show admin pages only when permissions are correct

2023-08-29 13:59:30 +02:00 · 2023-08-29 13:59:30 +02:00 · d0c40e1d81
commit d0c40e1d81
parent 4830551edc
4 changed files with 35 additions and 21 deletions
--- a/src/routes/admin/+layout.server.ts
+++ b/src/routes/admin/+layout.server.ts
@ -6,7 +6,7 @@ export const load: LayoutServerLoad = async ({ cookies }) => {
 	const session = getSession(cookies);
 	return {
-		userCount: session?.permissions.userRead() ? await User.count() : 0,
+		userCount: session?.permissions.userRead() ? await User.count() : null,
-		adminCount: session?.permissions.adminRead() ? await Admin.count() : 0
+		adminCount: session?.permissions.adminRead() ? await Admin.count() : null
 	};
 };
--- a/src/routes/admin/+layout.svelte
+++ b/src/routes/admin/+layout.svelte
@ -19,27 +19,31 @@
 	}
 	export let data: LayoutData;
-	$adminCount = data.adminCount;
+	if (data.adminCount) $adminCount = data.adminCount;
 </script>
 {#if $page.url.pathname !== `${env.PUBLIC_BASE_PATH}/admin/login`}
 	<div class="flex h-screen">
-		<div class="h-full w-max">
+		<div class="h-full">
-			<ul class="menu p-4 w-fit h-full bg-base-200 text-base-content">
+			<ul class="menu p-4 w-max h-full bg-base-200 text-base-content">
-				<li>
+				{#if data.userCount != null}
-					<a href="{env.PUBLIC_BASE_PATH}/admin/users">
+					<li>
-						<IconOutline name="user-group-outline" />
+						<a href="{env.PUBLIC_BASE_PATH}/admin/users">
-						<span class="ml-1">Registrierte Nutzer</span>
+							<IconOutline name="user-group-outline" />
-						<div class="badge">{data.userCount}</div>
+							<span class="ml-1">Registrierte Nutzer</span>
-					</a>
+							<div class="badge">{data.userCount}</div>
-				</li>
+						</a>
-				<li>
+					</li>
-					<a href="{env.PUBLIC_BASE_PATH}/admin/admin">
+				{/if}
-						<IconOutline name="users-outline" />
+				{#if data.adminCount != null}
-						<span class="ml-1">Website Admins</span>
+					<li>
-						<div class="badge">{$adminCount}</div>
+						<a href="{env.PUBLIC_BASE_PATH}/admin/admin">
-					</a>
+							<IconOutline name="users-outline" />
-				</li>
+							<span class="ml-1">Website Admins</span>
 							<div class="badge">{$adminCount}</div>
 						</a>
 					</li>
 				{/if}
 				<li class="mt-auto">
 					<button on:click={(e) => buttonTriggeredRequest(e, logout())}>
 						<IconOutline name="arrow-left-on-rectangle-outline" />
--- a/src/routes/admin/admin/+page.server.ts
+++ b/src/routes/admin/admin/+page.server.ts
@ -2,8 +2,13 @@ import type { PageServerLoad } from './$types';
 import { Admin } from '$lib/server/database';
 import { getSession } from '$lib/server/session';
 import { Permissions } from '$lib/permissions';
 import { redirect } from '@sveltejs/kit';
 import { env } from '$env/dynamic/public';
 export const load: PageServerLoad = async ({ parent, cookies }) => {
 	const { adminCount } = await parent();
 	if (adminCount == null) throw redirect(302, `${env.PUBLIC_BASE_PATH}/admin`);
 export const load: PageServerLoad = async ({ cookies }) => {
 	let admins: (typeof Admin.prototype)[] = [];
 	if (getSession(cookies, { permissions: [Permissions.AdminRead] }) != null) {
 		admins = await Admin.findAll({ raw: true, attributes: { exclude: ['password'] } });
--- a/src/routes/admin/users/+page.server.ts
+++ b/src/routes/admin/users/+page.server.ts
@ -2,8 +2,13 @@ import type { PageServerLoad } from './$types';
 import { User } from '$lib/server/database';
 import { getSession } from '$lib/server/session';
 import { Permissions } from '$lib/permissions';
 import { redirect } from '@sveltejs/kit';
 import { env } from '$env/dynamic/public';
 export const load: PageServerLoad = async ({ parent, cookies }) => {
 	const { userCount } = await parent();
 	if (userCount == null) throw redirect(302, `${env.PUBLIC_BASE_PATH}/admin`);
 export const load: PageServerLoad = async ({ cookies }) => {
 	return {
 		count:
 			getSession(cookies, { permissions: [Permissions.UserRead] }) != null ? await User.count() : 0