ai-workspace-services/accounts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix user role helper for server actions (#531)

Browse Source
This commit is contained in:
shenlan 2025-10-16 18:45:11 +08:00 committed by GitHub
parent 0fab78bd62
commit 217279ed98
5 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ui/homepage/app/api/admin/settings/route.ts
View File

@ -1,3 +1,5 @@
export const dynamic = 'force-dynamic'
import { NextRequest, NextResponse } from 'next/server'
import { getAccountServiceBaseUrl } from '@lib/serviceConfig'
@ -49,7 +51,7 @@ export async function GET(request: NextRequest) {
return NextResponse.json<ErrorPayload>({ error: 'unauthenticated' }, { status: 401 })
}
if (!userHasRole(user, READ_ROLES)) {
if (!(await userHasRole(user, READ_ROLES))) {
return NextResponse.json<ErrorPayload>({ error: 'forbidden' }, { status: 403 })
}
@ -64,7 +66,7 @@ export async function POST(request: NextRequest) {
return NextResponse.json<ErrorPayload>({ error: 'unauthenticated' }, { status: 401 })
}
if (!userHasRole(user, WRITE_ROLES)) {
if (!(await userHasRole(user, WRITE_ROLES))) {
return NextResponse.json<ErrorPayload>({ error: 'forbidden' }, { status: 403 })
}

4
ui/homepage/app/api/admin/users/[userId]/role/route.ts
View File

@ -1,3 +1,5 @@
export const dynamic = 'force-dynamic'
import { NextRequest, NextResponse } from 'next/server'
import { getAccountServiceBaseUrl } from '@lib/serviceConfig'
@ -33,7 +35,7 @@ export async function POST(request: NextRequest, { params }: RouteParams) {
return NextResponse.json<ErrorPayload>({ error: 'unauthenticated' }, { status: 401 })
}
if (!userHasRole(user, REQUIRED_ROLES)) {
if (!(await userHasRole(user, REQUIRED_ROLES))) {
return NextResponse.json<ErrorPayload>({ error: 'forbidden' }, { status: 403 })
}

4
ui/homepage/app/api/admin/users/metrics/route.ts
View File

@ -1,3 +1,5 @@
export const dynamic = 'force-dynamic'
import { NextRequest, NextResponse } from 'next/server'
import { getAccountServiceBaseUrl } from '@lib/serviceConfig'
@ -20,7 +22,7 @@ export async function GET(request: NextRequest) {
return NextResponse.json<MetricsErrorPayload>({ error: 'unauthenticated' }, { status: 401 })
}
if (!userHasRole(user, ALLOWED_ROLES)) {
if (!(await userHasRole(user, ALLOWED_ROLES))) {
return NextResponse.json<MetricsErrorPayload>({ error: 'forbidden' }, { status: 403 })
}

4
ui/homepage/app/api/users/route.ts
View File

@ -1,3 +1,5 @@
export const dynamic = 'force-dynamic'
import { NextResponse } from 'next/server'
import { getInternalServerServiceBaseUrl } from '@lib/serviceConfig'
@ -36,7 +38,7 @@ export async function GET() {
return NextResponse.json<ErrorPayload>({ error: 'unauthenticated' }, { status: 401 })
}
if (!userHasRole(user, ALLOWED_ROLES)) {
if (!(await userHasRole(user, ALLOWED_ROLES))) {
return NextResponse.json<ErrorPayload>({ error: 'forbidden' }, { status: 403 })
}

5
ui/homepage/server/account/session.ts
View File

@ -205,7 +205,10 @@ function resolveTokenFromRequest(request?: NextRequest): string | undefined {
return undefined
}
export function userHasRole(user: AccountSessionUser | null, roles: AccountUserRole[]): boolean {
export async function userHasRole(
user: AccountSessionUser | null,
roles: AccountUserRole[]
): Promise<boolean> {
if (!user || roles.length === 0) {
return false
}