optimized admin protection

2025-11-21 01:52:51 +01:00
parent d23bfa0376
commit 24d97f6057
11 changed files with 974 additions and 185 deletions
--- a/frontend/src/contexts/PermissionsContext.jsx
+++ b/frontend/src/contexts/PermissionsContext.jsx
@@ -0,0 +1,102 @@
+import { createContext, useContext, useState, useEffect, useCallback } from 'react'
+import { useAuth } from './AuthContext'
+
+const PermissionsContext = createContext(null)
+
+export const PermissionsProvider = ({ children }) => {
+  const { authFetch, isAuthenticated } = useAuth()
+  const [permissions, setPermissions] = useState({
+    isAdmin: false,
+    hasFullAccess: false,
+    accessibleSpaces: [],
+    canCreateSpace: false,
+    canDeleteSpace: false,
+    canCreateFqdn: {},
+    canDeleteFqdn: {},
+    canUploadCSR: {},
+    canSignCSR: {},
+  })
+  const [loading, setLoading] = useState(true)
+
+  const fetchPermissions = useCallback(async () => {
+    if (!isAuthenticated) {
+      setLoading(false)
+      return
+    }
+
+    try {
+      setLoading(true)
+      const response = await authFetch('/api/user/permissions')
+      if (response.ok) {
+        const data = await response.json()
+        setPermissions({
+          isAdmin: data.isAdmin || false,
+          hasFullAccess: data.hasFullAccess || false,
+          accessibleSpaces: data.accessibleSpaces || [],
+          canCreateSpace: data.permissions?.canCreateSpace || false,
+          canDeleteSpace: data.permissions?.canDeleteSpace || false,
+          canCreateFqdn: data.permissions?.canCreateFqdn || {},
+          canDeleteFqdn: data.permissions?.canDeleteFqdn || {},
+          canUploadCSR: data.permissions?.canUploadCSR || {},
+          canSignCSR: data.permissions?.canSignCSR || {},
+        })
+      }
+    } catch (err) {
+      console.error('Error fetching permissions:', err)
+    } finally {
+      setLoading(false)
+    }
+  }, [isAuthenticated, authFetch])
+
+  useEffect(() => {
+    if (isAuthenticated) {
+      fetchPermissions()
+    } else {
+      setPermissions({
+        isAdmin: false,
+        hasFullAccess: false,
+        accessibleSpaces: [],
+        canCreateSpace: false,
+        canDeleteSpace: false,
+        canCreateFqdn: {},
+        canDeleteFqdn: {},
+        canUploadCSR: {},
+        canSignCSR: {},
+      })
+      setLoading(false)
+    }
+  }, [isAuthenticated, fetchPermissions])
+
+  const canCreateSpace = () => permissions.canCreateSpace
+  const canDeleteSpace = (spaceId) => permissions.canDeleteSpace
+  const canCreateFqdn = (spaceId) => permissions.canCreateFqdn[spaceId] === true
+  const canDeleteFqdn = (spaceId) => permissions.canDeleteFqdn[spaceId] === true
+  const canUploadCSR = (spaceId) => permissions.canUploadCSR[spaceId] === true
+  const canSignCSR = (spaceId) => permissions.canSignCSR[spaceId] === true
+  const hasAccessToSpace = (spaceId) => permissions.accessibleSpaces.includes(spaceId)
+
+  const value = {
+    permissions,
+    loading,
+    refreshPermissions: fetchPermissions,
+    isAdmin: permissions.isAdmin,
+    canCreateSpace,
+    canDeleteSpace,
+    canCreateFqdn,
+    canDeleteFqdn,
+    canUploadCSR,
+    canSignCSR,
+    hasAccessToSpace,
+  }
+
+  return <PermissionsContext.Provider value={value}>{children}</PermissionsContext.Provider>
+}
+
+export const usePermissions = () => {
+  const context = useContext(PermissionsContext)
+  if (!context) {
+    throw new Error('usePermissions muss innerhalb eines PermissionsProvider verwendet werden')
+  }
+  return context
+}
+