Allow non-admin users to access dashboard

- Change dashboard route from adminGet to authed middleware - Show account counts and audit events only for admin users - Show welcome message for non-admin authenticated users Security: non-admin users cannot access account lists or audit events; admin-only data is gated by claims.HasRole("admin") in the handler, not just at the route level. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 23:40:21 -07:00
parent 4e544665d2
commit 5a1f4f5837
3 changed files with 36 additions and 23 deletions
--- a/web/templates/dashboard.html
+++ b/web/templates/dashboard.html
@@ -4,6 +4,7 @@
 <div class="page-header">
  <h1>Dashboard</h1>
 </div>
+{{if .IsAdmin}}
 <div style="display:grid;grid-template-columns:repeat(auto-fit,minmax(200px,1fr));gap:1rem;margin-bottom:1.5rem">
  <div class="card" style="text-align:center">
    <div style="font-size:2rem;font-weight:700;color:#2563eb">{{.TotalAccounts}}</div>
@@ -33,4 +34,9 @@
  </div>
 </div>
 {{end}}
+{{else}}
+<div class="card">
+  <p>Welcome, <strong>{{.ActorName}}</strong>. Use the navigation above to access your profile and credentials.</p>
+</div>
+{{end}}
 {{end}}