Merge pull request #4095 from LibreSign/backport/4094/stable29

[stable29] fix: block access to route when isn't allowed by admin
LibreSign · Dec 2, 2024 · c0a2095 · c0a2095
2 parents 86c6b62 + b5c676d
commit c0a2095
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 19 deletions.
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
@@ -276,6 +276,7 @@ public function signPdf(string $uuid): TemplateResponse {
 	#[RequireSignRequestUuid]
 	#[FrontpageRoute(verb: 'GET', url: '/p/sign/{uuid}')]
 	public function sign(string $uuid): TemplateResponse {
+		$this->throwIfValidationPageNotAccessible();
 		$this->initialState->provideInitialState('action', JSActions::ACTION_SIGN);
 		$this->initialState->provideInitialState('config',
 			$this->accountService->getConfig($this->userSession->getUser())

diff --git a/src/helpers/SelectAction.js b/src/helpers/SelectAction.js
@@ -55,6 +55,9 @@ export const selectAction = (action, to, from) => {
 	case 5000: // ACTION_INCOMPLETE_SETUP
 		return 'Incomplete' + external
 	default:
+		if (loadState('libresign', 'error', false)) {
+			return 'DefaultPageError' + external
+		}
 		break
 	}
 }
diff --git a/src/router/router.js b/src/router/router.js
@@ -205,22 +205,24 @@ const router = new Router({
 })
 
 router.beforeEach((to, from, next) => {
+	const actionElement = document.querySelector('#initial-state-libresign-action')
+	let action
+	if (actionElement) {
+		action = selectAction(loadState('libresign', 'action', ''), to, from)
+		document.querySelector('#initial-state-libresign-action')?.remove()
+	}
 	if (Object.hasOwn(to, 'name') && typeof to.name === 'string' && !to.name.endsWith('External') && isExternal(to, from)) {
 		next({
 			name: to.name + 'External',
 			params: to.params,
 		})
+	} else if (action !== undefined) {
+		next({
+			name: action,
+			params: to.params,
+		})
 	} else {
-		const action = selectAction(loadState('libresign', 'action', ''), to, from)
-		if (action !== undefined) {
-			document.querySelector('#initial-state-libresign-action').remove()
-			next({
-				name: action,
-				params: to.params,
-			})
-		} else {
-			next()
-		}
+		next()
 	}
 })
 

diff --git a/src/views/DefaultPageError.vue b/src/views/DefaultPageError.vue
@@ -25,15 +25,13 @@
 	<div class="container">
 		<div id="img" />
 		<div class="content">
-			<h1>{{ code || '404' }}</h1>
+			<h1>404</h1>
 			<h2>
-				{{ message || t('libresign', 'Page not found') }}
+				{{ t('libresign', 'Page not found') }}
 			</h2>
-			<p>{{ paragth }}</p>
-			<NcNoteCard v-if="errors.length > 0" type="error" heading="Error">
-				<p v-for="error in errors" :key="error">
-					{{ error }}
-				</p>
+			<p>{{ paragrath }}</p>
+			<NcNoteCard v-if="error" type="error" heading="Error">
+				{{ error }}
 			</NcNoteCard>
 		</div>
 	</div>
@@ -53,8 +51,8 @@ export default {
 
 	data() {
 		return {
-			paragth: t('libresign', 'Sorry but the page you are looking for does not exist, has been removed, moved or is temporarily unavailable.'),
-			errors: loadState('libresign', 'errors', []),
+			paragrath: t('libresign', 'Sorry but the page you are looking for does not exist, has been removed, moved or is temporarily unavailable.'),
+			error: loadState('libresign', 'error', {})?.message,
 		}
 	},