From b3f10164dee98e8c928dbe68e178003ddcf1a239 Mon Sep 17 00:00:00 2001 From: Lars Gebhardt-Kusche Date: Mon, 8 Dec 2025 00:07:43 +0100 Subject: [PATCH] YXx --- public/assets/js/account.js | 12 ------------ public/assets/js/ui-user.js | 10 ++++++++++ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/public/assets/js/account.js b/public/assets/js/account.js index d58ce05..9d108ab 100644 --- a/public/assets/js/account.js +++ b/public/assets/js/account.js @@ -2,8 +2,6 @@ import { apiAction } from './api.js'; import { initUserPanel, initAccountPage } from './ui-user.js'; import { mountLogoutButton, ensureFloatingLogout } from './ui-auth.js'; -const pageType = document.body?.dataset?.page || 'account'; - async function ensureAuthenticated() { try { const me = await apiAction('auth.me', { method: 'GET' }); @@ -19,19 +17,9 @@ async function ensureAuthenticated() { } } -function ensureAccess() { - const role = (window.__currentUser?.role || '').toLowerCase(); - if (pageType === 'admin' && role !== 'owner' && role !== 'admin') { - window.location.href = '/account.php'; - return false; - } - return true; -} - document.addEventListener('DOMContentLoaded', async () => { const ok = await ensureAuthenticated(); if (!ok) return; - if (!ensureAccess()) return; initUserPanel(); initAccountPage(); mountLogoutButton('#btn-logout', { redirect: '/login.php' }); diff --git a/public/assets/js/ui-user.js b/public/assets/js/ui-user.js index cb21ae6..0612014 100644 --- a/public/assets/js/ui-user.js +++ b/public/assets/js/ui-user.js @@ -12,6 +12,8 @@ const state = { loading: false, }; +const pageType = document.body?.dataset?.page || 'account'; + let avatarBtn; let userMenuPanel; let profileForm; @@ -103,6 +105,13 @@ function isAdmin() { return role === 'owner' || role === 'admin'; } +function enforcePageAccess() { + if (pageType !== 'admin') return; + if (isAdmin()) return; + toast('Kein Zugriff auf diesen Bereich', false, { duration: 2500 }); + window.location.href = '/account.php'; +} + function updateAvatar() { const target = document.getElementById('userAvatar'); if (!target) return; @@ -184,6 +193,7 @@ async function loadAccountData() { window.__currentUser = res.user; updateAvatar(); updateRoleVisibility(); + enforcePageAccess(); } fillProfileForm(res.user); fillSettingsForm(res.settings || {});