Moved payment settings access control to route

no issue - having owner-only access control in the template meant the route was accessible but would show a blank page - updated access control in the `members-payments` route to redirect admins to the settings index screen and non-admins to the default home screen
2025-02-24 23:48:13 -05:00 · 2021-04-20 17:08:54 +01:00 · 2021-04-20 17:08:54 +01:00 · 04760132e9
commit 04760132e9
parent 4e2a7b9af5
3 changed files with 8 additions and 11 deletions
--- a/ghost/admin/app/controllers/settings/members-payments.js
+++ b/ghost/admin/app/controllers/settings/members-payments.js
@ -4,7 +4,6 @@ import {inject as service} from '@ember/service';
 import {task} from 'ember-concurrency';

 export default Controller.extend({
-    session: service(),
    settings: service(),

    actions: {
--- a/ghost/admin/app/routes/settings/members-payments.js
+++ b/ghost/admin/app/routes/settings/members-payments.js
@ -1,8 +1,7 @@
 import AuthenticatedRoute from 'ghost-admin/routes/authenticated';
-import CurrentUserSettings from 'ghost-admin/mixins/current-user-settings';
 import {inject as service} from '@ember/service';

-export default AuthenticatedRoute.extend(CurrentUserSettings, {
+export default AuthenticatedRoute.extend({
    settings: service(),
    notifications: service(),
    queryParams: {
@ -16,9 +15,13 @@ export default AuthenticatedRoute.extend(CurrentUserSettings, {

    beforeModel() {
        this._super(...arguments);
-        return this.get('session.user')
-            .then(this.transitionAuthor())
-            .then(this.transitionEditor());
+        return this.get('session.user').then((user) => {
+            if (!user.isOwner && user.isAdmin) {
+                return this.transitionTo('settings');
+            } else if (!user.isOwner) {
+                return this.transitionTo('home');
+            }
+        });
    },

    model() {
--- a/ghost/admin/app/templates/settings/members-payments.hbs
+++ b/ghost/admin/app/templates/settings/members-payments.hbs
@ -17,16 +17,11 @@
    </GhCanvasHeader>

    <section class="view-container settings-debug">
-
-        {{#if this.session.user.isOwner}}
        <div class="gh-setting-liquid-section">
            <GhMembersPaymentsSetting
                @setDefaultContentVisibility={{action "setDefaultContentVisibility"}}
                @setStripeConnectIntegrationTokenSetting={{action "setStripeConnectIntegrationTokenSetting"}}
            />
        </div>
-
-        {{/if}}
-
    </section>
 </section>