feat(permissions) : add role-based UI guards and readonly mode for viewers

- Add usePermissions composable (isAdmin, canEdit, canView) - Password-protected profile login with modal on profiles page - Disable all form fields for ROLE_VIEWER across edit/create pages - Show navigation buttons (Modifier/Consulter) for all roles, hide delete for viewers - Add readonly prop to ModelTypeForm for category pages - Disable modal fields (sites, constructeurs) for viewers - Guard /admin routes in middleware Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 13:36:42 +01:00
parent 6bed715b7f
commit cc70fe2b29
46 changed files with 946 additions and 423 deletions
--- a/app/pages/machine-skeleton/index.vue
+++ b/app/pages/machine-skeleton/index.vue
@@ -68,6 +68,7 @@
            </div>
            <div class="card-actions justify-end mt-4">
              <button
+                v-if="canEdit"
                class="btn btn-sm btn-error"
                @click.stop="confirmDeleteType(type)"
              >
@@ -108,6 +109,7 @@ import IconLucidePackage from "~icons/lucide/package";
 import IconLucideLayoutGrid from "~icons/lucide/layout-grid";
 import IconLucideBox from "~icons/lucide/box";

+const { canEdit } = usePermissions();
 const { machineTypes, loadMachineTypes, deleteMachineType } =
  useMachineTypesApi();

--- a/app/pages/machine-skeleton/new.vue
+++ b/app/pages/machine-skeleton/new.vue
@@ -19,15 +19,17 @@
          </div>
        </div>

-        <TypeEditForm
-          :key="formKey"
-          v-model="draftType"
-          :saving="creating"
-          :resettable="false"
-          submit-label="Créer le type"
-          submit-loading-label="Création..."
-          @submit="handleSubmit"
-        />
+        <div :class="{ 'pointer-events-none opacity-60': !canEdit }">
+          <TypeEditForm
+            :key="formKey"
+            v-model="draftType"
+            :saving="!canEdit || creating"
+            :resettable="false"
+            submit-label="Créer le type"
+            submit-loading-label="Création..."
+            @submit="handleSubmit"
+          />
+        </div>
      </div>
    </div>

@@ -94,6 +96,7 @@ import IconLucideBox from '~icons/lucide/box'

 const { machineTypes, loadMachineTypes, createMachineType } = useMachineTypesApi()
 const { showError } = useToast()
+const { canEdit } = usePermissions()

 const formKey = ref(0)
 const creating = ref(false)