allow group managers to access group management page (#119)

cmintey · Jul 23, 2024 · 50dedbd · 50dedbd
1 parent 07b1383
commit 50dedbd
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 8 deletions.
diff --git a/src/lib/assets/unauthorized.svg b/src/lib/assets/unauthorized.svg
diff --git a/src/routes/+error.svelte b/src/routes/+error.svelte
@@ -1,27 +1,35 @@
 <script lang="ts">
     import { page } from "$app/stores";
-    import notFound from "$lib/assets/not_found.svg";
-    import error from "$lib/assets/error.svg";
+    import notFoundAsset from "$lib/assets/not_found.svg";
+    import errorAsset from "$lib/assets/error.svg";
+    import unauthorizedAsset from "$lib/assets/unauthorized.svg";
 
     type ErrorInfo = {
         image: string;
         message: string;
     };
 
     const errors: Record<number, ErrorInfo> = {
+        401: {
+            image: unauthorizedAsset,
+            message: "Not Authorized"
+        },
         404: {
-            image: notFound,
+            image: notFoundAsset,
             message: "The page you were looking for wasn't found"
         },
         500: {
-            image: error,
+            image: errorAsset,
             message: "Something went wrong"
         }
     };
+
+    const error = errors[$page.status] ? errors[$page.status] : errors[500];
+    const errorMessage = $page.error?.message || error.message;
 </script>
 
 <div class="flex flex-col items-center justify-center space-y-4 pt-4">
     <p class="text-4xl">{$page.status}</p>
-    <img class="w-3/4 md:w-1/3" alt={errors[$page.status].message} src={errors[$page.status].image} />
-    <p class="text-2xl">{errors[$page.status].message}</p>
+    <img class="w-3/4 md:w-1/3" alt={errorMessage} src={error.image} />
+    <p class="text-2xl">{errorMessage}</p>
 </div>
diff --git a/src/routes/admin/groups/[groupId]/+page.server.ts b/src/routes/admin/groups/[groupId]/+page.server.ts
@@ -1,12 +1,23 @@
 import { Role } from "$lib/schema";
 import { error, redirect } from "@sveltejs/kit";
 import type { PageServerLoad } from "./$types";
+import { client } from "$lib/server/prisma";
 
-export const load: PageServerLoad = async ({ locals, url }) => {
+export const load: PageServerLoad = async ({ locals, url, params }) => {
     if (!locals.user) {
         redirect(302, `/login?ref=/admin`);
     }
-    if (locals.user.roleId !== Role.ADMIN) {
+    const userGroupRoleId = await client.userGroupMembership.findFirst({
+        where: {
+            userId: locals.user.id,
+            groupId: params.groupId
+        },
+        select: {
+            roleId: true
+        }
+    });
+
+    if (!(locals.user.roleId === Role.ADMIN || userGroupRoleId?.roleId === Role.GROUP_MANAGER)) {
         error(401, "Not authorized to view admin panel");
     }