cameleer-server

cameleer/cameleer-server

Fork 0

Commit Graph

Author	SHA1	Message	Date
hsiegeln	b6b93dc3cc	fix: prevent admin page redirect during token refresh adminFetch called logout() directly on 401/403 responses, which cleared roles and caused RequireAdmin to redirect to /exchanges while users were editing forms. Now adminFetch attempts a token refresh before failing, and RequireAdmin tolerates a transient empty-roles state during refresh. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 18:28:45 +02:00
hsiegeln	b1655b366e	feat: role-based UI access control Some checks failed CI / cleanup-branch (push) Has been skipped Details CI / docker (push) Has been cancelled Details CI / deploy (push) Has been cancelled Details CI / deploy-feature (push) Has been cancelled Details CI / build (push) Has been cancelled Details - Hide Admin sidebar section for non-ADMIN users - Add RequireAdmin route guard — /admin/* redirects to / for non-admin - Move App Config from admin section to main Config tab (per-app, visible when app selected). VIEWER sees read-only, OPERATOR+ can edit - Hide diagram node toolbar for VIEWER (onNodeAction conditional) - Add useIsAdmin/useCanControl helpers to centralize role checks - Remove App Config from admin sidebar tree Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-06 15:51:15 +02:00

Author

SHA1

Message

Date

hsiegeln

b6b93dc3cc

fix: prevent admin page redirect during token refresh

adminFetch called logout() directly on 401/403 responses, which cleared
roles and caused RequireAdmin to redirect to /exchanges while users were
editing forms. Now adminFetch attempts a token refresh before failing,
and RequireAdmin tolerates a transient empty-roles state during refresh.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-09 18:28:45 +02:00

hsiegeln

b1655b366e

feat: role-based UI access control

CI / cleanup-branch (push) Has been skipped

Details

CI / docker (push) Has been cancelled

Details

CI / deploy (push) Has been cancelled

Details

CI / deploy-feature (push) Has been cancelled

Details

CI / build (push) Has been cancelled

Details

- Hide Admin sidebar section for non-ADMIN users
- Add RequireAdmin route guard — /admin/* redirects to / for non-admin
- Move App Config from admin section to main Config tab (per-app,
  visible when app selected). VIEWER sees read-only, OPERATOR+ can edit
- Hide diagram node toolbar for VIEWER (onNodeAction conditional)
- Add useIsAdmin/useCanControl helpers to centralize role checks
- Remove App Config from admin sidebar tree

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-06 15:51:15 +02:00

2 Commits