scripte/archivmail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Rollenhierarchie domain_admin/superadmin in Frontend

Browse Source 
- useAuth: neue Rollen domain_admin/superadmin + hasRole() helper
- Admin-Page: useAuth(domain_admin), isSuperAdmin-Flag
- Tabs LDAP/Security/Mandanten/Module nur für superadmin
- Navbar: Admin-Link für domain_admin + superadmin sichtbar
- User-Anlage: domain_admin-Rolle wählbar, superadmin nur für superadmin

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sysops
2026-03-17 21:23:24 +01:00
parent 73cb609411
commit db433e5c2e
4 changed files with 26 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/hooks/useAuth.ts
+16 -11
View File
@@ -7,7 +7,20 @@ import { getCachedUser, setCachedUser } from "@/lib/auth-cache";
export { clearAuthCache } from "@/lib/auth-cache";
export function useAuth(requireRole?: "admin" | "auditor") {
// Role hierarchy: superadmin(5) > domain_admin(4) > admin(3) > auditor(2) > user(1)
const roleLevels: Record<string, number> = {
user: 1,
auditor: 2,
admin: 3,
domain_admin: 4,
superadmin: 5,
};
export function hasRole(userRole: string, required: string): boolean {
return (roleLevels[userRole] ?? 0) >= (roleLevels[required] ?? 0);
}
export function useAuth(requireRole?: "admin" | "domain_admin" | "superadmin" | "auditor") {
const router = useRouter();
const cached = getCachedUser();
const [user, setUser] = useState(cached);
@@ -16,11 +29,7 @@ export function useAuth(requireRole?: "admin" | "auditor") {
const checkAuth = useCallback(async () => {
const cached = getCachedUser();
if (cached !== null) {
if (requireRole === "admin" && cached.role !== "admin") {
router.replace("/search");
return;
}
if (requireRole === "auditor" && cached.role !== "auditor" && cached.role !== "admin") {
if (requireRole && !hasRole(cached.role, requireRole)) {
router.replace("/search");
return;
}
@@ -32,11 +41,7 @@ export function useAuth(requireRole?: "admin" | "auditor") {
try {
const me = await getMe();
setCachedUser(me);
if (requireRole === "admin" && me.role !== "admin") {
router.replace("/search");
return;
}
if (requireRole === "auditor" && me.role !== "auditor" && me.role !== "admin") {
if (requireRole && !hasRole(me.role, requireRole)) {
router.replace("/search");
return;
}