From 7f8de4e4999abd09c25aed62d76723f63e0a188b Mon Sep 17 00:00:00 2001 From: silverpill Date: Sat, 4 Feb 2023 15:42:52 +0000 Subject: [PATCH] Hide subscription settings page if user doesn't have permission to manage subscriptions --- CHANGELOG.md | 1 + src/api/users.ts | 1 + src/components/Sidebar.vue | 12 +++++++++--- src/router/index.ts | 7 +++++++ src/views/Profile.vue | 5 ++++- 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32772f7..0d92ef0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed - Improved username validation. +- Hide subscription settings page if user doesn't have permission to manage subscriptions. ### Fixed diff --git a/src/api/users.ts b/src/api/users.ts index 9084e11..e96c3c2 100644 --- a/src/api/users.ts +++ b/src/api/users.ts @@ -32,6 +32,7 @@ interface Role { export enum Permissions { CreatePost = "create_post", + ManageSubscriptionOptions = "manage_subscription_options", } export interface Profile { diff --git a/src/components/Sidebar.vue b/src/components/Sidebar.vue index c2afbf2..65b6a4b 100644 --- a/src/components/Sidebar.vue +++ b/src/components/Sidebar.vue @@ -16,7 +16,7 @@ Profile directory @@ -43,6 +43,7 @@ import { onMounted } from "vue" import { $, $computed } from "vue/macros" import { useRouter } from "vue-router" +import { Permissions } from "@/api/users" import { useNotifications } from "@/store/notifications" import { useCurrentUser } from "@/store/user" import { useInstanceInfo } from "@/store/instance" @@ -71,9 +72,14 @@ const unreadNotificationCount = $computed(() => { return getUnreadNotificationCount() }) -function isSubscriptionsFeatureEnabled(): boolean { +function canManageSubscriptions(): boolean { const blockchain = instance?.blockchains[0] - return Boolean(blockchain?.features.subscriptions) + const isSubscriptionsFeatureEnabled = Boolean(blockchain?.features.subscriptions) + return ( + isSubscriptionsFeatureEnabled && + currentUser !== null && + currentUser.role.permissions.includes(Permissions.ManageSubscriptionOptions) + ) } async function logout() { diff --git a/src/router/index.ts b/src/router/index.ts index e93b83e..b75db6b 100644 --- a/src/router/index.ts +++ b/src/router/index.ts @@ -20,6 +20,7 @@ import SearchResultList from "@/views/SearchResultList.vue" import SubscriptionPage from "@/views/SubscriptionPage.vue" import SubscriptionsSettings from "@/views/SubscriptionsSettings.vue" +import { Permissions } from "@/api/users" import { useCurrentUser } from "@/store/user" async function authGuard(to: any) { @@ -152,6 +153,12 @@ const routes: Array = [ name: "subscriptions-settings", component: SubscriptionsSettings, meta: { onlyAuthenticated: true }, + beforeEnter: () => { + const { ensureCurrentUser } = useCurrentUser() + return ensureCurrentUser() + .role.permissions + .includes(Permissions.ManageSubscriptionOptions) + }, }, { path: "/@:acct(.*)", diff --git a/src/views/Profile.vue b/src/views/Profile.vue index 878f649..390a8b2 100644 --- a/src/views/Profile.vue +++ b/src/views/Profile.vue @@ -259,6 +259,7 @@ import { getReceivedSubscriptions } from "@/api/subscriptions-common" import { getProfile, lookupProfile, + Permissions, Profile, ProfileField, ProfileWrapper, @@ -541,7 +542,9 @@ function canManageSubscriptions(): boolean { return ( isSubscriptionsFeatureEnabled() && profile !== null && - isCurrentUser() + currentUser !== null && + isCurrentUser() && + currentUser.role.permissions.includes(Permissions.ManageSubscriptionOptions) ) }