[Vue] Fix: Admin pages accessible for normal user

jhipster · Dec 19, 2021 · 59da3c6 · 59da3c6
1 parent 41ce2c0
commit 59da3c6
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 10 deletions.
diff --git a/generators/client/templates/vue/src/main/webapp/app/account/account.service.ts.ejs b/generators/client/templates/vue/src/main/webapp/app/account/account.service.ts.ejs
@@ -89,25 +89,30 @@ export default class AccountService {
     if (!this.authenticated || !this.userAuthorities) {
       const token = <%_ if (authenticationTypeJwt) { _%> localStorage.getItem('<%=jhiPrefixDashed %>-authenticationToken') || sessionStorage.getItem('<%=jhiPrefixDashed %>-authenticationToken'); <%_ } else { _%> this.cookie.get('JSESSIONID') || this.cookie.get('XSRF-TOKEN'); <%_ } _%>
       if (!this.store.getters.account && !this.store.getters.logon && token) {
-        return this.retrieveAccount();
+        return this.retrieveAccount() && this.checkAuthorities(authorities);
       }
       return Promise.resolve(false);
     }
 
-    for (const authority of authorities) {
-      if (this.userAuthorities.includes(authority)) {
-        return Promise.resolve(true);
-      }
-    }
-
-    return Promise.resolve(false);
+    return this.checkAuthorities(authorities);
   }
 
   public get authenticated(): boolean {
     return this.store.getters.authenticated;
   }
 
   public get userAuthorities(): any {
-    return this.store.getters.account.authorities;
+    return this.store.getters.account?.authorities;
+  }
+
+  private checkAuthorities(authorities: any): Promise<boolean> {
+    if (this.userAuthorities) {
+      for (const authority of authorities) {
+        if (this.userAuthorities.includes(authority)) {
+          return Promise.resolve(true);
+        }
+      }
+    }
+    return Promise.resolve(false);
   }
 }
diff --git a/...ors/client/templates/vue/src/test/javascript/spec/app/account/account.service.spec.ts.ejs b/...ors/client/templates/vue/src/test/javascript/spec/app/account/account.service.spec.ts.ejs
@@ -102,7 +102,9 @@ describe('Account Service test suite', () => {
 <%_ if (authenticationTypeJwt) { _%>
     localStorage.setItem('<%=jhiPrefixDashed %>-authenticationToken', 'token');
 <%_ } %>
-    axiosStub.get.resolves({ data: { authorities: ['USER'] } });
+    const account = { authorities: ['USER'] };
+    store.commit('authenticated', account);
+    axiosStub.get.resolves({ data: account });
     accountService = await new AccountService(store, <%_ if (enableTranslation) { _%>new TranslationService(store, i18n),<%_ } %><%_ if (authenticationTypeSession || authenticationTypeOauth2) { _%>mockedCookie,<%_ } %><%_ if (communicationSpringWebsocket) { _%>trackerService,<%_ } %> router);
 
     return accountService.hasAnyAuthorityAndCheckAuth('USER').then((value: boolean) => {