forked from baron/baron-sso
adminfront: UserCreatePage 및 UserDetailPage에 세부 기능 권한(users / manage_users) 연동 적용하여 접근 제한 버그 해결
This commit is contained in:
@@ -158,7 +158,7 @@ function UserCreatePage() {
|
|||||||
queryFn: fetchMe,
|
queryFn: fetchMe,
|
||||||
});
|
});
|
||||||
const profileRole = normalizeAdminRole(profile?.role);
|
const profileRole = normalizeAdminRole(profile?.role);
|
||||||
const canManageUsers = canManageTenantScopedUsers(profile);
|
const canManageUsers = canManageTenantScopedUsers(profile) || !!profile?.systemPermissions?.manage_users;
|
||||||
|
|
||||||
const {
|
const {
|
||||||
register,
|
register,
|
||||||
|
|||||||
@@ -578,6 +578,8 @@ function UserDetailPage() {
|
|||||||
const isAdmin = profileRole === "super_admin";
|
const isAdmin = profileRole === "super_admin";
|
||||||
const isSelf = Boolean(profile?.id && user?.id && profile.id === user.id);
|
const isSelf = Boolean(profile?.id && user?.id && profile.id === user.id);
|
||||||
const canManageCurrentUser = canManageUserInTenantScope({ profile, user });
|
const canManageCurrentUser = canManageUserInTenantScope({ profile, user });
|
||||||
|
const isWritable = isAdmin || isSelf || canManageCurrentUser || !!profile?.systemPermissions?.manage_users;
|
||||||
|
const canViewUser = isAdmin || isSelf || canManageCurrentUser || !!profile?.systemPermissions?.users || !!profile?.systemPermissions?.manage_users;
|
||||||
const watchedStatus = watch("status");
|
const watchedStatus = watch("status");
|
||||||
|
|
||||||
const [newSubEmail, setNewSubEmail] = React.useState("");
|
const [newSubEmail, setNewSubEmail] = React.useState("");
|
||||||
@@ -1138,7 +1140,7 @@ function UserDetailPage() {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isAdmin && !isSelf && !canManageCurrentUser) {
|
if (profile && !canViewUser) {
|
||||||
return (
|
return (
|
||||||
<div className="flex h-[50vh] flex-col items-center justify-center space-y-4">
|
<div className="flex h-[50vh] flex-col items-center justify-center space-y-4">
|
||||||
<ShieldAlert size={48} className="text-destructive" />
|
<ShieldAlert size={48} className="text-destructive" />
|
||||||
@@ -1847,22 +1849,24 @@ function UserDetailPage() {
|
|||||||
</CardContent>
|
</CardContent>
|
||||||
</Card>
|
</Card>
|
||||||
|
|
||||||
<div className="flex justify-end pt-4">
|
{isWritable && (
|
||||||
<Button
|
<div className="flex justify-end pt-4">
|
||||||
type="submit"
|
<Button
|
||||||
disabled={mutation.isPending}
|
type="submit"
|
||||||
className="px-12 h-12 rounded-xl shadow-lg transition-all hover:scale-105"
|
disabled={mutation.isPending}
|
||||||
>
|
className="px-12 h-12 rounded-xl shadow-lg transition-all hover:scale-105"
|
||||||
{mutation.isPending ? (
|
>
|
||||||
<Loader2 className="mr-2 h-5 w-5 animate-spin" />
|
{mutation.isPending ? (
|
||||||
) : (
|
<Loader2 className="mr-2 h-5 w-5 animate-spin" />
|
||||||
<Save className="mr-2 h-5 w-5" />
|
) : (
|
||||||
)}
|
<Save className="mr-2 h-5 w-5" />
|
||||||
<span className="text-base font-bold">
|
)}
|
||||||
{t("ui.admin.users.detail.save", "저장하기")}
|
<span className="text-base font-bold">
|
||||||
</span>
|
{t("ui.admin.users.detail.save", "저장하기")}
|
||||||
</Button>
|
</span>
|
||||||
</div>
|
</Button>
|
||||||
|
</div>
|
||||||
|
)}
|
||||||
</TabsContent>
|
</TabsContent>
|
||||||
|
|
||||||
<TabsContent
|
<TabsContent
|
||||||
|
|||||||
Reference in New Issue
Block a user