Replace IsAdmin with role-based admin
Switch user admin handling from an AppUser boolean to ASP.NET Identity roles. Removed AppUser.IsAdmin and related configuration/model entries; added migration ReplaceIsAdminWithRoles to copy Users.IsAdmin=true into a persistent admin role and drop the IsAdmin column. CurrentUserResponse now exposes roles (string[]), AuthController returns ordered roles from UserManager, and IdentitySeedService now ensures the admin role exists and assigns/creates an initial admin user in that role. Program.cs registers an Admin-only policy (PolicyNames/RoleNames), adjusts cookie auth events to return 401/403 for API requests, and wires up authorization. Frontend updated to use roles: authSession normalizes roles, adds hasRole and ROLE_ADMIN, router and layout support meta.requiredRoles, and new Forbidden and AdminUsers pages/route are added. codexInfo.md updated to reflect the migration to role-based auth.
This commit is contained in:
Jonas
@@ -3,8 +3,11 @@ import type { RouteRecordRaw } from 'vue-router'
|
||||
import Home from '@/routes/Home.vue'
|
||||
import Dashboard from '@/routes/dashboard/Dashboard.vue'
|
||||
import NotFound from '@/routes/404NotFound.vue'
|
||||
import Forbidden from '@/routes/Forbidden.vue'
|
||||
import Login from '@/routes/authentication/Login.vue'
|
||||
import AdminUsers from '@/routes/admin/AdminUsers.vue'
|
||||
import Impressum from '@/routes/Impressum.vue'
|
||||
import { ROLE_ADMIN } from '@/services/authSession'
|
||||
|
||||
export enum Visibility {
|
||||
Hidden,
|
||||
@@ -24,6 +27,7 @@ export interface LayoutRoute {
|
||||
disableFooter?: boolean
|
||||
visible: Visibility
|
||||
visibilityRoute?: string | string[]
|
||||
requiredRoles?: string[]
|
||||
meta?: RouteRecordRaw
|
||||
}
|
||||
|
||||
@@ -65,6 +69,23 @@ export const routes: LayoutRoute[] = [
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
path: '/admin/users',
|
||||
name: 'Benutzer',
|
||||
description: 'Adminbereich für Benutzerverwaltung',
|
||||
icon: 'mdi-shield-account-outline',
|
||||
visible: Visibility.Authorized,
|
||||
requiredRoles: [ROLE_ADMIN],
|
||||
meta: {
|
||||
name: 'AdminUsers',
|
||||
path: '/admin/users',
|
||||
component: AdminUsers,
|
||||
meta: {
|
||||
requiresAuth: true,
|
||||
requiredRoles: [ROLE_ADMIN],
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
path: '/login',
|
||||
name: 'Login',
|
||||
@@ -92,6 +113,21 @@ export const routes: LayoutRoute[] = [
|
||||
component: Impressum,
|
||||
},
|
||||
},
|
||||
{
|
||||
path: '/forbidden',
|
||||
name: 'Kein Zugriff',
|
||||
description: 'Du hast keine Berechtigung für diese Seite',
|
||||
icon: 'mdi-alert-circle-outline',
|
||||
visible: Visibility.Hidden,
|
||||
meta: {
|
||||
path: '/forbidden',
|
||||
name: 'Forbidden',
|
||||
component: Forbidden,
|
||||
meta: {
|
||||
requiresAuth: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
path: '/notFound',
|
||||
name: 'Nicht gefunden',
|
||||
|
||||
Reference in New Issue
Block a user