From 030588e5bb3c5492e6355c9dddf648cdfc4f53f1 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Sun, 14 Jan 2024 17:03:31 +0100
Subject: [PATCH] fix admin pages accessible by non admin users (#2988)

Co-authored-by: Michael Genson <71845777+michael-genson@users.noreply.github.com>
---
 frontend/layouts/admin.vue        |  2 +-
 frontend/middleware/admin-only.ts | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 frontend/middleware/admin-only.ts

diff --git a/frontend/layouts/admin.vue b/frontend/layouts/admin.vue
index 5e63f38e9dea..c6222faa40bd 100644
--- a/frontend/layouts/admin.vue
+++ b/frontend/layouts/admin.vue
@@ -34,7 +34,7 @@ import { SidebarLinks } from "~/types/application-types";
 
 export default defineComponent({
   components: { AppHeader, AppSidebar, TheSnackbar },
-  middleware: "auth",
+  middleware: ["auth", "admin-only"],
   auth: true,
   setup() {
     const { $globals, i18n, $vuetify } = useContext();
diff --git a/frontend/middleware/admin-only.ts b/frontend/middleware/admin-only.ts
new file mode 100644
index 000000000000..66a4e00f3566
--- /dev/null
+++ b/frontend/middleware/admin-only.ts
@@ -0,0 +1,10 @@
+interface AuthRedirectParams {
+    $auth: any
+    redirect: (path: string) => void
+}
+export default function ({ $auth, redirect }: AuthRedirectParams) {
+    // If the user is not an admin redirect to the home page
+    if (!$auth.user.admin) {
+        return redirect("/")
+    }
+}