Move behind dedicated permission

markspolakovs · markspolakovs · commit e83cb6bd7fd5 · 2025-02-16T16:51:37.000Z
diff --git a/app/(authenticated)/user/[id]/page.tsx b/app/(authenticated)/user/[id]/page.tsx
@@ -6,6 +6,6 @@ export default async function ArbitraryUserPage({
 }: {
   params: { id: string };
 }) {
-  await requirePermission("Admin.Users");
+  await requirePermission("People.ViewProfile.All");
   return <UserPage id={parseInt(params.id, 10)} />;
 }
diff --git a/lib/auth/permissions.ts b/lib/auth/permissions.ts
@@ -4,7 +4,7 @@ import { z } from "zod";
  * Available permissions. Should contain all the ones that users are expected
  * to have, along with some special ones:
  * * MEMBER - any logged in user
- * * PUBLIC - open to the world with no authentication
+ * * PUBLIC - open to the world with no authentication (not implemented)
  * * SuperUser - can do anything (don't use this unless you know what you're doing)
  */
 export const PermissionEnum = z.enum([
@@ -27,6 +27,7 @@ export const PermissionEnum = z.enum([
   "CheckWithTech.Submit",
   "CheckWithTech.Admin",
   "ManageQuotes",
+  "People.ViewProfile.All",
   "Admin.Users",
   "Admin.Roles",
   "Admin.Positions",

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@ export default async function ArbitraryUserPage({`
`6`	`6`	`}: {`
`7`	`7`	`params: { id: string };`
`8`	`8`	`}) {`
`9`		`- await requirePermission("Admin.Users");`
	`9`	`+ await requirePermission("People.ViewProfile.All");`
`10`	`10`	`return <UserPage id={parseInt(params.id, 10)} />;`
`11`	`11`	`}`