mirror of
https://github.com/marcogll/ap_pos.git
synced 2026-01-13 13:15:16 +00:00
fix: Correct user role permissions and restrict dashboard/settings access
- Fix setupUIForRole selector to use correct data-tab attributes - Hide Dashboard and Settings tabs for regular users (non-admin) - Remove delete buttons from sales table for regular users - Set initial tab to 'Ventas' for regular users instead of Dashboard - Add comprehensive logging for role setup debugging - Update cache buster to v=101.0 for proper browser refresh Security improvements: - Regular users: Access to Ventas, Clientes, Productos only - Admin users: Full access to all sections including Dashboard/Settings - Proper enforcement of user role restrictions in UI 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Marco Gallegos
30
app.js
30
app.js
@@ -1,5 +1,5 @@
|
||||
import { load, save, remove, KEY_DATA, KEY_SETTINGS, KEY_CLIENTS } from './storage.js';
|
||||
import { renderTicketAndPrint } from './print.js?v=99.9';
|
||||
import { renderTicketAndPrint } from './print.js?v=101.0';
|
||||
|
||||
// --- UTILITIES ---
|
||||
function escapeHTML(str) {
|
||||
@@ -818,12 +818,15 @@ function renderTable() {
|
||||
tr.insertCell().textContent = Number(mov.monto).toFixed(2);
|
||||
|
||||
const actionsCell = tr.insertCell();
|
||||
// Solo mostrar botón de eliminar para administradores
|
||||
if (currentUser && currentUser.role === 'admin') {
|
||||
const deleteButton = document.createElement('button');
|
||||
deleteButton.className = 'action-btn';
|
||||
deleteButton.dataset.id = mov.id;
|
||||
deleteButton.dataset.action = 'delete';
|
||||
deleteButton.textContent = 'Eliminar';
|
||||
actionsCell.appendChild(deleteButton);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@@ -1594,12 +1597,17 @@ function handleTestTicket() {
|
||||
}
|
||||
|
||||
function setupUIForRole(role) {
|
||||
const dashboardTab = document.querySelector('[data-tab="dashboard"]');
|
||||
const settingsTab = document.querySelector('[data-tab="settings"]');
|
||||
console.log('SETUP UI FOR ROLE:', role);
|
||||
|
||||
const dashboardTab = document.querySelector('[data-tab="tab-dashboard"]');
|
||||
const settingsTab = document.querySelector('[data-tab="tab-settings"]');
|
||||
const userManagementSection = document.getElementById('user-management-section');
|
||||
const staffInput = document.getElementById('m-staff');
|
||||
const dbInfoIcon = document.getElementById('db-info-icon');
|
||||
|
||||
console.log('Dashboard tab found:', !!dashboardTab);
|
||||
console.log('Settings tab found:', !!settingsTab);
|
||||
|
||||
if (role === 'admin') {
|
||||
if (dashboardTab) dashboardTab.style.display = 'block';
|
||||
if (settingsTab) settingsTab.style.display = 'block';
|
||||
@@ -1617,8 +1625,16 @@ function setupUIForRole(role) {
|
||||
})
|
||||
.catch(err => console.error(err));
|
||||
} else {
|
||||
if (dashboardTab) dashboardTab.style.display = 'block';
|
||||
if (settingsTab) settingsTab.style.display = 'block';
|
||||
// Usuario regular: NO acceso a Dashboard y Configuración
|
||||
console.log('CONFIGURANDO PARA USER REGULAR - OCULTANDO TABS');
|
||||
if (dashboardTab) {
|
||||
dashboardTab.style.display = 'none';
|
||||
console.log('Dashboard tab oculto');
|
||||
}
|
||||
if (settingsTab) {
|
||||
settingsTab.style.display = 'none';
|
||||
console.log('Settings tab oculto');
|
||||
}
|
||||
if (userManagementSection) userManagementSection.style.display = 'none';
|
||||
if (dbInfoIcon) dbInfoIcon.style.display = 'none';
|
||||
}
|
||||
@@ -1824,7 +1840,9 @@ async function initializeApp() {
|
||||
setupUIForRole(currentUser.role);
|
||||
|
||||
console.log('Activating initial tab...');
|
||||
activateTab('tab-dashboard');
|
||||
// Usuario regular va a ventas, admin va a dashboard
|
||||
const initialTab = currentUser.role === 'admin' ? 'tab-dashboard' : 'tab-ventas';
|
||||
activateTab(initialTab);
|
||||
|
||||
console.log('Activating client sub-tab...');
|
||||
activateClientSubTab('sub-tab-register');
|
||||
|
||||
@@ -629,6 +629,6 @@
|
||||
<div id="printArea" class="no-print"></div>
|
||||
|
||||
<script src="https://cdn.jsdelivr.net/npm/qrcode@1/build/qrcode.min.js"></script>
|
||||
<script type="module" src="app.js?v=99.9"></script>
|
||||
<script type="module" src="app.js?v=101.0"></script>
|
||||
</body>
|
||||
</html>
|
||||
Reference in New Issue
Block a user