fix: Only allow admins access to LOA panel

williammck · williammck · commit a9a573621869 · 2025-04-26T22:17:27.000-05:00
diff --git a/src/app/admin/AdminSideNav.tsx b/src/app/admin/AdminSideNav.tsx
@@ -29,7 +29,11 @@ export const AdminSideNav: React.FC<AdminSideNavProps> = ({ notifications }) =>
             {
                 title: 'Roster',
                 children: [
-                    { title: 'Approved LOAs', route: 'loa' },
+                    {
+                        title: 'Approved LOAs',
+                        route: 'loa',
+                        auth: (user) => user?.permissions.is_admin ?? false,
+                    },
                     {
                         title: 'Roster Purge',
                         route: 'purge',
diff --git a/src/middleware.ts b/src/middleware.ts
@@ -10,6 +10,7 @@ const isLoggedIn = (token: JWT | null) => token !== null;
 
 const ROUTE_AUTH_MAP: { re: RegExp, verify: (token: JWT | null) => boolean }[] = [
     // Need to be admin
+    { re: /\/admin\/loa/, verify: isAdmin },
     { re: /\/admin\/purge/, verify: isAdmin },
     { re: /\/admin\/queue\/loa/, verify: isAdmin },
     { re: /\/admin\/queue\/visit/, verify: isAdmin },

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,11 @@ export const AdminSideNav: React.FC<AdminSideNavProps> = ({ notifications }) =>`
`29`	`29`	`{`
`30`	`30`	`title: 'Roster',`
`31`	`31`	`children: [`
`32`		`- { title: 'Approved LOAs', route: 'loa' },`
	`32`	`+ {`
	`33`	`+ title: 'Approved LOAs',`
	`34`	`+ route: 'loa',`
	`35`	`+ auth: (user) => user?.permissions.is_admin ?? false,`
	`36`	`+ },`
`33`	`37`	`{`
`34`	`38`	`title: 'Roster Purge',`
`35`	`39`	`route: 'purge',`