Enhance user contact data visibility based on role permissions
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
This commit introduces role-based access control for user contact information in the CMS. It updates the user list display to show email and phone details only to users with the 'vorstand' role, while masking this information for others. Additionally, it modifies the API endpoints to ensure that contact data is only returned for authorized users, improving data privacy and security.
This commit is contained in:
Torsten Schulz (local)
@@ -143,12 +143,28 @@
|
||||
</td>
|
||||
<td class="px-6 py-4 whitespace-nowrap">
|
||||
<div class="text-sm text-gray-600">
|
||||
{{ user.email }}
|
||||
<template v-if="canViewContactData">
|
||||
{{ user.email || '-' }}
|
||||
</template>
|
||||
<span
|
||||
v-else
|
||||
class="text-gray-400"
|
||||
>
|
||||
Nur für Vorstand
|
||||
</span>
|
||||
</div>
|
||||
</td>
|
||||
<td class="px-6 py-4 whitespace-nowrap">
|
||||
<div class="text-sm text-gray-600">
|
||||
{{ user.phone || '-' }}
|
||||
<template v-if="canViewContactData">
|
||||
{{ user.phone || '-' }}
|
||||
</template>
|
||||
<span
|
||||
v-else
|
||||
class="text-gray-400"
|
||||
>
|
||||
Nur für Vorstand
|
||||
</span>
|
||||
</div>
|
||||
</td>
|
||||
<td class="px-6 py-4 whitespace-nowrap">
|
||||
@@ -307,6 +323,13 @@
|
||||
import { ref, computed, onMounted } from 'vue'
|
||||
import { AlertCircle, Check, X } from 'lucide-vue-next'
|
||||
|
||||
const authStore = useAuthStore()
|
||||
|
||||
const canViewContactData = computed(() => {
|
||||
// Kontaktdaten nur für Vorstand sichtbar
|
||||
return authStore.hasRole('vorstand')
|
||||
})
|
||||
|
||||
const allUsers = ref([])
|
||||
const currentUserId = ref(null)
|
||||
const successMessage = ref('')
|
||||
|
||||
Reference in New Issue
Block a user