hykocx
c959b16db5
- add optional `permission` field to route definitions with type validation in `define.js` - check `hasPermission()` in router after `requireAdmin()` and return 403 if denied - document `permission` and `skipRateLimit` optional fields in api README - load user permissions in `AdminPage.server.js` and pass them to client via `user` prop - use `user.permissions` in `RolesPage` and `UsersPage` to conditionally render actions - expose permission-gated API routes in `auth/api.js`
29 lines
943 B
JavaScript
29 lines
943 B
JavaScript
import AdminPageClient from './AdminPage.client.js';
|
|
import { protectAdmin } from './protect.js';
|
|
import { collectWidgetData } from './registry.js';
|
|
import { getAppConfig, getPublicBaseUrl } from '@zen/core';
|
|
import { isDevkitEnabled } from '../../shared/lib/appConfig.js';
|
|
import { getUserPermissions } from '@zen/core/users';
|
|
|
|
export default async function AdminPage({ params }) {
|
|
const resolvedParams = await params;
|
|
const session = await protectAdmin();
|
|
const [widgetData, permissions] = await Promise.all([
|
|
collectWidgetData(),
|
|
getUserPermissions(session.user.id),
|
|
]);
|
|
const appConfig = { ...getAppConfig(), siteUrl: getPublicBaseUrl() };
|
|
const devkitEnabled = isDevkitEnabled();
|
|
const user = { ...session.user, permissions };
|
|
|
|
return (
|
|
<AdminPageClient
|
|
params={resolvedParams}
|
|
user={user}
|
|
widgetData={widgetData}
|
|
appConfig={appConfig}
|
|
devkitEnabled={devkitEnabled}
|
|
/>
|
|
);
|
|
}
|