#24487 Access to the application is restricted to staff members only (#…

…1553) * only staff can access app * the error page * revert back the comment * update
bcgov · Jan 23, 2025 · 54f169c · 54f169c
1 parent 2fb9b44
commit 54f169c
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 3 deletions.
diff --git a/app/middleware/keycloak.global.ts b/app/middleware/keycloak.global.ts
@@ -1,4 +1,11 @@
 export default defineNuxtRouteMiddleware(async (to) => {
+
+  // Check metadata to skip middleware
+  if (to.meta.layout === 'empty') {
+    console.log('Skipping middleware for routes with blank layout.');
+    return;
+  }
+
   // remove query params in url added by keycloak
   // from https://github.com/bcgov/business-transparency-registry/blob/3a8a8364c3279859e130f2c7aae4feee6b65c5a2/btr-web/btr-common-components/middleware/setupAuth.global.ts#L13
   if (to.query) {
@@ -9,4 +16,21 @@ export default defineNuxtRouteMiddleware(async (to) => {
     params.delete('error')
     to.fullPath = to.path + (params.size > 0 ? `?${params}` : '') + to.hash
   }
+
+  // Access the Keycloak instance
+  const { $auth } = useNuxtApp(); 
+  console.log('Auth object:', JSON.stringify($auth, null, 2));
+
+  // Check if authentication data is available
+  if (!$auth?.tokenParsed ) {
+    console.error('Authentication object is not available. Redirecting to error page.');
+    return navigateTo('/error');
+  }
+
+  // Check if the user is a staff member
+  const userRoles = $auth.tokenParsed?.realm_access?.roles;
+  if (!userRoles?.includes('staff')) {
+    console.error('Access denied: You are not authorized to use this application.');
+    return navigateTo('/error'); // Redirect to an error page or login page
+  }
 })
diff --git a/app/package-lock.json b/app/package-lock.json
diff --git a/app/package.json b/app/package.json
@@ -1,6 +1,6 @@
 {
   "name": "name-examination",
-  "version": "1.2.37",
+  "version": "1.2.38",
   "private": true,
   "scripts": {
     "build": "nuxt generate",

diff --git a/app/pages/error.vue b/app/pages/error.vue
@@ -0,0 +1,12 @@
+<template>
+    <div class="text-center mt-20">
+      <h1 class="text-2xl font-bold mb-4">Access Denied</h1>
+      <p class="text-lg">You are not authorized to access this application.</p>
+    </div>
+  </template>
+
+<script setup>
+definePageMeta({
+  layout: 'empty', // Use the custom blank layout
+});
+</script>