diff --git a/frontend/layouts/portal.vue b/frontend/layouts/portal.vue
index c54346b..5c43ca4 100644
--- a/frontend/layouts/portal.vue
+++ b/frontend/layouts/portal.vue
@@ -32,6 +32,15 @@
class="border-t border-secondary-500 pt-6"
@click="ui.closeMobileSidebar()"
/>
+
@@ -58,6 +67,8 @@ const ui = useUiStore()
const route = useRoute()
const { version } = useAppVersion()
+const isAdmin = computed(() => auth.user?.roles?.includes('ROLE_ADMIN') ?? false)
+
// Close mobile sidebar on route change
watch(() => route.path, () => {
ui.closeMobileSidebar()
diff --git a/frontend/middleware/auth.global.ts b/frontend/middleware/auth.global.ts
index c63ab55..69e8499 100644
--- a/frontend/middleware/auth.global.ts
+++ b/frontend/middleware/auth.global.ts
@@ -11,12 +11,12 @@ export default defineNuxtRouteMiddleware(async (to) => {
}
if (isLogin && auth.isAuthenticated) {
- const isClient = auth.user?.roles?.includes('ROLE_CLIENT') ?? false
- return navigateTo(isClient ? '/portal' : '/')
+ const isClientOnly = auth.user?.roles?.includes('ROLE_CLIENT') && !auth.user?.roles?.includes('ROLE_ADMIN')
+ return navigateTo(isClientOnly ? '/portal' : '/')
}
- // ROLE_CLIENT: redirect to /portal, block internal pages
- if (auth.isAuthenticated && auth.user?.roles?.includes('ROLE_CLIENT')) {
+ // ROLE_CLIENT without ROLE_ADMIN: redirect to /portal, block internal pages
+ if (auth.isAuthenticated && auth.user?.roles?.includes('ROLE_CLIENT') && !auth.user?.roles?.includes('ROLE_ADMIN')) {
const isPortalRoute = to.path.startsWith('/portal')
const isLoginRoute = to.path === '/login'
if (!isPortalRoute && !isLoginRoute) {