MALIO-DEV/Inventory
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

feat(permissions) : add role-based UI guards and readonly mode for viewers

Browse Source 
- Add usePermissions composable (isAdmin, canEdit, canView)
- Password-protected profile login with modal on profiles page
- Disable all form fields for ROLE_VIEWER across edit/create pages
- Show navigation buttons (Modifier/Consulter) for all roles, hide delete for viewers
- Add readonly prop to ModelTypeForm for category pages
- Disable modal fields (sites, constructeurs) for viewers
- Guard /admin routes in middleware

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matthieu
2026-02-26 13:36:42 +01:00
parent 6bed715b7f
commit cc70fe2b29
46 changed files with 946 additions and 423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
app/pages/profiles/index.vue
View File

@@ -1,55 +1,74 @@
<template>
<main class="min-h-screen flex items-center justify-center bg-gradient-to-br from-blue-50 to-indigo-100 p-6">
<div class="w-full max-w-2xl">
<div class="w-full max-w-md">
<div class="card bg-base-100 shadow-2xl">
<div class="card-body">
<h1 class="text-2xl font-bold mb-2">
Choisir un profil
<h1 class="text-2xl font-bold mb-6 text-center">
Connexion
</h1>
<p class="text-sm text-base-content/70 mb-6">
Sélectionnez votre profil pour accéder à l'application. La création et la gestion se font via le menu utilisateur.
</p>
<section class="space-y-4">
<header class="flex items-center justify-between">
<h2 class="font-semibold">
Profils disponibles
</h2>
<button
type="button"
class="btn btn-ghost btn-xs"
:disabled="loadingProfiles"
@click="refreshProfiles"
>
<span v-if="loadingProfiles" class="loading loading-spinner loading-xs" />
<span v-else>Rafraîchir</span>
</button>
</header>
<div v-if="loadingProfiles" class="flex justify-center py-8">
<span class="loading loading-spinner loading-lg" />
</div>
<div v-if="profiles.length" class="space-y-2 max-h-64 overflow-y-auto">
<button
v-for="profile in profiles"
:key="profile.id"
type="button"
class="btn btn-outline btn-sm w-full justify-between"
@click="selectProfile(profile.id)"
<form v-else @submit.prevent="handleLogin">
<div class="form-control mb-4">
<label class="label">
<span class="label-text">Profil</span>
</label>
<select
v-model="selectedProfileId"
class="select select-bordered w-full"
required
>
<span>{{ profile.firstName }} {{ profile.lastName }}</span>
<IconLucideChevronRight class="w-4 h-4" aria-hidden="true" />
</button>
<option value="" disabled>
Choisir un profil...
</option>
<option
v-for="profile in profiles"
:key="profile.id"
:value="profile.id"
>
{{ profile.firstName }} {{ profile.lastName }}
</option>
</select>
</div>
<p v-else class="text-sm text-base-content/60">
Aucun profil enregistré.
</p>
</section>
<footer v-if="activeProfile" class="mt-6 flex justify-between items-center">
<div class="form-control mb-2">
<label class="label">
<span class="label-text">Mot de passe</span>
</label>
<input
ref="passwordInput"
v-model="password"
type="password"
placeholder="Mot de passe"
class="input input-bordered w-full"
:class="{ 'input-error': loginError }"
>
</div>
<p v-if="loginError" class="text-error text-sm mb-4">
{{ loginError }}
</p>
<button
type="submit"
class="btn btn-primary w-full mt-4"
:disabled="!selectedProfileId || submitting"
>
<span v-if="submitting" class="loading loading-spinner loading-xs" />
Se connecter
</button>
</form>
<footer v-if="activeProfile" class="mt-6 pt-4 border-t border-base-300 flex justify-between items-center">
<div class="text-sm text-base-content/70">
Profil actuel :
Connecte :
<span class="font-semibold">{{ activeProfile.firstName }} {{ activeProfile.lastName }}</span>
</div>
<button type="button" class="btn btn-outline btn-sm" @click="handleLogout">
connexion
Deconnexion
</button>
</footer>
</div>
@@ -59,32 +78,43 @@
</template>
<script setup>
import { onMounted } from 'vue'
import { ref, onMounted } from 'vue'
import { useRouter } from 'vue-router'
import { useProfiles, useProfileSession } from '#imports'
import IconLucideChevronRight from '~icons/lucide/chevron-right'
const router = useRouter()
const { profiles, loadingProfiles, fetchProfiles } = useProfiles()
const { activeProfile, activateProfile, fetchCurrentProfile, logout } = useProfileSession()
const refreshProfiles = async () => {
await fetchProfiles()
}
const selectedProfileId = ref('')
const password = ref('')
const loginError = ref('')
const submitting = ref(false)
const passwordInput = ref(null)
const selectProfile = async (profileId) => {
const handleLogin = async () => {
if (!selectedProfileId.value) { return }
submitting.value = true
loginError.value = ''
try {
await activateProfile(profileId)
await fetchProfiles()
await activateProfile(selectedProfileId.value, password.value || undefined)
await router.push('/')
} catch (error) {
console.error('Erreur lors de la sélection du profil', error)
const err = error
if (err?.status === 401 || err?.statusCode === 401) {
loginError.value = 'Mot de passe incorrect.'
} else {
loginError.value = 'Erreur lors de la connexion.'
}
} finally {
submitting.value = false
}
}
const handleLogout = async () => {
await logout()
await router.push('/profiles')
selectedProfileId.value = ''
password.value = ''
}
onMounted(async () => {