diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 6c9ad44..2dea325 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -50,7 +50,7 @@ export function logout(db: Database.Database, token: string): void { } // Percorsi admin consentiti anche al ruolo editor. -const EDITOR_ALLOWED = [/^\/admin\/content(\/|$)?/, /^\/api\/admin\/content(\/|$)/, /^\/admin\/logout$/]; +const EDITOR_ALLOWED = [/^\/admin\/content(\/|$)/, /^\/api\/admin\/content(\/|$)/, /^\/admin\/logout$/]; export function canAccessAdminPath(role: string, pathname: string): boolean { if (role === 'admin') return true; diff --git a/tests/roles.test.ts b/tests/roles.test.ts index 53394b7..af5c1d9 100644 --- a/tests/roles.test.ts +++ b/tests/roles.test.ts @@ -29,5 +29,9 @@ describe('ruoli', () => { expect(canAccessAdminPath('editor', '/admin/new')).toBe(false); expect(canAccessAdminPath('editor', '/api/admin/posts')).toBe(false); expect(canAccessAdminPath('editor', '/api/admin/upload')).toBe(false); + expect(canAccessAdminPath('editor', '/admin/contentious')).toBe(false); + expect(canAccessAdminPath('editor', '/admin/content-x')).toBe(false); + expect(canAccessAdminPath('editor', '/admin/content')).toBe(true); + expect(canAccessAdminPath('editor', '/admin/content/')).toBe(true); }); });