · 4c34cd4
1 parent 2c0b443
commit 4c34cd4
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 15 deletions.
diff --git a/apps/dashboard/src/app/page.tsx b/apps/dashboard/src/app/page.tsx
@@ -88,7 +88,7 @@ export default async function Page() {
 					/>
 				</>
 			)}
-			{(websiteData?._count?.permissions ?? 0) > 0 && (
+			{session?.user?.realm_access?.roles.includes('bte_staff') && (
 				<>
 					<Title order={2} mt="xl">
 						Global Administration

diff --git a/apps/dashboard/src/components/ProtectionProvider.tsx b/apps/dashboard/src/components/ProtectionProvider.tsx
@@ -2,15 +2,18 @@
 
 import { redirect, usePathname } from 'next/navigation';
 
+import { navLinks } from '@/util/links';
 import { useSession } from 'next-auth/react';
 
 export default function ProtectionProvider({ children }: { children: React.ReactNode }) {
 	const pathname = usePathname();
 	const session = useSession();
-	const isProtected = pathname.startsWith('/am/');
-	const isStaff = session.data?.user.realm_access.roles.includes('bte_staff');
+	const requiredRole = navLinks.find((link) => link.link === pathname.split('/').slice(0, 3).join('/'))?.protected;
 
-	if (isProtected && !isStaff) {
+	if (
+		requiredRole &&
+		!session?.data?.user?.realm_access?.roles.includes(typeof requiredRole === 'boolean' ? 'bte_staff' : requiredRole)
+	) {
 		redirect('/');
 	}
 

diff --git a/apps/dashboard/src/components/layout/index.tsx b/apps/dashboard/src/components/layout/index.tsx
@@ -14,7 +14,6 @@ export interface LayoutProps {
  */
 export default async function AppLayout(props: LayoutProps) {
 	const session = await getSession();
-	const isStaff = session?.user.realm_access.roles.includes('bte_staff');
 
 	return (
 		<AppShell
@@ -25,7 +24,7 @@ export default async function AppLayout(props: LayoutProps) {
 			header={{ height: 60 }}
 			padding="md"
 		>
-			<Navbar displayProtected={isStaff} />
+			<Navbar roles={session?.user.realm_access.roles || []} />
 
 			<Header />
 

diff --git a/apps/dashboard/src/components/layout/navbar/index.tsx b/apps/dashboard/src/components/layout/navbar/index.tsx
@@ -6,14 +6,17 @@ import { navLinks } from '@/util/links';
 import NavLink from './NavLink';
 
 export interface Navbar {
-	displayProtected?: boolean;
+	roles: string[];
 }
 
 /**
  * Main Navbar
  */
 export default async function Navbar(props: Navbar) {
-	const allowedLinks = navLinks.filter((link) => props.displayProtected || !link.protected);
+	const allowedLinks = navLinks.filter(
+		(link) =>
+			!link.protected || props.roles.includes(typeof link.protected === 'boolean' ? 'bte_staff' : link.protected),
+	);
 
 	const links = allowedLinks.map((item) =>
 		item.divider ? (

diff --git a/apps/dashboard/src/util/links.ts b/apps/dashboard/src/util/links.ts
@@ -68,37 +68,37 @@ export const meNavLinks: NavLink[] = [
 	{
 		link: '/am/users',
 		label: 'Website Users',
-		protected: true,
+		protected: 'bte_staff_website',
 		icon: 'UsersGroup',
 	},
 	{
 		link: '/am/teams',
 		label: 'BuildTeams',
-		protected: true,
+		protected: 'bte_staff_website',
 		icon: 'UsersGroup',
 	},
 	{
 		link: '/am/faq',
 		label: 'FAQ',
-		protected: true,
+		protected: 'bte_staff_website',
 		icon: 'Bubble',
 	},
 	{
 		link: '/am/claims',
 		label: 'Map Claims',
-		protected: true,
+		protected: 'bte_staff_website',
 		icon: 'Polygon',
 	},
 	{
 		link: '/am/applications',
 		label: 'Team Applications',
-		protected: true,
+		protected: 'bte_staff_website',
 		icon: 'Forms',
 	},
 	{
 		link: '/am/sso',
 		label: 'SSO Configuration and Security',
-		protected: true,
+		protected: 'bte_staff_admin',
 		icon: 'Settings',
 	},
 ];
@@ -118,7 +118,7 @@ type NavLink = {
 	link: string;
 	label: string;
 	icon: any;
-	protected?: boolean;
+	protected?: boolean | 'bte_staff_admin' | 'bte_staff_discord' | 'bte_staff_website' | 'bte_staff';
 	divider?: boolean;
 };
 interface NavLinkGroup {