Implement account type restricted page

Add allowedAccountTypes page metadata which the authenticated middleware uses to further restrict the types of accounts that can access the page. If the account type is insufficent to access the page it will return an HTTP 403 Forbidden status, which is rendered using the error page.
2025-03-09 22:21:13 +01:00 · 2025-03-09 22:21:13 +01:00 · e8226e0062
commit e8226e0062
parent 245169950a
6 changed files with 82 additions and 3 deletions
--- a/components/Header.vue
+++ b/components/Header.vue
@ -2,8 +2,15 @@
 	<header>
 		<nav>
 			<ul>
-				<NuxtLink to="/">Home</NuxtLink>
-				<NuxtLink to="/schedule">Schedule</NuxtLink>
+				<li>
+					<NuxtLink to="/">Home</NuxtLink>
+				</li>
+				<li>
+					<NuxtLink to="/schedule">Schedule</NuxtLink>
+				</li>
+				<li v-if="session?.account?.type === 'admin' || session?.account?.type === 'crew'">
+					<NuxtLink to="/edit">Edit</NuxtLink>
+				</li>
 			</ul>
 		</nav>
 		<div class="account">
@ -45,5 +52,6 @@ nav ul {
 	padding: 0;
 	display: flex;
 	column-gap: 0.5em;
+	list-style: none;
 }
 </style>
--- a/error.vue
+++ b/error.vue
@ -0,0 +1,21 @@
+<template>
+	<Header />
+	<h1>{{ error.statusCode }} {{ error.statusMessage }}</h1>
+	{{ error.message }}
+</template>
+
+<script setup lang="ts">
+defineProps<{ error: {
+	statusCode: number,
+	fatal: boolean,
+	unhandled: boolean,
+	statusMessage?: string,
+	data?: unknown,
+	cause?: unknown,
+
+	// Undocumented fields
+	url?: string,
+	message?: string,
+	stack?: string,
+} }>()
+</script>
--- a/index.d.ts
+++ b/index.d.ts
@ -0,0 +1,13 @@
+declare module "#app" {
+	interface PageMeta {
+		allowedAccountTypes?: string[],
+	}
+}
+
+declare module "vue-router" {
+	interface RouteMeta {
+		allowedAccountTypes?: string[],
+	}
+}
+
+export {}
--- a/middleware/authenticated.ts
+++ b/middleware/authenticated.ts
@ -5,4 +5,15 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
 		console.log("Not logged in, redirecting to /login");
 		return navigateTo("/login");
 	}
+
+	if (
+		to.meta.allowedAccountTypes
+		&& !to.meta.allowedAccountTypes.includes(session.value.account.type)
+	) {
+		throw createError({
+			status: 403,
+			statusMessage: "Forbidden",
+			message: "You are not allowed to access this resource.",
+		})
+	}
 })
--- a/pages/edit.vue
+++ b/pages/edit.vue
@ -0,0 +1,13 @@
+<template>
+	<main>
+		<h1>Edit</h1>
+		<p>Todo: implement editing</p>
+	</main>
+</template>
+
+<script lang="ts" setup>
+definePageMeta({
+	middleware: ["authenticated"],
+	allowedAccountTypes: ["crew", "admin"],
+})
+</script>
--- a/pages/index.vue
+++ b/pages/index.vue
@ -3,8 +3,21 @@
 		<h1>Schedule Demo</h1>
 		<ul>
 			<li>
-				<NuxtLink to="/schedule">Schedule demo</NuxtLink>
+				<NuxtLink to="/schedule">View Schedule</NuxtLink>
+			</li>
+			<li v-if="session?.account?.type === 'admin' || session?.account?.type === 'crew'">
+				<NuxtLink to="/edit">Edit Schedule</NuxtLink>
+			</li>
+			<li v-if="session">
+				<NuxtLink to="/account/settings">Account Settings</NuxtLink>
+			</li>
+			<li v-if="!session">
+				<NuxtLink to="/login">Log In / Create Account</NuxtLink>
 			</li>
 		</ul>
 	</main>
 </template>
+
+<script lang="ts" setup>
+const { data: session } = await useAccountSession();
+</script>