mirror of https://github.com/halo-dev/halo
feat: add disallow access console option for custom role (#4958)
#### What type of PR is this? /area console /kind feature /milestone 2.11.x #### What this PR does / why we need it: 支持为自定义角色配置 **禁止访问 Console** 的选项。 #### Special notes for your reviewer: 测试方式: 1. 创建一个新角色,勾选禁止访问 Console 的选项,并赋予给某个用户。 2. 登录之后,尝试访问 /console 观察是否能够正常访问。 3. 检查个人中心左下角是否有进入 Console 的按钮。 4. 测试其他未设置这个选项的角色是否正常。 #### Does this PR introduce a user-facing change? ```release-note 支持为自定义角色配置 **禁止访问 Console** 的选项。 ```pull/4962/head^2
parent
61fe95ab3c
commit
05fd5a67bd
|
@ -2,6 +2,8 @@ apiVersion: v1alpha1
|
|||
kind: "Role"
|
||||
metadata:
|
||||
name: post-editor
|
||||
labels:
|
||||
rbac.authorization.halo.run/system-reserved: "true"
|
||||
annotations:
|
||||
rbac.authorization.halo.run/module: "Posts Management"
|
||||
rbac.authorization.halo.run/display-name: "Post Editor"
|
||||
|
@ -14,9 +16,13 @@ apiVersion: v1alpha1
|
|||
kind: "Role"
|
||||
metadata:
|
||||
name: post-author
|
||||
labels:
|
||||
rbac.authorization.halo.run/system-reserved: "true"
|
||||
annotations:
|
||||
rbac.authorization.halo.run/module: "Posts Management"
|
||||
rbac.authorization.halo.run/display-name: "Post Author"
|
||||
rbac.authorization.halo.run/disallow-access-console: "true"
|
||||
rbac.authorization.halo.run/redirect-on-login: "/uc"
|
||||
rbac.authorization.halo.run/dependencies: |
|
||||
[ "post-contributor", "post-publisher" ]
|
||||
rules: [ ]
|
||||
|
@ -26,9 +32,13 @@ apiVersion: v1alpha1
|
|||
kind: "Role"
|
||||
metadata:
|
||||
name: post-contributor
|
||||
labels:
|
||||
rbac.authorization.halo.run/system-reserved: "true"
|
||||
annotations:
|
||||
rbac.authorization.halo.run/module: "Posts Management"
|
||||
rbac.authorization.halo.run/display-name: "Post Contributor"
|
||||
rbac.authorization.halo.run/disallow-access-console: "true"
|
||||
rbac.authorization.halo.run/redirect-on-login: "/uc"
|
||||
rbac.authorization.halo.run/dependencies: |
|
||||
[ "role-template-view-categories", "role-template-view-tags" ]
|
||||
rbac.authorization.halo.run/ui-permissions: |
|
||||
|
|
|
@ -6,7 +6,9 @@ metadata:
|
|||
rbac.authorization.halo.run/system-reserved: "true"
|
||||
annotations:
|
||||
rbac.authorization.halo.run/display-name: "访客"
|
||||
rules: [ ]
|
||||
rbac.authorization.halo.run/disallow-access-console: "true"
|
||||
rbac.authorization.halo.run/redirect-on-login: "/uc"
|
||||
rules: []
|
||||
|
||||
---
|
||||
apiVersion: v1alpha1
|
||||
|
|
|
@ -163,6 +163,26 @@ const handleResetForm = () => {
|
|||
type="text"
|
||||
:label="$t('core.role.editing_modal.fields.redirect_on_login')"
|
||||
></FormKit>
|
||||
<FormKit
|
||||
v-model="
|
||||
formState.metadata.annotations[
|
||||
rbacAnnotations.DISALLOW_ACCESS_CONSOLE
|
||||
]
|
||||
"
|
||||
on-value="true"
|
||||
off-value="false"
|
||||
type="checkbox"
|
||||
:label="
|
||||
$t(
|
||||
'core.role.editing_modal.fields.disallow_access_console.label'
|
||||
)
|
||||
"
|
||||
:help="
|
||||
$t(
|
||||
'core.role.editing_modal.fields.disallow_access_console.help'
|
||||
)
|
||||
"
|
||||
></FormKit>
|
||||
</FormKit>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -42,7 +42,7 @@ export function setupAuthCheckGuard(router: Router) {
|
|||
window.location.href =
|
||||
roleHasRedirectOnLogin.metadata.annotations?.[
|
||||
rbacAnnotations.REDIRECT_ON_LOGIN
|
||||
] || "/";
|
||||
] || "/uc";
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -51,6 +51,30 @@ export function setupAuthCheckGuard(router: Router) {
|
|||
});
|
||||
return;
|
||||
}
|
||||
|
||||
if (to.name === "whiteList") {
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
// Check allow access console
|
||||
const { currentRoles } = userStore;
|
||||
|
||||
const hasDisallowAccessConsoleRole = currentRoles?.some((role) => {
|
||||
return (
|
||||
role.metadata.annotations?.[
|
||||
rbacAnnotations.DISALLOW_ACCESS_CONSOLE
|
||||
] === "true"
|
||||
);
|
||||
});
|
||||
|
||||
if (hasDisallowAccessConsoleRole) {
|
||||
window.location.href = "/uc";
|
||||
return;
|
||||
}
|
||||
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
next();
|
||||
|
|
|
@ -12,6 +12,7 @@ export enum rbacAnnotations {
|
|||
AVATAR_ATTACHMENT_NAME = "halo.run/avatar-attachment-name",
|
||||
LAST_AVATAR_ATTACHMENT_NAME = "halo.run/last-avatar-attachment-name",
|
||||
REDIRECT_ON_LOGIN = "rbac.authorization.halo.run/redirect-on-login",
|
||||
DISALLOW_ACCESS_CONSOLE = "rbac.authorization.halo.run/disallow-access-console",
|
||||
}
|
||||
|
||||
// content
|
||||
|
|
|
@ -989,6 +989,9 @@ core:
|
|||
fields:
|
||||
display_name: Display name
|
||||
redirect_on_login: Default redirect location after logging in
|
||||
disallow_access_console:
|
||||
label: Disable access to Console
|
||||
help: Once checked, this role will not be able to access the Console
|
||||
identity_authentication:
|
||||
title: Identity Authentication
|
||||
tabs:
|
||||
|
|
|
@ -935,6 +935,9 @@ core:
|
|||
fields:
|
||||
display_name: 名称
|
||||
redirect_on_login: 登录之后默认跳转位置
|
||||
disallow_access_console:
|
||||
label: 禁止访问 Console
|
||||
help: 勾选之后,该角色将无法访问 Console
|
||||
identity_authentication:
|
||||
title: 身份认证
|
||||
tabs:
|
||||
|
|
|
@ -923,6 +923,9 @@ core:
|
|||
fields:
|
||||
display_name: 名稱
|
||||
redirect_on_login: 登入之後預設跳轉位置
|
||||
disallow_access_console:
|
||||
label: 禁止訪問 Console
|
||||
help: 勾選之後,該角色將無法存取 Console
|
||||
identity_authentication:
|
||||
title: 身份認證
|
||||
tabs:
|
||||
|
|
|
@ -11,7 +11,7 @@ import {
|
|||
import { RoutesMenu } from "@/components/menu/RoutesMenu";
|
||||
import IconLogo from "~icons/core/logo?width=5rem&height=2rem";
|
||||
import { RouterView, useRoute, useRouter } from "vue-router";
|
||||
import { onMounted, reactive, ref } from "vue";
|
||||
import { computed, onMounted, reactive, ref } from "vue";
|
||||
import axios from "axios";
|
||||
import LoginModal from "@/components/login/LoginModal.vue";
|
||||
import { coreMenuGroups } from "@console/router/constant";
|
||||
|
@ -95,6 +95,16 @@ onMounted(() => {
|
|||
initialize({ target: navbarScroller.value });
|
||||
}
|
||||
});
|
||||
|
||||
const disallowAccessConsole = computed(() => {
|
||||
const hasDisallowAccessConsoleRole = currentRoles?.value?.some((role) => {
|
||||
return (
|
||||
role.metadata.annotations?.[rbacAnnotations.DISALLOW_ACCESS_CONSOLE] ===
|
||||
"true"
|
||||
);
|
||||
});
|
||||
return !!hasDisallowAccessConsoleRole;
|
||||
});
|
||||
</script>
|
||||
|
||||
<template>
|
||||
|
@ -145,6 +155,7 @@ onMounted(() => {
|
|||
</div>
|
||||
<div class="flex items-center gap-1">
|
||||
<a
|
||||
v-if="!disallowAccessConsole"
|
||||
v-tooltip="$t('core.uc_sidebar.operations.console.tooltip')"
|
||||
class="group inline-block cursor-pointer rounded-full p-1.5 transition-all hover:bg-gray-100"
|
||||
href="/console"
|
||||
|
|
Loading…
Reference in New Issue