fix(auth): register /settings/oidc route for admins only
Non-admins fall through to the catch-all redirect instead of seeing the OIDC settings page shell. Sidebar link, in-page guard and the admin-only backend API remain as defense in depth. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -136,7 +136,7 @@ export default function App() {
|
|||||||
<Route path="/roles" element={<RoleEditorPage />} />
|
<Route path="/roles" element={<RoleEditorPage />} />
|
||||||
<Route path="/users" element={<UsersPage />} />
|
<Route path="/users" element={<UsersPage />} />
|
||||||
<Route path="/monitor" element={<MonitorPage />} />
|
<Route path="/monitor" element={<MonitorPage />} />
|
||||||
<Route path="/settings/oidc" element={<OidcSettingsPage />} />
|
{user?.is_admin && <Route path="/settings/oidc" element={<OidcSettingsPage />} />}
|
||||||
<Route path="/oidc/callback" element={<OidcCallbackPage onToken={loginWithToken} />} />
|
<Route path="/oidc/callback" element={<OidcCallbackPage onToken={loginWithToken} />} />
|
||||||
<Route path="*" element={<Navigate to="/" />} />
|
<Route path="*" element={<Navigate to="/" />} />
|
||||||
</Routes>
|
</Routes>
|
||||||
|
|||||||
Reference in New Issue
Block a user