feat(club): enhance club access routes and permissions handling
- Reorganized club-related routes for better clarity and access control, ensuring specific routes are prioritized. - Updated the store to reset user-specific permissions upon token setting, improving security. - Modified the ClubView component to handle access checks more effectively, allowing for fallback club data when access is denied.
This commit is contained in:
Torsten Schulz (local)
@@ -54,6 +54,9 @@ const store = createStore({
|
||||
}
|
||||
state.currentClub = null;
|
||||
safeSessionStorage.removeItem('currentClub');
|
||||
// Permissions sind user-spezifisch -> immer zurücksetzen, wenn Token gesetzt wird
|
||||
state.permissions = {};
|
||||
safeLocalStorage.removeItem('clubPermissions');
|
||||
},
|
||||
setUsername(state, username) {
|
||||
state.username = username;
|
||||
@@ -145,6 +148,7 @@ const store = createStore({
|
||||
async login({ commit }, { token, username }) {
|
||||
commit('setToken', token);
|
||||
commit('setUsername', username);
|
||||
commit('clearPermissions');
|
||||
const response = await apiClient.get('/clubs');
|
||||
commit('setClubsMutation', response.data);
|
||||
},
|
||||
|
||||
@@ -124,9 +124,16 @@ export default {
|
||||
async loadClub() {
|
||||
try {
|
||||
const clubId = this.getClubId();
|
||||
// Wenn keine Berechtigung: Clubnamen aus der Liste verwenden, kein /clubs/:id Request
|
||||
if (!this.canAccessClub()) {
|
||||
const club = this.clubs.find(c => String(c.id) === String(clubId));
|
||||
this.club = club || { name: '' };
|
||||
this.accessAllowed = false;
|
||||
return;
|
||||
}
|
||||
const response = await apiClient.get(`/clubs/${clubId}`);
|
||||
this.club = response.data || { name: '' };
|
||||
this.accessAllowed = this.canAccessClub();
|
||||
this.accessAllowed = true;
|
||||
} catch (error) {
|
||||
this.accessAllowed = false;
|
||||
const message = safeErrorMessage(error, this.$t('club.accessDenied'));
|
||||
|
||||
Reference in New Issue
Block a user