mirror of
https://github.com/marcogll/ap_pos.git
synced 2026-01-13 13:15:16 +00:00
fix: Correct user role permissions and restrict dashboard/settings access
- Fix setupUIForRole selector to use correct data-tab attributes - Hide Dashboard and Settings tabs for regular users (non-admin) - Remove delete buttons from sales table for regular users - Set initial tab to 'Ventas' for regular users instead of Dashboard - Add comprehensive logging for role setup debugging - Update cache buster to v=101.0 for proper browser refresh Security improvements: - Regular users: Access to Ventas, Clientes, Productos only - Admin users: Full access to all sections including Dashboard/Settings - Proper enforcement of user role restrictions in UI 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Marco Gallegos
30
app.js
30
app.js
@@ -1,5 +1,5 @@
|
|||||||
import { load, save, remove, KEY_DATA, KEY_SETTINGS, KEY_CLIENTS } from './storage.js';
|
import { load, save, remove, KEY_DATA, KEY_SETTINGS, KEY_CLIENTS } from './storage.js';
|
||||||
import { renderTicketAndPrint } from './print.js?v=99.9';
|
import { renderTicketAndPrint } from './print.js?v=101.0';
|
||||||
|
|
||||||
// --- UTILITIES ---
|
// --- UTILITIES ---
|
||||||
function escapeHTML(str) {
|
function escapeHTML(str) {
|
||||||
@@ -818,12 +818,15 @@ function renderTable() {
|
|||||||
tr.insertCell().textContent = Number(mov.monto).toFixed(2);
|
tr.insertCell().textContent = Number(mov.monto).toFixed(2);
|
||||||
|
|
||||||
const actionsCell = tr.insertCell();
|
const actionsCell = tr.insertCell();
|
||||||
|
// Solo mostrar botón de eliminar para administradores
|
||||||
|
if (currentUser && currentUser.role === 'admin') {
|
||||||
const deleteButton = document.createElement('button');
|
const deleteButton = document.createElement('button');
|
||||||
deleteButton.className = 'action-btn';
|
deleteButton.className = 'action-btn';
|
||||||
deleteButton.dataset.id = mov.id;
|
deleteButton.dataset.id = mov.id;
|
||||||
deleteButton.dataset.action = 'delete';
|
deleteButton.dataset.action = 'delete';
|
||||||
deleteButton.textContent = 'Eliminar';
|
deleteButton.textContent = 'Eliminar';
|
||||||
actionsCell.appendChild(deleteButton);
|
actionsCell.appendChild(deleteButton);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1594,12 +1597,17 @@ function handleTestTicket() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function setupUIForRole(role) {
|
function setupUIForRole(role) {
|
||||||
const dashboardTab = document.querySelector('[data-tab="dashboard"]');
|
console.log('SETUP UI FOR ROLE:', role);
|
||||||
const settingsTab = document.querySelector('[data-tab="settings"]');
|
|
||||||
|
const dashboardTab = document.querySelector('[data-tab="tab-dashboard"]');
|
||||||
|
const settingsTab = document.querySelector('[data-tab="tab-settings"]');
|
||||||
const userManagementSection = document.getElementById('user-management-section');
|
const userManagementSection = document.getElementById('user-management-section');
|
||||||
const staffInput = document.getElementById('m-staff');
|
const staffInput = document.getElementById('m-staff');
|
||||||
const dbInfoIcon = document.getElementById('db-info-icon');
|
const dbInfoIcon = document.getElementById('db-info-icon');
|
||||||
|
|
||||||
|
console.log('Dashboard tab found:', !!dashboardTab);
|
||||||
|
console.log('Settings tab found:', !!settingsTab);
|
||||||
|
|
||||||
if (role === 'admin') {
|
if (role === 'admin') {
|
||||||
if (dashboardTab) dashboardTab.style.display = 'block';
|
if (dashboardTab) dashboardTab.style.display = 'block';
|
||||||
if (settingsTab) settingsTab.style.display = 'block';
|
if (settingsTab) settingsTab.style.display = 'block';
|
||||||
@@ -1617,8 +1625,16 @@ function setupUIForRole(role) {
|
|||||||
})
|
})
|
||||||
.catch(err => console.error(err));
|
.catch(err => console.error(err));
|
||||||
} else {
|
} else {
|
||||||
if (dashboardTab) dashboardTab.style.display = 'block';
|
// Usuario regular: NO acceso a Dashboard y Configuración
|
||||||
if (settingsTab) settingsTab.style.display = 'block';
|
console.log('CONFIGURANDO PARA USER REGULAR - OCULTANDO TABS');
|
||||||
|
if (dashboardTab) {
|
||||||
|
dashboardTab.style.display = 'none';
|
||||||
|
console.log('Dashboard tab oculto');
|
||||||
|
}
|
||||||
|
if (settingsTab) {
|
||||||
|
settingsTab.style.display = 'none';
|
||||||
|
console.log('Settings tab oculto');
|
||||||
|
}
|
||||||
if (userManagementSection) userManagementSection.style.display = 'none';
|
if (userManagementSection) userManagementSection.style.display = 'none';
|
||||||
if (dbInfoIcon) dbInfoIcon.style.display = 'none';
|
if (dbInfoIcon) dbInfoIcon.style.display = 'none';
|
||||||
}
|
}
|
||||||
@@ -1824,7 +1840,9 @@ async function initializeApp() {
|
|||||||
setupUIForRole(currentUser.role);
|
setupUIForRole(currentUser.role);
|
||||||
|
|
||||||
console.log('Activating initial tab...');
|
console.log('Activating initial tab...');
|
||||||
activateTab('tab-dashboard');
|
// Usuario regular va a ventas, admin va a dashboard
|
||||||
|
const initialTab = currentUser.role === 'admin' ? 'tab-dashboard' : 'tab-ventas';
|
||||||
|
activateTab(initialTab);
|
||||||
|
|
||||||
console.log('Activating client sub-tab...');
|
console.log('Activating client sub-tab...');
|
||||||
activateClientSubTab('sub-tab-register');
|
activateClientSubTab('sub-tab-register');
|
||||||
|
|||||||
@@ -629,6 +629,6 @@
|
|||||||
<div id="printArea" class="no-print"></div>
|
<div id="printArea" class="no-print"></div>
|
||||||
|
|
||||||
<script src="https://cdn.jsdelivr.net/npm/qrcode@1/build/qrcode.min.js"></script>
|
<script src="https://cdn.jsdelivr.net/npm/qrcode@1/build/qrcode.min.js"></script>
|
||||||
<script type="module" src="app.js?v=99.9"></script>
|
<script type="module" src="app.js?v=101.0"></script>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
Reference in New Issue
Block a user