Update permission context handling and improve JSON field component

- Enhanced `MediaController` to include context in the `entityCreate` permission for better access control. - Refactored permission checks in `useBkndAuth` to ensure correct validation of role permissions. - Modified `JsonField` component to directly use `formData` in `JsonEditor`, simplifying data handling and improving user experience.
2026-03-16 04:27:21 +00:00 · 2025-10-24 09:20:59 +02:00
parent eb0822bbff
commit 5d4a77fb10
3 changed files with 5 additions and 13 deletions
--- a/app/src/media/api/MediaController.ts
+++ b/app/src/media/api/MediaController.ts
@@ -189,7 +189,9 @@ export class MediaController extends Controller {
            }),
         ),
         jsc("query", s.object({ overwrite: s.boolean().optional() })),
-         permission(DataPermissions.entityCreate, {}),
+         permission(DataPermissions.entityCreate, {
+            context: (c) => ({ entity: c.req.param("entity") }),
+         }),
         permission(MediaPermissions.uploadFile, {}),
         async (c) => {
            const { entity: entity_name, id: entity_id, field: field_name } = c.req.valid("param");
--- a/app/src/ui/client/schema/auth/use-bknd-auth.ts
+++ b/app/src/ui/client/schema/auth/use-bknd-auth.ts
@@ -49,7 +49,7 @@ export function useBkndAuth() {
         has_admin: Object.entries(config.auth.roles ?? {}).some(
            ([name, role]) =>
               role.implicit_allow ||
-               minimum_permissions.every((p) => role.permissions?.includes(p)),
+               minimum_permissions.every((p) => role.permissions?.some((p) => p.permission === p)),
         ),
      },
      routes: {
--- a/app/src/ui/components/form/json-schema/fields/JsonField.tsx
+++ b/app/src/ui/components/form/json-schema/fields/JsonField.tsx
@@ -10,23 +10,13 @@ export default function JsonField({
   readonly,
   ...props
 }: FieldProps) {
-   const value = JSON.stringify(formData, null, 2);
-
-   function handleChange(data) {
-      try {
-         onChange(JSON.parse(data));
-      } catch (err) {
-         console.error(err);
-      }
-   }
-
   const isDisabled = disabled || readonly;
   const id = props.idSchema.$id;

   return (
      <div className="flex flex-col gap-2">
         <Label label={props.name} id={id} />
-         <JsonEditor value={value} editable={!isDisabled} onChange={handleChange} />
+         <JsonEditor value={formData} editable={!isDisabled} onChange={onChange} />
      </div>
   );
 }