Merge SEC-09: hide admin nav links from non-admin users

# Conflicts: # internal/ui/ui_test.go
2026-03-13 01:06:50 -07:00
parent 6191c5e00a d7d7ba21d9
commit bef5a3269d
8 changed files with 142 additions and 14 deletions
--- a/internal/ui/ui.go
+++ b/internal/ui/ui.go
@@ -592,6 +592,13 @@ func (u *UIServer) clientIP(r *http.Request) string {
 	return middleware.ClientIP(r, proxyIP)
 }

+// isAdmin reports whether the authenticated user holds the "admin" role.
+// Returns false if claims are absent.
+func isAdmin(r *http.Request) bool {
+	claims := claimsFromContext(r.Context())
+	return claims != nil && claims.HasRole("admin")
+}
+
 // actorName resolves the username of the currently authenticated user from the
 // request context.  Returns an empty string if claims are absent or the account
 // cannot be found; callers should treat an empty string as "not logged in".
@@ -617,6 +624,10 @@ type PageData struct {
 	// ActorName is the username of the currently logged-in user, populated by
 	// handlers so the base template can display it in the navigation bar.
 	ActorName string
+	// IsAdmin is true when the logged-in user holds the "admin" role.
+	// Used by the base template to conditionally render admin-only navigation
+	// links (SEC-09: non-admin users must not see links they cannot access).
+	IsAdmin bool
 }

 // LoginData is the view model for the login page.
@@ -632,7 +643,6 @@ type LoginData struct {
 // DashboardData is the view model for the dashboard page.
 type DashboardData struct {
 	PageData
-	IsAdmin        bool
 	RecentEvents   []*db.AuditEventView
 	TotalAccounts  int
 	ActiveAccounts int