feat(rbac): hide unauthorized menu sections and enforce route guards
This commit is contained in:
@@ -96,4 +96,12 @@
|
||||
|
||||
- **MVP**: Complete Phases 1 and 2. This gives a working auth system with local users.
|
||||
- **Increment 1**: Complete Phase 3. This adds the critical security controls (RBAC).
|
||||
- **Increment 2**: Complete Phase 4. This adds corporate SSO convenience.
|
||||
- **Increment 2**: Complete Phase 4. This adds corporate SSO convenience.
|
||||
|
||||
## Post-Delivery RBAC Navigation Hardening (2026-03-06)
|
||||
|
||||
- [x] D055 Investigate frontend navigation visibility mismatch (menu items shown despite backend 403 RBAC) in `frontend/src/lib/components/layout/Sidebar.svelte` and `frontend/src/lib/components/layout/TopNavbar.svelte`
|
||||
- [x] D056 Implement shared frontend permission utilities and route-level permission enforcement in `frontend/src/lib/auth/permissions.js` and `frontend/src/components/auth/ProtectedRoute.svelte`
|
||||
- [x] D057 Implement RBAC-aware sidebar navigation builder and integrate permission-filtered categories in `frontend/src/lib/components/layout/sidebarNavigation.js` and `frontend/src/lib/components/layout/Sidebar.svelte`
|
||||
- [x] D058 Add automated frontend tests for permission normalization/checking and sidebar visibility matrix in `frontend/src/lib/auth/__tests__/permissions.test.js` and `frontend/src/lib/components/layout/__tests__/sidebarNavigation.test.js`
|
||||
- [x] D059 Execute targeted frontend test verification for RBAC navigation filtering (`npm run test -- src/lib/auth/__tests__/permissions.test.js src/lib/components/layout/__tests__/sidebarNavigation.test.js`)
|
||||
Reference in New Issue
Block a user