From 5d4a77fb10ddfdcc08d83318f968250ef7e7f17a Mon Sep 17 00:00:00 2001
From: dswbx <dennis.senn@gmx.ch>
Date: Fri, 24 Oct 2025 09:20:59 +0200
Subject: [PATCH] Update permission context handling and improve JSON field
 component

- Enhanced `MediaController` to include context in the `entityCreate` permission for better access control.
- Refactored permission checks in `useBkndAuth` to ensure correct validation of role permissions.
- Modified `JsonField` component to directly use `formData` in `JsonEditor`, simplifying data handling and improving user experience.
---
 app/src/media/api/MediaController.ts                 |  4 +++-
 app/src/ui/client/schema/auth/use-bknd-auth.ts       |  2 +-
 .../components/form/json-schema/fields/JsonField.tsx | 12 +-----------
 3 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/app/src/media/api/MediaController.ts b/app/src/media/api/MediaController.ts
index e1f795b..0523b6a 100644
--- a/app/src/media/api/MediaController.ts
+++ b/app/src/media/api/MediaController.ts
@@ -189,7 +189,9 @@ export class MediaController extends Controller {
             }),
          ),
          jsc("query", s.object({ overwrite: s.boolean().optional() })),
-         permission(DataPermissions.entityCreate, {}),
+         permission(DataPermissions.entityCreate, {
+            context: (c) => ({ entity: c.req.param("entity") }),
+         }),
          permission(MediaPermissions.uploadFile, {}),
          async (c) => {
             const { entity: entity_name, id: entity_id, field: field_name } = c.req.valid("param");
diff --git a/app/src/ui/client/schema/auth/use-bknd-auth.ts b/app/src/ui/client/schema/auth/use-bknd-auth.ts
index b48d1e1..7f83358 100644
--- a/app/src/ui/client/schema/auth/use-bknd-auth.ts
+++ b/app/src/ui/client/schema/auth/use-bknd-auth.ts
@@ -49,7 +49,7 @@ export function useBkndAuth() {
          has_admin: Object.entries(config.auth.roles ?? {}).some(
             ([name, role]) =>
                role.implicit_allow ||
-               minimum_permissions.every((p) => role.permissions?.includes(p)),
+               minimum_permissions.every((p) => role.permissions?.some((p) => p.permission === p)),
          ),
       },
       routes: {
diff --git a/app/src/ui/components/form/json-schema/fields/JsonField.tsx b/app/src/ui/components/form/json-schema/fields/JsonField.tsx
index 1517a29..9fd2d5a 100644
--- a/app/src/ui/components/form/json-schema/fields/JsonField.tsx
+++ b/app/src/ui/components/form/json-schema/fields/JsonField.tsx
@@ -10,23 +10,13 @@ export default function JsonField({
    readonly,
    ...props
 }: FieldProps) {
-   const value = JSON.stringify(formData, null, 2);
-
-   function handleChange(data) {
-      try {
-         onChange(JSON.parse(data));
-      } catch (err) {
-         console.error(err);
-      }
-   }
-
    const isDisabled = disabled || readonly;
    const id = props.idSchema.$id;
 
    return (
       <div className="flex flex-col gap-2">
          <Label label={props.name} id={id} />
-         <JsonEditor value={value} editable={!isDisabled} onChange={handleChange} />
+         <JsonEditor value={formData} editable={!isDisabled} onChange={onChange} />
       </div>
    );
 }