feat: hide write UI from read-only users (no WRITE_ALL permission) #17

New Issue

Closed

opened 2026-03-19 20:32:04 +01:00 by marcel · 0 comments

marcel commented 2026-03-19 20:32:04 +01:00

Owner

Copy Link

Problem

Users without WRITE_ALL permission (read-only users) currently see all edit buttons, "New Document" links, "New Person" links, edit forms, and merge sections. The backend correctly blocks the actual mutations via @RequirePermission(Permission.WRITE_ALL), but the UI gives no indication that those actions are unavailable — users click a button, get a 403, and are confused.

Reference pattern: The admin nav link is already conditionally hidden using isAdmin derived from page.data.user.groups. The same approach should be applied to all write UI.

---

Approach

1. Expose canWrite centrally in the layout load

Add canWrite to +layout.server.ts so it is available as page.data.canWrite on every page — no per-page boilerplate needed.

// src/routes/+layout.server.ts
return {
    user: locals.user,
    canWrite: locals.user?.groups?.some(g => g.permissions.includes('WRITE_ALL')) ?? false
};

2. Hide write UI in components

Use {#if page.data.canWrite} to wrap write-only elements (same pattern as the admin nav link):

File	Elements to hide
src/routes/+page.svelte	"Neues Dokument" link
src/routes/documents/[id]/+page.svelte	"Bearbeiten" button
src/routes/persons/+page.svelte	"Neue Person" link
src/routes/persons/[id]/+page.svelte	Edit button, inline edit form, merge section

3. Server-side route guards on write-only routes

Add a WRITE_ALL check in the load function of each write-only route — same pattern as the admin page. Throws 403 if a read-only user navigates there directly via the URL bar.

• src/routes/documents/new/+page.server.ts
• src/routes/documents/[id]/edit/+page.server.ts
• src/routes/persons/new/+page.server.ts

---

Acceptance Criteria

• A user with only read permissions sees no edit buttons, no "New Document" / "New Person" links, no merge section
• Direct URL navigation to /documents/new, /documents/:id/edit, /persons/new returns 403 for read-only users
• Users with WRITE_ALL see and can use all write UI as before
• ADMIN users are unaffected (admin implies separate permissions, not write access per se — check existing group setup)

## Problem Users without `WRITE_ALL` permission (read-only users) currently see all edit buttons, "New Document" links, "New Person" links, edit forms, and merge sections. The backend correctly blocks the actual mutations via `@RequirePermission(Permission.WRITE_ALL)`, but the UI gives no indication that those actions are unavailable — users click a button, get a 403, and are confused. **Reference pattern:** The admin nav link is already conditionally hidden using `isAdmin` derived from `page.data.user.groups`. The same approach should be applied to all write UI. --- ## Approach ### 1. Expose `canWrite` centrally in the layout load Add `canWrite` to `+layout.server.ts` so it is available as `page.data.canWrite` on every page — no per-page boilerplate needed. ```typescript // src/routes/+layout.server.ts return { user: locals.user, canWrite: locals.user?.groups?.some(g => g.permissions.includes('WRITE_ALL')) ?? false }; ``` ### 2. Hide write UI in components Use `{#if page.data.canWrite}` to wrap write-only elements (same pattern as the admin nav link): | File | Elements to hide | |---|---| | `src/routes/+page.svelte` | "Neues Dokument" link | | `src/routes/documents/[id]/+page.svelte` | "Bearbeiten" button | | `src/routes/persons/+page.svelte` | "Neue Person" link | | `src/routes/persons/[id]/+page.svelte` | Edit button, inline edit form, merge section | ### 3. Server-side route guards on write-only routes Add a `WRITE_ALL` check in the `load` function of each write-only route — same pattern as the admin page. Throws 403 if a read-only user navigates there directly via the URL bar. - `src/routes/documents/new/+page.server.ts` - `src/routes/documents/[id]/edit/+page.server.ts` - `src/routes/persons/new/+page.server.ts` --- ## Acceptance Criteria - [ ] A user with only read permissions sees no edit buttons, no "New Document" / "New Person" links, no merge section - [ ] Direct URL navigation to `/documents/new`, `/documents/:id/edit`, `/persons/new` returns 403 for read-only users - [ ] Users with `WRITE_ALL` see and can use all write UI as before - [ ] `ADMIN` users are unaffected (admin implies separate permissions, not write access per se — check existing group setup)

marcel referenced this issue from a commit 2026-03-20 10:06:12 +01:00

feat(layout): expose canWrite flag from layout server load

marcel referenced this issue from a commit 2026-03-20 10:06:13 +01:00

feat(ui): hide write UI from users without WRITE_ALL permission

marcel referenced this issue from a commit 2026-03-20 10:06:14 +01:00

feat(routes): add server-side WRITE_ALL guard on write-only routes

marcel closed this issue 2026-03-20 10:06:14 +01:00

marcel referenced this issue 2026-03-28 00:13:48 +01:00

feat: notifications, @mentions, and comment deep-links (#71 #72 #73) #127

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/issue-533-mass-import-ux

worktree-feat+issue-557-upload-artifact-v3-pin

worktree-chore+issue-556-drop-client-branches-coverage-gate

fix/issue-514-prerender-crawl-bakes-redirects

fix/issue-472-prerender-entries

feat/issue-395-readme

feat/issue-345-bulk-mark-reviewed

feat/issue-344-bell-tooltip

feat/issue-341-annotieren-contrast

feat/issue-225-bulk-metadata-edit

feat/issue-317-bulk-upload

feat/issue-271-dashboard-redesign

docs/issue-240-mission-control-spec

refactor/issues-193-200

feat/issue-162-korrespondenz-redesign

feature/68-new-document-file-first

feat/81-discussion-discoverability

feat/62-document-bottom-panel

feature/56-backfill-file-hashes

feat/38-document-edit-history

fix/svelte5-test-delegation-and-login-auth

No results found.

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#17