munawwirul_jamal/simrsx-fe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat (rbac): implement role-based access control

Browse Source
This commit is contained in:
Abizrh
2025-08-12 11:32:36 +07:00
parent 59db7a8479
commit 125d7857ce
16 changed files with 394 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/middleware/auth.global.ts
+10 -4
View File
@@ -1,4 +1,6 @@
export default defineNuxtRouteMiddleware((to) => {
if (to.meta.public) return
const { $pinia } = useNuxtApp()
if (import.meta.client) {
@@ -10,9 +12,13 @@ export default defineNuxtRouteMiddleware((to) => {
return navigateTo('/auth/login')
}
const allowedRoles = to.meta.roles as string[] | undefined
if (allowedRoles && !allowedRoles.includes(userStore.userRole)) {
return navigateTo('/unauthorized')
}
// const allowedRoles = to.meta.roles as string[] | undefined
// if (allowedRoles && !allowedRoles.includes(userStore.userRole)) {
// return navigateTo('/unauthorized')
// }
// const allowedRoles = to.meta.roles as string[] | undefined
// if (allowedRoles && !userStore.userRole.some((r) => allowedRoles.includes(r))) {
// return navigateTo('/unauthorized')
// }
}
})
app/middleware/rbac.ts
+37
View File
@@ -0,0 +1,37 @@
import { PAGE_PERMISSIONS } from '~/lib/page-permission'
export default defineNuxtRouteMiddleware((to) => {
if (to.meta.public) return
const { $pinia } = useNuxtApp()
if (import.meta.server) {
const authStore = useUserStore($pinia)
// Check specific page permissions if defined in config
const pagePermissions = PAGE_PERMISSIONS[to.path as keyof typeof PAGE_PERMISSIONS]
if (pagePermissions) {
const { checkRole } = useRBAC()
if (!checkRole(pagePermissions)) {
throw createError({
statusCode: 403,
statusMessage: 'Forbidden - Insufficient permissions for this page',
})
}
}
// Fallback to meta roles
const requiredRoles = to.meta.roles as string[]
if (requiredRoles && requiredRoles.length > 0) {
// FIXME: change this dummy roles, when api is ready
// const userRoles = authStore.roles
const userRoles = ['admisi']
const hasRequiredRole = requiredRoles.some((role) => userRoles.includes(role))
if (!hasRequiredRole) {
throw createError({
statusCode: 403,
statusMessage: 'Forbidden - Insufficient role permissions',
})
}
}
}
})