fix(auth): enforce document and govdoc route grants
This commit is contained in:
@@ -54,7 +54,7 @@ class HomeServiceImpl(IHomeService):
|
||||
_DEFAULT_FEATURES_BY_PROFILE: dict[str, list[str]] = {
|
||||
"document_review": ["home", "documents", "upload", "rules", "rule_groups"],
|
||||
"contract": ["home", "documents", "upload", "rules", "contract_template_search", "contract_template_list"],
|
||||
"govdoc": ["home", "govdoc_audits", "govdoc_upload", "rule_groups"],
|
||||
"govdoc": ["home", "govdoc_audits", "govdoc_upload", "rules"],
|
||||
"cross_checking": ["cross_checking", "cross_checking_upload", "cross_checking_list"],
|
||||
"custom": ["home", "documents"],
|
||||
}
|
||||
@@ -553,6 +553,8 @@ class HomeServiceImpl(IHomeService):
|
||||
normalized: list[str] = []
|
||||
for item in parsed:
|
||||
feature = str(item or "").strip()
|
||||
if menu_profile == "govdoc" and feature == "rule_groups":
|
||||
feature = "rules"
|
||||
if feature in allowed_features and feature not in normalized:
|
||||
normalized.append(feature)
|
||||
return normalized or list(cls._DEFAULT_FEATURES_BY_PROFILE[menu_profile])
|
||||
|
||||
Reference in New Issue
Block a user