krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 07:07:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

add new permission for managing blockers

Browse Source
This commit is contained in:
Phillip Thelen
2025-08-04 14:21:36 +02:00
parent 227e5ceaa8
commit 1ba9dda0ed
5 changed files with 27 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
website/client/src/components/admin/container.vue
View File

@@ -2,11 +2,14 @@
<div class="row"> <div class="row">
<secondary-menu class="col-12"> <secondary-menu class="col-12">
<router-link <router-link
v-if="user.permissions.fullAccess || user.permissions.userSupport"
class="nav-link" class="nav-link"
:to="{name: 'adminPanel'}" :to="{name: 'adminPanel'}"
> >
{{ $t('adminPanel') }} {{ $t('adminPanel') }}
</router-link><router-link </router-link>
<router-link
v-if="user.permissions.fullAccess || user.permissions.accessControl"
class="nav-link" class="nav-link"
:to="{name: 'blockers'}" :to="{name: 'blockers'}"
> >
@@ -19,11 +22,15 @@
</template> </template>
<script> <script>
import { mapState } from '@/libs/store';
import SecondaryMenu from '@/components/secondaryMenu'; import SecondaryMenu from '@/components/secondaryMenu';
export default { export default {
components: { components: {
SecondaryMenu, SecondaryMenu,
}, },
computed: {
...mapState({ user: 'user.data' }),
},
}; };
</script> </script>

13
website/client/src/components/header/menu.vue
View File

@@ -329,8 +329,7 @@
</div> </div>
</li> </li>
<li <li
v-if="user.permissions.fullAccess || v-if="hasElevatedPrivileges"
user.permissions.userSupport"
class="topbar-item droppable" class="topbar-item droppable"
:class="{ :class="{
'active': $route.path.startsWith('/admin')}" 'active': $route.path.startsWith('/admin')}"
@@ -346,6 +345,7 @@
></div> ></div>
</div> </div>
<router-link <router-link
v-if="user.permissions.fullAccess || user.permissions.userSupport"
class="nav-link" class="nav-link"
:to="{name: 'adminPanel'}" :to="{name: 'adminPanel'}"
> >
@@ -353,18 +353,21 @@
</router-link> </router-link>
<div class="topbar-dropdown"> <div class="topbar-dropdown">
<router-link <router-link
v-if="user.permissions.fullAccess || user.permissions.userSupport"
class="topbar-dropdown-item dropdown-item" class="topbar-dropdown-item dropdown-item"
:to="{name: 'adminPanel'}" :to="{name: 'adminPanel'}"
> >
{{ $t("adminPanel") }} {{ $t("adminPanel") }}
</router-link> </router-link>
<router-link <router-link
v-if="user.permissions.fullAccess || user.permissions.accessControl"
class="topbar-dropdown-item dropdown-item" class="topbar-dropdown-item dropdown-item"
:to="{name: 'blockers'}" :to="{name: 'blockers'}"
> >
{{ $t("siteBlockers") }} {{ $t("siteBlockers") }}
</router-link> </router-link>
<a <a
v-if="user.permissions.fullAccess || user.permissions.news"
class="topbar-dropdown-item dropdown-item" class="topbar-dropdown-item dropdown-item"
target="_blank" target="_blank"
href="https://panel.habitica.com" href="https://panel.habitica.com"
@@ -839,6 +842,12 @@ export default {
params: { groupId: this.groupPlans[0]._id }, params: { groupId: this.groupPlans[0]._id },
}; };
}, },
hasElevatedPrivileges () {
return this.user.permissions.fullAccess
|| this.user.permissions.userSupport
|| this.user.permissions.accessControl
|| this.user.permissions.news;
},
}, },
async mounted () { async mounted () {
await this.getUserGroupPlans(); await this.getUserGroupPlans();

5
website/client/src/router/index.js
View File

@@ -180,12 +180,13 @@ const router = new VueRouter({
}, },
{ {
name: 'adminPanel', name: 'adminSection',
path: '/admin', path: '/admin',
component: AdminContainerPage, component: AdminContainerPage,
meta: { meta: {
privilegeNeeded: [ // any one of these is enough to give access privilegeNeeded: [ // any one of these is enough to give access
'userSupport', 'userSupport',
'accessControl',
], ],
}, },
children: [ children: [
@@ -227,7 +228,7 @@ const router = new VueRouter({
component: BlockerPage, component: BlockerPage,
meta: { meta: {
privilegeNeeded: [ // any one of these is enough to give access privilegeNeeded: [ // any one of these is enough to give access
'userSupport', 'accessControl',
], ],
}, },
}, },

8
website/server/controllers/api-v4/admin.js
View File

@@ -122,7 +122,7 @@ api.getUserHistory = {
api.getBlockers = { api.getBlockers = {
method: 'GET', method: 'GET',
url: '/admin/blockers', url: '/admin/blockers',
middlewares: [authWithHeaders(), ensurePermission('userSupport')], middlewares: [authWithHeaders(), ensurePermission('accessControl')],
async handler (req, res) { async handler (req, res) {
const blockers = await Blocker const blockers = await Blocker
.find({ disabled: false }) .find({ disabled: false })
@@ -136,7 +136,7 @@ api.getBlockers = {
api.createBlocker = { api.createBlocker = {
method: 'POST', method: 'POST',
url: '/admin/blockers', url: '/admin/blockers',
middlewares: [authWithHeaders(), ensurePermission('userSupport')], middlewares: [authWithHeaders(), ensurePermission('accessControl')],
async handler (req, res) { async handler (req, res) {
const id = uuid(); const id = uuid();
const blocker = await Blocker({ const blocker = await Blocker({
@@ -151,7 +151,7 @@ api.createBlocker = {
api.updateBlocker = { api.updateBlocker = {
method: 'PUT', method: 'PUT',
url: '/admin/blockers/:blockerId', url: '/admin/blockers/:blockerId',
middlewares: [authWithHeaders(), ensurePermission('userSupport')], middlewares: [authWithHeaders(), ensurePermission('accessControl')],
async handler (req, res) { async handler (req, res) {
req.checkParams('blockerId', res.t('blockerIdRequired')).notEmpty().isUUID(); req.checkParams('blockerId', res.t('blockerIdRequired')).notEmpty().isUUID();
@@ -171,7 +171,7 @@ api.updateBlocker = {
api.deleteBlocker = { api.deleteBlocker = {
method: 'DELETE', method: 'DELETE',
url: '/admin/blockers/:blockerId', url: '/admin/blockers/:blockerId',
middlewares: [authWithHeaders(), ensurePermission('userSupport')], middlewares: [authWithHeaders(), ensurePermission('accessControl')],
async handler (req, res) { async handler (req, res) {
req.checkParams('blockerId', res.t('blockerIdRequired')).notEmpty().isUUID(); req.checkParams('blockerId', res.t('blockerIdRequired')).notEmpty().isUUID();

1
website/server/models/user/schema.js
View File

@@ -224,6 +224,7 @@ export const UserSchema = new Schema({
userSupport: Boolean, // access User Support feature in Admin Panel userSupport: Boolean, // access User Support feature in Admin Panel
challengeAdmin: Boolean, // Can manage and administrate challenges challengeAdmin: Boolean, // Can manage and administrate challenges
moderator: Boolean, // Can ban, flag users and manage social spaces moderator: Boolean, // Can ban, flag users and manage social spaces
accessControl: Boolean, // Can manage IP and client blockers
coupons: Boolean, // Can generate and request coupons coupons: Boolean, // Can generate and request coupons
}, },
balance: { $type: Number, default: 0 }, balance: { $type: Number, default: 0 },