Home Explore Help
Register Sign In
Code_Uwe
/
rhl-lieferscheine
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 160daa168e
Branches Tags
rhl-lieferschei...
/
components
/
auth
/
BranchGuard.jsx

BranchGuard.jsx 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. "use client";
    2. 

  2. 

  3. import React from "react";
    4. 

  4. 

  5. import { useAuth } from "@/components/auth/authContext";
    6. 

  6. import { getBranches } from "@/lib/frontend/apiClient";
    7. 

  7. import {
    8. 

  8. 	decideBranchUi,
    9. 

  9. 	BRANCH_UI_DECISION,
    10. 

  10. } from "@/lib/frontend/rbac/branchUiDecision";
    11. 

  11. 

  12. import ForbiddenView from "@/components/system/ForbiddenView";
    13. 

  13. import NotFoundView from "@/components/system/NotFoundView";
    14. 

  14. 

  15. const BRANCH_LIST_STATE = Object.freeze({
    16. 

  16. 	IDLE: "idle",
    17. 

  17. 	LOADING: "loading",
    18. 

  18. 	READY: "ready",
    19. 

  19. 	ERROR: "error",
    20. 

  20. });
    21. 

  21. 

  22. /**
    23. 

  23.  * BranchGuard
    24. 

  24.  *
    25. 

  25.  * UX improvement:
    26. 

  26.  * - We do NOT block rendering while admin/dev branch list is loading.
    27. 

  27.  * - Existence validation is applied once the list is READY.
    28. 

  28.  * - While LOADING/ERROR we fail open to avoid "solo spinner" screens.
    29. 

  29.  *
    30. 

  30.  * Security note:
    31. 

  31.  * - Backend RBAC remains authoritative.
    32. 

  32.  * - Branch users are enforced immediately (no existence check needed).
    33. 

  33.  */
    34. 

  34. export default function BranchGuard({ branch, children }) {
    35. 

  35. 	const { status, user } = useAuth();
    36. 

  36. 

  37. 	const isAuthenticated = status === "authenticated" && user;
    38. 

  38. 	const needsExistenceCheck =
    39. 

  39. 		isAuthenticated && (user.role === "admin" || user.role === "dev");
    40. 

  40. 

  41. 	const [branchList, setBranchList] = React.useState({
    42. 

  42. 		status: BRANCH_LIST_STATE.IDLE,
    43. 

  43. 		branches: null,
    44. 

  44. 	});
    45. 

  45. 

  46. 	React.useEffect(() => {
    47. 

  47. 		if (!needsExistenceCheck) return;
    48. 

  48. 

  49. 		let cancelled = false;
    50. 

  50. 

  51. 		setBranchList({ status: BRANCH_LIST_STATE.LOADING, branches: null });
    52. 

  52. 

  53. 		(async () => {
    54. 

  54. 			try {
    55. 

  55. 				const res = await getBranches();
    56. 

  56. 				if (cancelled) return;
    57. 

  57. 

  58. 				const branches = Array.isArray(res?.branches) ? res.branches : [];
    59. 

  59. 				setBranchList({ status: BRANCH_LIST_STATE.READY, branches });
    60. 

  60. 			} catch (err) {
    61. 

  61. 				if (cancelled) return;
    62. 

  62. 

  63. 				// Fail open: do not block navigation if validation fails.
    64. 

  64. 				console.error("[BranchGuard] getBranches failed:", err);
    65. 

  65. 				setBranchList({ status: BRANCH_LIST_STATE.ERROR, branches: null });
    66. 

  66. 			}
    67. 

  67. 		})();
    68. 

  68. 

  69. 		return () => {
    70. 

  70. 			cancelled = true;
    71. 

  71. 		};
    72. 

  72. 	}, [needsExistenceCheck, user?.userId]);
    73. 

  73. 

  74. 	if (!isAuthenticated) return children;
    75. 

  75. 

  76. 	// Only apply existence validation when the list is READY.
    77. 

  77. 	const allowedBranches =
    78. 

  78. 		branchList.status === BRANCH_LIST_STATE.READY ? branchList.branches : null;
    79. 

  79. 

  80. 	const decision = decideBranchUi({
    81. 

  81. 		user,
    82. 

  82. 		branch,
    83. 

  83. 		allowedBranches,
    84. 

  84. 	});
    85. 

  85. 

  86. 	if (decision === BRANCH_UI_DECISION.FORBIDDEN) {
    87. 

  87. 		return <ForbiddenView attemptedBranch={branch} />;
    88. 

  88. 	}
    89. 

  89. 

  90. 	if (decision === BRANCH_UI_DECISION.NOT_FOUND) {
    91. 

  91. 		return <NotFoundView />;
    92. 

  92. 	}
    93. 

  93. 

  94. 	return children;
    95. 

  95. }
    96.