feat: add role-based access control for admin panel authentication
This commit is contained in:
@@ -5,6 +5,8 @@ backend:
|
|||||||
accept_roles: # ← the magic line
|
accept_roles: # ← the magic line
|
||||||
- admin
|
- admin
|
||||||
- editor
|
- editor
|
||||||
|
# Explicitly block users without roles
|
||||||
|
squash_merges: true
|
||||||
|
|
||||||
media_folder: 'src/assets/images'
|
media_folder: 'src/assets/images'
|
||||||
public_folder: '/_astro'
|
public_folder: '/_astro'
|
||||||
|
|||||||
@@ -11,15 +11,38 @@
|
|||||||
<!-- Include the script that builds the page and powers Decap CMS -->
|
<!-- Include the script that builds the page and powers Decap CMS -->
|
||||||
<script src="https://unpkg.com/decap-cms@^3.0.0/dist/decap-cms.js"></script>
|
<script src="https://unpkg.com/decap-cms@^3.0.0/dist/decap-cms.js"></script>
|
||||||
<script>
|
<script>
|
||||||
// Initialize Netlify Identity widget
|
// Initialize Netlify Identity widget with role checking
|
||||||
if (window.netlifyIdentity) {
|
if (window.netlifyIdentity) {
|
||||||
window.netlifyIdentity.on('init', (user) => {
|
window.netlifyIdentity.on('init', (user) => {
|
||||||
if (!user) {
|
if (!user) {
|
||||||
window.netlifyIdentity.on('login', () => {
|
window.netlifyIdentity.on('login', () => {
|
||||||
document.location.href = '/admin/';
|
document.location.href = '/admin/';
|
||||||
});
|
});
|
||||||
|
} else {
|
||||||
|
// Check if user has required roles
|
||||||
|
checkUserRole(user);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
window.netlifyIdentity.on('login', (user) => {
|
||||||
|
checkUserRole(user);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function checkUserRole(user) {
|
||||||
|
const allowedRoles = ['admin', 'editor'];
|
||||||
|
const userRoles = user.app_metadata?.roles || [];
|
||||||
|
|
||||||
|
// Check if user has any of the allowed roles
|
||||||
|
const hasAccess = allowedRoles.some(role => userRoles.includes(role));
|
||||||
|
|
||||||
|
if (!hasAccess) {
|
||||||
|
// User doesn't have required roles
|
||||||
|
alert('Erişim reddedildi. Bu alanı kullanmak için yönetici izni gereklidir.');
|
||||||
|
window.netlifyIdentity.logout();
|
||||||
|
window.location.href = '/';
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
</body>
|
</body>
|
||||||
|
|||||||
Reference in New Issue
Block a user