working on permissions and messages

2025-07-02 23:41:04 +02:00
parent 5100ac244a
commit caf2356f48
4 changed files with 17 additions and 11 deletions
--- a/frontend/src/routes/user/Edit.svelte
+++ b/frontend/src/routes/user/Edit.svelte
@@ -13,6 +13,7 @@
    let options = $state([]);
    let sent = $state(false);
    let caption = $state(t('user.save_user'));
+    let message = $state(t('user.loading_data'));

    onMount(async () => {
        let url = `${location.protocol}//${location.host.replace('5173','8080')}/themes.json`;
@@ -28,7 +29,12 @@

        url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/${user_id}`;
        resp = await fetch(url,{credentials:'include'});
-        if (resp.ok) editUser = await resp.json();
+        if (resp.ok) {
+            editUser = await resp.json();
+        } else {
+            message = await resp.text();
+            if (message == "") message = t(resp);
+        }
   });

    async function save(elem){
@@ -97,6 +103,6 @@
    </table>
    <button onclick={save} disabled={sent}>{caption}</button>
    {:else}
-    {t('user.loading_data')}
+    {message}
    {/if}
 </fieldset>
--- a/frontend/src/translations.svelte.js
+++ b/frontend/src/translations.svelte.js
@@ -8,6 +8,7 @@ export async function loadTranslation(lang){
 }

 export function t(key,...args){
+    if (key instanceof Response) key = 'status.'+key.status;
    let set = translations.values;
    let keys = key.split('.');
    for (let token of keys){
--- a/translations/src/main/resources/de.json
+++ b/translations/src/main/resources/de.json
@@ -17,6 +17,9 @@
    "users": "Benutzer",
    "tutorial": "Tutorial"
  },
+  "status" : {
+    "403": "Zugriff verweigert"
+  },
  "user" : {
    "actions": "Aktionen",
    "abort": "abbrechen",
--- a/user/src/main/java/de/srsoftware/umbrella/user/UserModule.java
+++ b/user/src/main/java/de/srsoftware/umbrella/user/UserModule.java
@@ -86,10 +86,10 @@ public class UserModule extends PathHandler {
 		};
 		try {
 			long userId = Long.parseLong(head);
-			if (userId == user.id() || (user instanceof DbUser dbUser && dbUser.permissions().contains(LIST_USERS))) {
-				var requestedUser = users.load(userId);
-				return sendContent(ex,requestedUser);
+			if (!(user instanceof DbUser dbUser && (user.id() == userId || dbUser.permissions().contains(LIST_USERS)))) {
+				return sendEmptyResponse(HTTP_FORBIDDEN,ex);
 			}
+			return sendContent(ex,users.load(userId));
 		} catch (UmbrellaException e) {
 			return sendContent(ex,e.statusCode(),e.getMessage());
 		} catch (NumberFormatException ignored) {}
@@ -224,9 +224,7 @@ public class UserModule extends PathHandler {
 			if (!(requestingUser instanceof DbUser dbUser && dbUser.permissions().contains(PERMISSION.IMPERSONATE))) return sendEmptyResponse(HTTP_FORBIDDEN,ex);
 			if (targetId == null) return sendContent(ex,HTTP_UNPROCESSABLE,"user id missing");
 			var targetUser = users.load(targetId);
-			users.getSession(targetUser)
-					.cookie()
-					.addTo(ex.getResponseHeaders());
+			users.getSession(targetUser).cookie().addTo(ex);
 			return sendContent(ex,targetUser.toMap());
 		} catch (UmbrellaException e) {
 			return sendContent(ex,e.statusCode(),e.getMessage());
@@ -278,9 +276,7 @@ public class UserModule extends PathHandler {
 		var hashedPass = Password.of(BAD_HASHER.hash(password,null));
 		try {
 			var user = users.load(username, hashedPass);
-			users.getSession(user)
-					.cookie()
-					.addTo(ex.getResponseHeaders());
+			users.getSession(user).cookie().addTo(ex);
 			return sendContent(ex,user);
 		} catch (UmbrellaException ue){
 			return sendContent(ex,ue.statusCode(),ue.getMessage());