Filter sidebar menu's that user isn't privileged for

= This is a combination of 2 commits. = This is the 1st commit message: Atm you're redirected to /users after login even when you aren't privileged to any of the user actions. This should be addressed in a following commit. It will only show the menu's on the left for which you are privileged. This can be depending on role (e.g. settings for admin) or privilege (e.g. user actions). = This is the 2nd commit message: It will only show the menu's on the left for which you are privileged. This is depending on privileges. The redirect for root is now also set after login before adding the route. That way we can set the route to the path corresponding with the first item in the sidebar. When there's no unhidden route (e.g. when admin-fe doesn't know about any privilege the user has), the redirect goes to /401.

Filter sidebar menu's that user isn't privileged for
e43d1caf · Ilja · Haelwenn · 68ad3c35 · e43d1caf · e43d1caf
Commit e43d1caf authored 2 years ago by Ilja Committed by Haelwenn 2 years ago
--- a/src/permission.js
+++ b/src/permission.js
@@ -20,6 +20,25 @@ function hasPermission(roles, permissionRoles) {
  return roles.some(role => permissionRoles.indexOf(role) >= 0)
 }

+function isPrivileged(route, privileges) {
+  if (!route.required_privileges) {
+    return true
+  }
+
+  // We check for all the required privileges if the user has it
+  // If there's at least one privilege missing, the user isn't privileged so we return false
+  // If the logged in user has all required privileges, we return true
+  return route.required_privileges.map(required_privilege => privileges.indexOf(required_privilege)).indexOf(-1) === -1
+}
+
+function findFirstUnhiddenPath(addRouters) {
+  const unhiddenRoute = addRouters.find((route) => !route.hidden)
+  if (unhiddenRoute) {
+    return unhiddenRoute.path + '/index'
+  }
+  return '/401'
+}
+
 const whiteList = ['/login', '/auth-redirect', '/login-pleroma']// no redirect whitelist

 export const beforeEachRoute = (to, from, next) => {
@@ -32,9 +51,18 @@ export const beforeEachRoute = (to, from, next) => {
    } else {
      if (store.getters.roles.length === 0 && store.getters.privileges.length === 0) {
        store.dispatch('GetUserInfo').then(res => {
-          const roles = res.data.pleroma.is_admin ? ['admin'] : []
+          const roles = store.getters.roles
+          const privileges = store.getters.privileges
+
          store.dispatch('GenerateRoutes', { roles }).then(() => {
-            store.getters.addRouters.forEach(route => router.addRoute(route))
+            const addRouters = store.getters.addRouters
+            addRouters.forEach(route => {
+              route.hidden = !isPrivileged(route, privileges)
+              if (route.path === '') {
+                route.redirect = findFirstUnhiddenPath(addRouters)
+              }
+              router.addRoute(route)
+            })
            next({ ...to, replace: true })
          })
        }).catch((err) => {

--- a/src/router/index.js
+++ b/src/router/index.js
@@ -42,6 +42,7 @@ const settingsChildren = () => {
 const settings = {
  path: '/settings',
  component: Layout,
+  roles: ['admin'],
  name: 'Settings',
  hasSubmenu: true,
  meta: { title: 'settings', icon: 'el-icon-setting', noCache: true },
@@ -51,6 +52,7 @@ const statusesDisabled = disabledFeatures.includes('statuses')
 const statuses = {
  path: '/statuses',
  component: Layout,
+  required_privileges: ['messages_read', 'messages_delete'],
  children: [
    {
      path: 'index',
@@ -65,6 +67,7 @@ const reportsDisabled = disabledFeatures.includes('reports')
 const reports = {
  path: '/reports',
  component: Layout,
+  required_privileges: ['reports_manage_reports'],
  children: [
    {
      path: 'index',
@@ -79,6 +82,7 @@ const invitesDisabled = disabledFeatures.includes('invites')
 const invites = {
  path: '/invites',
  component: Layout,
+  required_privileges: ['users_manage_invites'],
  children: [
    {
      path: 'index',
@@ -93,6 +97,7 @@ const relaysDisabled = disabledFeatures.includes('relays')
 const relays = {
  path: '/relays',
  component: Layout,
+  roles: ['admin'],
  children: [
    {
      path: 'index',
@@ -107,6 +112,7 @@ const moderationLogDisabled = disabledFeatures.includes('moderation-log')
 const moderationLog = {
  path: '/moderation_log',
  component: Layout,
+  required_privileges: ['moderation_log_read'],
  children: [
    {
      path: 'index',
@@ -121,6 +127,7 @@ const mediaProxyCacheDisabled = disabledFeatures.includes('media-proxy-cache')
 const mediaProxyCache = {
  path: '/media_proxy_cache',
  component: Layout,
+  roles: ['admin'],
  children: [
    {
      path: 'index',
@@ -167,12 +174,6 @@ export const constantRouterMap = [
    path: '/401',
    component: () => import('@/views/errorPage/401'),
    hidden: true
-  },
-  {
-    path: '',
-    component: Layout,
-    redirect: '/users/index',
-    hidden: true
  }
 ]

@@ -186,6 +187,7 @@ export const asyncRouterMap = [
  {
    path: '/users',
    component: Layout,
+    required_privileges: ['users_read'],
    children: [
      {
        path: 'index',
@@ -250,5 +252,10 @@ export const asyncRouterMap = [
    ],
    hidden: true
  },
-  { path: '*', redirect: '/404', hidden: true }
+  { path: '*', redirect: '/404', hidden: true },
+  {
+    path: '',
+    component: Layout,
+    hidden: true
+  }
 ]
--- a/src/store/modules/user.js
+++ b/src/store/modules/user.js
@@ -53,7 +53,7 @@ const user = {
      state.roles = roles
    },
    SET_PRIVILEGES: (state, privileges) => {
-      state.privileges = privileges
+      state.privileges = privileges || []
    },
    SET_ID: (state, id) => {
      state.id = id

--- a/src/views/layout/components/Sidebar/index.vue
+++ b/src/views/layout/components/Sidebar/index.vue
@@ -17,7 +17,7 @@ SPDX-License-Identifier: AGPL-3.0-only
      mode="vertical"
      @open="handleOpen"
    >
-      <sidebar-item v-for="route in permission_routers" :key="route.path" :item="route" :base-path="route.path"/>
+      <sidebar-item v-for="route in permission_routers" v-if="isPrivileged(route)" :key="route.path" :item="route" :base-path="route.path"/>
    </el-menu>
  </el-scrollbar>
 </template>
@@ -61,6 +61,17 @@ export default {
        }
      }, [...asyncRouterMap])
    },
+    isPrivileged(route) {
+      if (route.roles && route.roles.some(role => this.$store.getters.roles.indexOf(role) >= 0)) {
+        return true
+      }
+
+      if (route.privileges && route.privileges.some(privilege => this.$store.getters.privileges.indexOf(privilege) >= 0)) {
+        return true
+      }
+
+      return false
+    },
    async handleOpen($event) {
      if ($event === '/settings') {
        let settingsTabs = localStorage.getItem('settingsTabs')