From bf609090b1b9c0649fdcb51b5acb3453deef84ca Mon Sep 17 00:00:00 2001 From: Emelia Smith Date: Tue, 12 Nov 2024 09:55:17 +0100 Subject: [PATCH] Fix: prevent linking to pages which require extra permissions (#32843) --- app/views/admin/dashboard/index.html.haml | 8 ++++---- app/views/admin/instances/_dashboard.html.haml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/views/admin/dashboard/index.html.haml b/app/views/admin/dashboard/index.html.haml index 2b4d02fa67..c3b7933293 100644 --- a/app/views/admin/dashboard/index.html.haml +++ b/app/views/admin/dashboard/index.html.haml @@ -16,7 +16,7 @@ .dashboard__item = react_admin_component :counter, end_at: @time_period.last, - href: admin_accounts_path(origin: 'local'), + href: current_user.can?(:manage_users) ? admin_accounts_path(origin: 'local') : nil, label: t('admin.dashboard.new_users'), measure: 'new_users', start_at: @time_period.first @@ -24,7 +24,7 @@ .dashboard__item = react_admin_component :counter, end_at: @time_period.last, - href: admin_accounts_path(origin: 'local'), + href: current_user.can?(:manage_users) ? admin_accounts_path(origin: 'local') : nil, label: t('admin.dashboard.active_users'), measure: 'active_users', start_at: @time_period.first @@ -39,7 +39,7 @@ .dashboard__item = react_admin_component :counter, end_at: @time_period.last, - href: admin_reports_path, + href: current_user.can?(:manage_reports) ? admin_reports_path : nil, label: t('admin.dashboard.opened_reports'), measure: 'opened_reports', start_at: @time_period.first @@ -47,7 +47,7 @@ .dashboard__item = react_admin_component :counter, end_at: @time_period.last, - href: admin_reports_path(resolved: '1'), + href: current_user.can?(:manage_reports) ? admin_reports_path(resolved: '1') : nil, label: t('admin.dashboard.resolved_reports'), measure: 'resolved_reports', start_at: @time_period.first diff --git a/app/views/admin/instances/_dashboard.html.haml b/app/views/admin/instances/_dashboard.html.haml index ef8500103b..16dcb051a2 100644 --- a/app/views/admin/instances/_dashboard.html.haml +++ b/app/views/admin/instances/_dashboard.html.haml @@ -7,7 +7,7 @@ .dashboard__item = react_admin_component :counter, end_at: period_end_at, - href: admin_accounts_path(origin: 'remote', by_domain: instance_domain), + href: current_user.can?(:manage_users) ? admin_accounts_path(origin: 'remote', by_domain: instance_domain) : nil, label: t('admin.instances.dashboard.instance_accounts_measure'), measure: 'instance_accounts', params: { domain: instance_domain }, @@ -43,7 +43,7 @@ .dashboard__item = react_admin_component :counter, end_at: period_end_at, - href: admin_reports_path(by_target_domain: instance_domain), + href: current_user.can?(:manage_reports) ? admin_reports_path(by_target_domain: instance_domain) : nil, label: t('admin.instances.dashboard.instance_reports_measure'), measure: 'instance_reports', params: { domain: instance_domain },