show admin pages only when permissions are correct
This commit is contained in:
@@ -6,7 +6,7 @@ export const load: LayoutServerLoad = async ({ cookies }) => {
|
||||
const session = getSession(cookies);
|
||||
|
||||
return {
|
||||
userCount: session?.permissions.userRead() ? await User.count() : 0,
|
||||
adminCount: session?.permissions.adminRead() ? await Admin.count() : 0
|
||||
userCount: session?.permissions.userRead() ? await User.count() : null,
|
||||
adminCount: session?.permissions.adminRead() ? await Admin.count() : null
|
||||
};
|
||||
};
|
||||
|
||||
@@ -19,27 +19,31 @@
|
||||
}
|
||||
|
||||
export let data: LayoutData;
|
||||
$adminCount = data.adminCount;
|
||||
if (data.adminCount) $adminCount = data.adminCount;
|
||||
</script>
|
||||
|
||||
{#if $page.url.pathname !== `${env.PUBLIC_BASE_PATH}/admin/login`}
|
||||
<div class="flex h-screen">
|
||||
<div class="h-full w-max">
|
||||
<ul class="menu p-4 w-fit h-full bg-base-200 text-base-content">
|
||||
<li>
|
||||
<a href="{env.PUBLIC_BASE_PATH}/admin/users">
|
||||
<IconOutline name="user-group-outline" />
|
||||
<span class="ml-1">Registrierte Nutzer</span>
|
||||
<div class="badge">{data.userCount}</div>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{env.PUBLIC_BASE_PATH}/admin/admin">
|
||||
<IconOutline name="users-outline" />
|
||||
<span class="ml-1">Website Admins</span>
|
||||
<div class="badge">{$adminCount}</div>
|
||||
</a>
|
||||
</li>
|
||||
<div class="h-full">
|
||||
<ul class="menu p-4 w-max h-full bg-base-200 text-base-content">
|
||||
{#if data.userCount != null}
|
||||
<li>
|
||||
<a href="{env.PUBLIC_BASE_PATH}/admin/users">
|
||||
<IconOutline name="user-group-outline" />
|
||||
<span class="ml-1">Registrierte Nutzer</span>
|
||||
<div class="badge">{data.userCount}</div>
|
||||
</a>
|
||||
</li>
|
||||
{/if}
|
||||
{#if data.adminCount != null}
|
||||
<li>
|
||||
<a href="{env.PUBLIC_BASE_PATH}/admin/admin">
|
||||
<IconOutline name="users-outline" />
|
||||
<span class="ml-1">Website Admins</span>
|
||||
<div class="badge">{$adminCount}</div>
|
||||
</a>
|
||||
</li>
|
||||
{/if}
|
||||
<li class="mt-auto">
|
||||
<button on:click={(e) => buttonTriggeredRequest(e, logout())}>
|
||||
<IconOutline name="arrow-left-on-rectangle-outline" />
|
||||
|
||||
@@ -2,8 +2,13 @@ import type { PageServerLoad } from './$types';
|
||||
import { Admin } from '$lib/server/database';
|
||||
import { getSession } from '$lib/server/session';
|
||||
import { Permissions } from '$lib/permissions';
|
||||
import { redirect } from '@sveltejs/kit';
|
||||
import { env } from '$env/dynamic/public';
|
||||
|
||||
export const load: PageServerLoad = async ({ parent, cookies }) => {
|
||||
const { adminCount } = await parent();
|
||||
if (adminCount == null) throw redirect(302, `${env.PUBLIC_BASE_PATH}/admin`);
|
||||
|
||||
export const load: PageServerLoad = async ({ cookies }) => {
|
||||
let admins: (typeof Admin.prototype)[] = [];
|
||||
if (getSession(cookies, { permissions: [Permissions.AdminRead] }) != null) {
|
||||
admins = await Admin.findAll({ raw: true, attributes: { exclude: ['password'] } });
|
||||
|
||||
@@ -2,8 +2,13 @@ import type { PageServerLoad } from './$types';
|
||||
import { User } from '$lib/server/database';
|
||||
import { getSession } from '$lib/server/session';
|
||||
import { Permissions } from '$lib/permissions';
|
||||
import { redirect } from '@sveltejs/kit';
|
||||
import { env } from '$env/dynamic/public';
|
||||
|
||||
export const load: PageServerLoad = async ({ parent, cookies }) => {
|
||||
const { userCount } = await parent();
|
||||
if (userCount == null) throw redirect(302, `${env.PUBLIC_BASE_PATH}/admin`);
|
||||
|
||||
export const load: PageServerLoad = async ({ cookies }) => {
|
||||
return {
|
||||
count:
|
||||
getSession(cookies, { permissions: [Permissions.UserRead] }) != null ? await User.count() : 0
|
||||
|
||||
Reference in New Issue
Block a user