kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow non-admin users to access dashboard

Browse Source 
- Change dashboard route from adminGet to authed middleware
- Show account counts and audit events only for admin users
- Show welcome message for non-admin authenticated users

Security: non-admin users cannot access account lists or audit
events; admin-only data is gated by claims.HasRole("admin") in
the handler, not just at the route level.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-12 23:40:21 -07:00
parent 4e544665d2
commit 5a1f4f5837
3 changed files with 36 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/ui/ui.go
View File

@@ -314,7 +314,7 @@ func (u *UIServer) Register(mux *http.ServeMux) {
return authed(u.requireAdminRole(http.HandlerFunc(h)))
}
uiMux.Handle("GET /dashboard", adminGet(u.handleDashboard))
uiMux.Handle("GET /dashboard", authed(http.HandlerFunc(u.handleDashboard)))
uiMux.Handle("GET /accounts", adminGet(u.handleAccountsList))
uiMux.Handle("POST /accounts", admin(u.handleCreateAccount))
uiMux.Handle("GET /accounts/{id}", adminGet(u.handleAccountDetail))
@@ -609,6 +609,7 @@ type LoginData struct {
// DashboardData is the view model for the dashboard page.
type DashboardData struct {
PageData
IsAdmin bool
RecentEvents []*db.AuditEventView
TotalAccounts int
ActiveAccounts int