From 5f1d9f37401aef9f67a6a9f692439f7302e8e0fc Mon Sep 17 00:00:00 2001 From: AdrianoDev Date: Sun, 5 Jul 2026 15:38:21 +0200 Subject: [PATCH] feat: middleware limita editor ai percorsi contenuti --- src/middleware.ts | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/middleware.ts b/src/middleware.ts index fa8dcfd..bed89db 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -1,6 +1,6 @@ import { defineMiddleware } from 'astro:middleware'; import { getDb } from './lib/db'; -import { getSessionUser, SESSION_COOKIE } from './lib/auth'; +import { getSessionUser, SESSION_COOKIE, canAccessAdminPath } from './lib/auth'; export const onRequest = defineMiddleware((context, next) => { const { pathname } = context.url; @@ -19,6 +19,16 @@ export const onRequest = defineMiddleware((context, next) => { } return context.redirect('/admin/login'); } + + if (!canAccessAdminPath(user.role, pathname)) { + if (pathname.startsWith('/api/')) { + return new Response(JSON.stringify({ error: 'Permessi insufficienti' }), { + status: 403, headers: { 'Content-Type': 'application/json' }, + }); + } + return context.redirect('/admin/content'); + } + context.locals.user = user; return next(); });