v4675-subscription_page_security

composables/utils/useRedirect.ts

@@ -0,0 +1,21 @@
+import UrlUtils from "~/services/utils/urlUtils";
+
+export const useRedirect = () => {
+    const runtimeConfig = useRuntimeConfig()
+
+    const redirectToLogout = () => {
+        if (!runtimeConfig.baseUrlAdminLegacy) {
+            throw new Error('Configuration error : no redirection target')
+        }
+        navigateTo(UrlUtils.join(runtimeConfig.baseUrlAdminLegacy, '#/logout'), {external: true})
+    }
+
+    const redirectToHome = () => {
+        if (!runtimeConfig.baseUrlAdminLegacy) {
+            throw new Error('Configuration error : no redirection target')
+        }
+        navigateTo(UrlUtils.join(runtimeConfig.baseUrlAdminLegacy, '#/dashboard'), {external: true})
+    }
+
+    return { redirectToLogout, redirectToHome }
+}

composables/utils/useRedirectToLogout.ts

@@ -1,12 +0,0 @@
-import UrlUtils from "~/services/utils/urlUtils";
-
-export const useRedirectToLogout = () => {
-    const runtimeConfig = useRuntimeConfig()
-
-    return () => {
-        if (!runtimeConfig.baseUrlAdminLegacy) {
-            throw new Error('Configuration error : no redirection target')
-        }
-        navigateTo(UrlUtils.join(runtimeConfig.baseUrlAdminLegacy, '#/logout'), {external: true})
-    }
-}

pages/subscription.vue

@@ -283,13 +283,13 @@ Page 'Mon abonnement'
   import MobytUserStatus from "~/models/Organization/MobytUserStatus";
   import {Ref} from "@vue/reactivity";
   import {useDisplay} from "vuetify";
+  import {useRedirect} from "~/composables/utils/useRedirect";
 
   const ability = useAbility()
 
-  onBeforeMount(() => {
-    if(!ability.can('display', 'subscription_page'))
-      return navigateTo('/error')
-  })
+  if(!ability.can('display', 'subscription_page')) {
+    throw new Error('Forbidden')
+  }
 
   const showDolibarrPanel = computed(() => !dolibarrPending.value && dolibarrAccount.value && dolibarrAccount.value.bills.length > 0)
 

plugins/init.server.ts

@@ -1,10 +1,10 @@
 import {useAccessProfileStore} from "~/stores/accessProfile";
 import {useEntityManager} from "~/composables/data/useEntityManager";
 import UnauthorizedError from "~/services/error/UnauthorizedError";
-import {useRedirectToLogout} from "~/composables/utils/useRedirectToLogout";
+import {useRedirect} from "~/composables/utils/useRedirect";
 
 export default defineNuxtPlugin(async () => {
-    const redirectToLogout = useRedirectToLogout()
+    const { redirectToLogout } = useRedirect()
 
     const bearer = useCookie('BEARER')
     let accessCookieId = useCookie('AccessId')