datagouv · nicolaskempf57 · Apr 17, 2026 · Apr 17, 2026 · Apr 17, 2026 · ThibaudDauce
diff --git a/components/TabLinks.vue b/components/TabLinks.vue
@@ -21,6 +21,8 @@
 </template>
 
 <script setup lang="ts">
+import type { OrganizationReference } from '@datagouv/components-next'
+
 defineProps<{
   links: Array<{ href: string, label: string }>
 }>()
@@ -30,10 +32,16 @@ const isCurrentUrl = useIsCurrentUrl()
 function show(href: string) {
   const router = useRouter()
   const route = router.resolve(href)
-  const me = useMaybeMe()
-  if (route.meta.requiredRole) {
-    return me.value?.roles?.includes(route.meta.requiredRole as string) ?? false
+  const requiredOrganizationPermission = route.meta.requiredOrganizationPermission as (keyof OrganizationReference['permissions'] | undefined) ?? null
+  if (requiredOrganizationPermission) {
+    const { currentOrganization } = useCurrentOwned()
+    if (currentOrganization.value) {
+      return currentOrganization.value.permissions[requiredOrganizationPermission] ?? false
+    }
+
+    return false
   }
+
   return true
 }
 </script>

diff --git a/middleware/auth.ts b/middleware/auth.ts
@@ -1,16 +1,25 @@
+import type { OrganizationReference } from '@datagouv/components-next'
+
 export default defineNuxtRouteMiddleware(async (to, _from) => {
   // console.log(`Calling auth middleware ${from.path} -> ${to.path}`)
   const me = useMaybeMe()
 
-  const requiredRole = to.meta.requiredRole as string ?? ''
+  const requiredOrganizationPermission = to.meta.requiredOrganizationPermission as keyof OrganizationReference['permissions']
 
   if (to.path !== '/en/login' && !me.value) {
     // console.log('-> redirecting to login…')
     const route = useRoute()
     return navigateTo({ path: '/login', query: { next: route.fullPath } }, { external: true })
   }
 
-  if (requiredRole && !me.value?.roles?.includes(requiredRole)) {
-    throw createError({ statusCode: 401, statusMessage: 'Unauthorized' })
+  if (requiredOrganizationPermission) {
+    const { currentOrganization } = useCurrentOwned()
+
+    if (currentOrganization.value) {
+      const permissionValue = currentOrganization.value.permissions[requiredOrganizationPermission]
+      if (!permissionValue) {
+        throw createError({ statusCode: 401, statusMessage: 'Unauthorized' })
+      }
+    }
   }
 })
diff --git a/pages/admin/dataservices/[id]/activities.vue b/pages/admin/dataservices/[id]/activities.vue
@@ -7,7 +7,7 @@ import { ActivityList } from '@datagouv/components-next'
 import type { Dataservice } from '@datagouv/components-next'
 
 definePageMeta({
-  requiredRole: 'admin',
+  requiredOrganizationPermission: 'edit',
 })
 
 defineProps<{

diff --git a/pages/admin/datasets/[id]/activities.vue b/pages/admin/datasets/[id]/activities.vue
@@ -6,7 +6,7 @@
 import { ActivityList, type Dataset } from '@datagouv/components-next'
 
 definePageMeta({
-  requiredRole: 'admin',
+  requiredOrganizationPermission: 'edit',
 })
 
 defineProps<{

diff --git a/pages/admin/organizations/[oid]/profile/activities.vue b/pages/admin/organizations/[oid]/profile/activities.vue
@@ -6,7 +6,7 @@
 import { ActivityList, type Organization } from '@datagouv/components-next'
 
 definePageMeta({
-  requiredRole: 'admin',
+  requiredOrganizationPermission: 'edit',
 })
 
 defineProps<{

diff --git a/pages/admin/reuses/[id]/activities.vue b/pages/admin/reuses/[id]/activities.vue
@@ -6,7 +6,7 @@
 import { ActivityList, type Reuse } from '@datagouv/components-next'
 
 definePageMeta({
-  requiredRole: 'admin',
+  requiredOrganizationPermission: 'edit',
 })
 
 defineProps<{

diff --git a/pages/admin/topics/[id]/activities.vue b/pages/admin/topics/[id]/activities.vue
@@ -6,7 +6,7 @@
 import { ActivityList, type TopicV2 } from '@datagouv/components-next'
 
 definePageMeta({
-  requiredRole: 'admin',
+  requiredOrganizationPermission: 'edit',
 })
 
 defineProps<{