erman/scan-wave
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add role base access control for events module

Browse Source
This commit is contained in:
Roman Krček
2025-07-14 15:50:07 +02:00
parent 6466665549
commit f14213a5d4
9 changed files with 68 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/hooks.server.ts
View File

@@ -51,6 +51,22 @@ const supabase: Handle = async ({ event, resolve }) => {
return { session, user }
}
/**
* Fetch user profile data including display name, section position, and section name
*/
event.locals.getUserProfile = async (userId) => {
if (!userId) return null
const { data: profile, error } = await event.locals.supabase
.from('profiles')
.select('display_name, section_position, section:sections (name)')
.eq('id', userId)
.single()
if (error) return null
return profile
}
return resolve(event, {
filterSerializedResponseHeaders(name) {
/**
@@ -67,6 +83,11 @@ const authGuard: Handle = async ({ event, resolve }) => {
event.locals.session = session
event.locals.user = user
// Fetch the user's profile if they're authenticated
if (user) {
event.locals.profile = await event.locals.getUserProfile(user.id)
}
if (!event.locals.session && event.url.pathname.startsWith('/private')) {
redirect(303, '/auth')
}
@@ -75,6 +96,13 @@ const authGuard: Handle = async ({ event, resolve }) => {
redirect(303, '/private/home')
}
// Role-based access control for events routes
if (event.url.pathname.startsWith('/private/events')) {
if (!event.locals.profile || event.locals.profile.section_position !== 'events_manager') {
redirect(303, '/private/errors/events/denied')
}
}
return resolve(event)
}