fix: regex percorsi editor senza bypass prefisso
This commit is contained in:
+1
-1
@@ -50,7 +50,7 @@ export function logout(db: Database.Database, token: string): void {
|
||||
}
|
||||
|
||||
// Percorsi admin consentiti anche al ruolo editor.
|
||||
const EDITOR_ALLOWED = [/^\/admin\/content(\/|$)?/, /^\/api\/admin\/content(\/|$)/, /^\/admin\/logout$/];
|
||||
const EDITOR_ALLOWED = [/^\/admin\/content(\/|$)/, /^\/api\/admin\/content(\/|$)/, /^\/admin\/logout$/];
|
||||
|
||||
export function canAccessAdminPath(role: string, pathname: string): boolean {
|
||||
if (role === 'admin') return true;
|
||||
|
||||
@@ -29,5 +29,9 @@ describe('ruoli', () => {
|
||||
expect(canAccessAdminPath('editor', '/admin/new')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/api/admin/posts')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/api/admin/upload')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/admin/contentious')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/admin/content-x')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/admin/content')).toBe(true);
|
||||
expect(canAccessAdminPath('editor', '/admin/content/')).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user