Merge pull request 'Fixed permission check' (#396) from dev into master
Some checks reported warnings
Deploy dev on push / on-push-deploy_sh-edraft (push) Has been cancelled

Reviewed-on: sh-edraft.de/kd_discord_bot#396
This commit is contained in:
Sven Heidemann 2023-10-02 16:33:05 +02:00
commit 34d83a472c
2 changed files with 6 additions and 6 deletions

View File

@ -48,7 +48,7 @@ export class ProfileComponent implements OnInit, OnDestroy {
let authUser = await this.auth.getLoggedInUser(); let authUser = await this.auth.getLoggedInUser();
this.spinner.showSpinner(); this.spinner.showSpinner();
let user: UserDTO | null = authUser?.users?.find(u => u.server == server.id) ?? null; let user: UserDTO | null = authUser?.users?.find(u => u.server == server.id) ?? null;
if (!user || user?.id != params["memberId"] && !user?.isModerator) { if (!user || user?.id != params["memberId"] && !user?.isModerator && !user.isModerator) {
this.toast.error(this.translate.instant("view.server.profile.permission_denied"), this.translate.instant("view.server.profile.permission_denied_d")); this.toast.error(this.translate.instant("view.server.profile.permission_denied"), this.translate.instant("view.server.profile.permission_denied_d"));
this.spinner.hideSpinner(); this.spinner.hideSpinner();
await this.router.navigate(["/server", server.id]); await this.router.navigate(["/server", server.id]);

View File

@ -200,11 +200,11 @@ export class SidebarService {
if (this.server) { if (this.server) {
this.serverMenu.visible = true; this.serverMenu.visible = true;
this.serverMembers.visible = isTechnician || user?.isModerator; this.serverMembers.visible = this.hasFeature("TechnicianFullAccess") && isTechnician || user?.isModerator;
this.serverAutoRoles.visible = isTechnician || this.hasFeature("AutoRoleModule") && user?.isModerator; this.serverAutoRoles.visible = this.hasFeature("TechnicianFullAccess") && isTechnician || this.hasFeature("AutoRoleModule") && user?.isModerator;
this.serverLevels.visible = isTechnician || this.hasFeature("LevelModule") && user?.isModerator; this.serverLevels.visible = this.hasFeature("TechnicianFullAccess") && isTechnician || this.hasFeature("LevelModule") && user?.isModerator;
this.serverAchievements.visible = isTechnician || this.hasFeature("AchievementsModule") && user?.isModerator; this.serverAchievements.visible = this.hasFeature("TechnicianFullAccess") && isTechnician || this.hasFeature("AchievementsModule") && user?.isModerator;
this.serverShortRoleNames.visible = isTechnician || this.hasFeature("ShortRoleName") && user?.isAdmin; this.serverShortRoleNames.visible = this.hasFeature("TechnicianFullAccess") && isTechnician || this.hasFeature("ShortRoleName") && user?.isAdmin;
this.serverConfig.visible = isTechnician || user?.isAdmin; this.serverConfig.visible = isTechnician || user?.isAdmin;
} else { } else {