diff --git a/components/TabLinks.vue b/components/TabLinks.vue index c3c282fae..078c4a347 100644 --- a/components/TabLinks.vue +++ b/components/TabLinks.vue @@ -21,6 +21,8 @@ diff --git a/middleware/auth.ts b/middleware/auth.ts index d957ac715..3d9eca6e9 100644 --- a/middleware/auth.ts +++ b/middleware/auth.ts @@ -1,8 +1,10 @@ +import type { OrganizationReference } from '@datagouv/components-next' + export default defineNuxtRouteMiddleware(async (to, _from) => { // console.log(`Calling auth middleware ${from.path} -> ${to.path}`) const me = useMaybeMe() - const requiredRole = to.meta.requiredRole as string ?? '' + const requiredOrganizationPermission = to.meta.requiredOrganizationPermission as keyof OrganizationReference['permissions'] if (to.path !== '/en/login' && !me.value) { // console.log('-> redirecting to login…') @@ -10,7 +12,14 @@ export default defineNuxtRouteMiddleware(async (to, _from) => { return navigateTo({ path: '/login', query: { next: route.fullPath } }, { external: true }) } - if (requiredRole && !me.value?.roles?.includes(requiredRole)) { - throw createError({ statusCode: 401, statusMessage: 'Unauthorized' }) + if (requiredOrganizationPermission) { + const { currentOrganization } = useCurrentOwned() + + if (currentOrganization.value) { + const permissionValue = currentOrganization.value.permissions[requiredOrganizationPermission] + if (!permissionValue) { + throw createError({ statusCode: 401, statusMessage: 'Unauthorized' }) + } + } } }) diff --git a/pages/admin/dataservices/[id]/activities.vue b/pages/admin/dataservices/[id]/activities.vue index 548b3b077..577181d2e 100644 --- a/pages/admin/dataservices/[id]/activities.vue +++ b/pages/admin/dataservices/[id]/activities.vue @@ -7,7 +7,7 @@ import { ActivityList } from '@datagouv/components-next' import type { Dataservice } from '@datagouv/components-next' definePageMeta({ - requiredRole: 'admin', + requiredOrganizationPermission: 'edit', }) defineProps<{ diff --git a/pages/admin/datasets/[id]/activities.vue b/pages/admin/datasets/[id]/activities.vue index 508eb198d..d0d1058d6 100644 --- a/pages/admin/datasets/[id]/activities.vue +++ b/pages/admin/datasets/[id]/activities.vue @@ -6,7 +6,7 @@ import { ActivityList, type Dataset } from '@datagouv/components-next' definePageMeta({ - requiredRole: 'admin', + requiredOrganizationPermission: 'edit', }) defineProps<{ diff --git a/pages/admin/organizations/[oid]/profile/activities.vue b/pages/admin/organizations/[oid]/profile/activities.vue index b9a9e65db..215121879 100644 --- a/pages/admin/organizations/[oid]/profile/activities.vue +++ b/pages/admin/organizations/[oid]/profile/activities.vue @@ -6,7 +6,7 @@ import { ActivityList, type Organization } from '@datagouv/components-next' definePageMeta({ - requiredRole: 'admin', + requiredOrganizationPermission: 'edit', }) defineProps<{ diff --git a/pages/admin/reuses/[id]/activities.vue b/pages/admin/reuses/[id]/activities.vue index f52d15728..bfed42e57 100644 --- a/pages/admin/reuses/[id]/activities.vue +++ b/pages/admin/reuses/[id]/activities.vue @@ -6,7 +6,7 @@ import { ActivityList, type Reuse } from '@datagouv/components-next' definePageMeta({ - requiredRole: 'admin', + requiredOrganizationPermission: 'edit', }) defineProps<{ diff --git a/pages/admin/topics/[id]/activities.vue b/pages/admin/topics/[id]/activities.vue index b09435fc6..08afacd65 100644 --- a/pages/admin/topics/[id]/activities.vue +++ b/pages/admin/topics/[id]/activities.vue @@ -6,7 +6,7 @@ import { ActivityList, type TopicV2 } from '@datagouv/components-next' definePageMeta({ - requiredRole: 'admin', + requiredOrganizationPermission: 'edit', }) defineProps<{