From 19e776a772d07d4aa96386c1ab2c4467070672d0 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Wed, 31 Jan 2024 10:33:05 +0000
Subject: [PATCH 01/15] manage-data pages

---
 frontend/middleware/admin-only.ts        |  4 ++--
 frontend/middleware/can-organize-only.ts | 12 ++++++++++++
 frontend/pages/group/data/categories.vue |  1 +
 frontend/pages/group/data/foods.vue      |  2 +-
 frontend/pages/group/data/labels.vue     |  1 +
 frontend/pages/group/data/recipes.vue    |  1 +
 frontend/pages/group/data/tags.vue       |  1 +
 frontend/pages/group/data/tools.vue      |  1 +
 frontend/pages/group/data/units.vue      |  1 +
 frontend/pages/user/profile/index.vue    | 22 +++++++++++-----------
 10 files changed, 32 insertions(+), 14 deletions(-)
 create mode 100644 frontend/middleware/can-organize-only.ts

diff --git a/frontend/middleware/admin-only.ts b/frontend/middleware/admin-only.ts
index 66a4e00f3566..b55f603d5151 100644
--- a/frontend/middleware/admin-only.ts
+++ b/frontend/middleware/admin-only.ts
@@ -1,8 +1,8 @@
-interface AuthRedirectParams {
+interface AdminRedirectParams {
     $auth: any
     redirect: (path: string) => void
 }
-export default function ({ $auth, redirect }: AuthRedirectParams) {
+export default function ({ $auth, redirect }: AdminRedirectParams) {
     // If the user is not an admin redirect to the home page
     if (!$auth.user.admin) {
         return redirect("/")
diff --git a/frontend/middleware/can-organize-only.ts b/frontend/middleware/can-organize-only.ts
new file mode 100644
index 000000000000..9bb6b6603d75
--- /dev/null
+++ b/frontend/middleware/can-organize-only.ts
@@ -0,0 +1,12 @@
+interface CanOrganizeRedirectParams {
+    $auth: any
+    redirect: (path: string) => void
+}
+export default function ({ $auth, redirect }: CanOrganizeRedirectParams) {
+    console.log($auth.user);
+    // If the user is not allowed to organize redirect to the home page
+    if (!$auth.user.canOrganize) {
+        console.warn("User is not allowed to organize data");
+        return redirect("/")
+    }
+}
diff --git a/frontend/pages/group/data/categories.vue b/frontend/pages/group/data/categories.vue
index 290e4f79e083..038c716c0e43 100644
--- a/frontend/pages/group/data/categories.vue
+++ b/frontend/pages/group/data/categories.vue
@@ -73,6 +73,7 @@ import { useCategoryStore, useCategoryData } from "~/composables/store";
 import { RecipeCategory } from "~/lib/api/types/admin";
 
 export default defineComponent({
+  middleware: ["auth", "can-organize-only"],
   setup() {
     const { i18n } = useContext();
     const tableConfig = {
diff --git a/frontend/pages/group/data/foods.vue b/frontend/pages/group/data/foods.vue
index 32eda4322b7d..aca6f2074fb5 100644
--- a/frontend/pages/group/data/foods.vue
+++ b/frontend/pages/group/data/foods.vue
@@ -201,8 +201,8 @@ import { useFoodStore, useLabelStore } from "~/composables/store";
 import { VForm } from "~/types/vuetify";
 
 export default defineComponent({
-
   components: { MultiPurposeLabel, RecipeDataAliasManagerDialog },
+  middleware: ["auth", "can-organize-only"],
   setup() {
     const userApi = useUserApi();
     const { i18n } = useContext();
diff --git a/frontend/pages/group/data/labels.vue b/frontend/pages/group/data/labels.vue
index 604135b05873..7d1e45ea85d0 100644
--- a/frontend/pages/group/data/labels.vue
+++ b/frontend/pages/group/data/labels.vue
@@ -122,6 +122,7 @@ import { useLabelData, useLabelStore } from "~/composables/store";
 
 export default defineComponent({
   components: { MultiPurposeLabel },
+  middleware: ["auth", "can-organize-only"],
   setup() {
     const userApi = useUserApi();
     const { i18n } = useContext();
diff --git a/frontend/pages/group/data/recipes.vue b/frontend/pages/group/data/recipes.vue
index 0803f285badc..2cd55aad4ea9 100644
--- a/frontend/pages/group/data/recipes.vue
+++ b/frontend/pages/group/data/recipes.vue
@@ -176,6 +176,7 @@ enum MODES {
 
 export default defineComponent({
   components: { RecipeDataTable, RecipeOrganizerSelector, GroupExportData, RecipeSettingsSwitches },
+  middleware: ["auth", "can-organize-only"],
   scrollToTop: true,
   setup() {
     const { getAllRecipes, refreshRecipes } = useRecipes(true, true);
diff --git a/frontend/pages/group/data/tags.vue b/frontend/pages/group/data/tags.vue
index 076a23f08b4d..b2440b4e5c0c 100644
--- a/frontend/pages/group/data/tags.vue
+++ b/frontend/pages/group/data/tags.vue
@@ -73,6 +73,7 @@ import { useTagStore, useTagData } from "~/composables/store";
 import { RecipeTag } from "~/lib/api/types/admin";
 
 export default defineComponent({
+  middleware: ["auth", "can-organize-only"],
   setup() {
     const { i18n } = useContext();
     const tableConfig = {
diff --git a/frontend/pages/group/data/tools.vue b/frontend/pages/group/data/tools.vue
index 4ff3c547819b..49825faf2da1 100644
--- a/frontend/pages/group/data/tools.vue
+++ b/frontend/pages/group/data/tools.vue
@@ -80,6 +80,7 @@ import { useToolStore, useToolData } from "~/composables/store";
 import { RecipeTool } from "~/lib/api/types/admin";
 
 export default defineComponent({
+  middleware: ["auth", "can-organize-only"],
   setup() {
     const { i18n } = useContext();
     const tableConfig = {
diff --git a/frontend/pages/group/data/units.vue b/frontend/pages/group/data/units.vue
index 9ce5fa991110..f1d42ba464f1 100644
--- a/frontend/pages/group/data/units.vue
+++ b/frontend/pages/group/data/units.vue
@@ -218,6 +218,7 @@ import { VForm } from "~/types/vuetify";
 
 export default defineComponent({
   components: { RecipeDataAliasManagerDialog },
+  middleware: ["auth", "can-organize-only"],
   setup() {
     const userApi = useUserApi();
     const { i18n } = useContext();
diff --git a/frontend/pages/user/profile/index.vue b/frontend/pages/user/profile/index.vue
index ddb011550d1a..54a1e1b48708 100644
--- a/frontend/pages/user/profile/index.vue
+++ b/frontend/pages/user/profile/index.vue
@@ -162,17 +162,16 @@
             </UserProfileLinkCard>
           </v-col>
         </AdvancedOnly>
-        <AdvancedOnly>
-          <v-col cols="12" sm="12" md="6">
-            <UserProfileLinkCard
-              :link="{ text: $tc('profile.manage-data'), to: `/group/data/foods` }"
-              :image="require('~/static/svgs/manage-recipes.svg')"
-            >
-              <template #title> {{ $t('profile.manage-data') }} </template>
-              {{ $t('profile.manage-data-description') }}
-            </UserProfileLinkCard>
-          </v-col>
-        </AdvancedOnly>
+        <!-- $auth.user.canOrganize should not be null because of the auth middleware -->
+        <v-col v-if="$auth.user.canOrganize" cols="12" sm="12" md="6">
+          <UserProfileLinkCard
+            :link="{ text: $tc('profile.manage-data'), to: `/group/data/foods` }"
+            :image="require('~/static/svgs/manage-recipes.svg')"
+          >
+            <template #title> {{ $t('profile.manage-data') }} </template>
+            {{ $t('profile.manage-data-description') }}
+          </UserProfileLinkCard>
+        </v-col>
         <AdvancedOnly>
           <v-col cols="12" sm="12" md="6">
             <UserProfileLinkCard
@@ -208,6 +207,7 @@ export default defineComponent({
     UserAvatar,
     StatsCards,
   },
+  middleware: ["auth"],
   scrollToTop: true,
   setup() {
     const { $auth, i18n } = useContext();

From 8d2d57168375f1499cf1da5e84b1ae7483f1710e Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Wed, 31 Jan 2024 11:56:15 +0000
Subject: [PATCH 02/15] add avanced-only

---
 frontend/middleware/advanced-only.ts     | 11 +++++++++++
 frontend/middleware/can-organize-only.ts |  1 -
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 frontend/middleware/advanced-only.ts

diff --git a/frontend/middleware/advanced-only.ts b/frontend/middleware/advanced-only.ts
new file mode 100644
index 000000000000..e9d69a2fd852
--- /dev/null
+++ b/frontend/middleware/advanced-only.ts
@@ -0,0 +1,11 @@
+interface AdvancedOnlyRedirectParams {
+    $auth: any
+    redirect: (path: string) => void
+}
+export default function ({ $auth, redirect }: AdvancedOnlyRedirectParams) {
+    // If the user is not allowed to organize redirect to the home page
+    if (!$auth.user.advanced) {
+        console.warn("User is not allowed to access advanced features");
+        return redirect("/")
+    }
+}
diff --git a/frontend/middleware/can-organize-only.ts b/frontend/middleware/can-organize-only.ts
index 9bb6b6603d75..93d6c5c5aabf 100644
--- a/frontend/middleware/can-organize-only.ts
+++ b/frontend/middleware/can-organize-only.ts
@@ -3,7 +3,6 @@ interface CanOrganizeRedirectParams {
     redirect: (path: string) => void
 }
 export default function ({ $auth, redirect }: CanOrganizeRedirectParams) {
-    console.log($auth.user);
     // If the user is not allowed to organize redirect to the home page
     if (!$auth.user.canOrganize) {
         console.warn("User is not allowed to organize data");

From 7dafa6c7fe2e0d446de4de77b7924b74352ee817 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Wed, 31 Jan 2024 15:25:21 +0000
Subject: [PATCH 03/15] add access controll to user pages

---
 frontend/pages/user/_id/favorites.vue      | 1 +
 frontend/pages/user/profile/api-tokens.vue | 1 +
 frontend/pages/user/profile/edit.vue       | 1 +
 frontend/pages/user/profile/index.vue      | 2 +-
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/frontend/pages/user/_id/favorites.vue b/frontend/pages/user/_id/favorites.vue
index ec4e5c8fd984..603428d428e7 100644
--- a/frontend/pages/user/_id/favorites.vue
+++ b/frontend/pages/user/_id/favorites.vue
@@ -14,6 +14,7 @@ import { useAsyncKey } from "~/composables/use-utils";
 
 export default defineComponent({
   components: { RecipeCardSection },
+  middleware: "auth",
   setup() {
     const api = useUserApi();
     const route = useRoute();
diff --git a/frontend/pages/user/profile/api-tokens.vue b/frontend/pages/user/profile/api-tokens.vue
index 8e41c6216986..8b6d21b361b9 100644
--- a/frontend/pages/user/profile/api-tokens.vue
+++ b/frontend/pages/user/profile/api-tokens.vue
@@ -69,6 +69,7 @@ import { useUserApi } from "~/composables/api";
 import { VForm } from "~/types/vuetify";
 
 export default defineComponent({
+  middleware: ["auth", "advanced-only"],
   setup() {
     const nuxtContext = useContext();
 
diff --git a/frontend/pages/user/profile/edit.vue b/frontend/pages/user/profile/edit.vue
index 3eadc87ed1c9..2681e9c5df68 100644
--- a/frontend/pages/user/profile/edit.vue
+++ b/frontend/pages/user/profile/edit.vue
@@ -135,6 +135,7 @@ export default defineComponent({
     UserAvatar,
     UserPasswordStrength,
   },
+  middleware: "auth",
   setup() {
     const { $auth } = useContext();
     const user = computed(() => $auth.user as unknown as UserOut);
diff --git a/frontend/pages/user/profile/index.vue b/frontend/pages/user/profile/index.vue
index 54a1e1b48708..37041726747e 100644
--- a/frontend/pages/user/profile/index.vue
+++ b/frontend/pages/user/profile/index.vue
@@ -207,7 +207,7 @@ export default defineComponent({
     UserAvatar,
     StatsCards,
   },
-  middleware: ["auth"],
+  middleware: "auth",
   scrollToTop: true,
   setup() {
     const { $auth, i18n } = useContext();

From 890b5d93a70b3072f0f26e177f06346b4816f0d6 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Thu, 1 Feb 2024 07:50:09 +0000
Subject: [PATCH 04/15] access controll coobook index page

---
 frontend/pages/g/_groupSlug/cookbooks/index.vue | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/frontend/pages/g/_groupSlug/cookbooks/index.vue b/frontend/pages/g/_groupSlug/cookbooks/index.vue
index db99713c3bcb..35ad12fa8111 100644
--- a/frontend/pages/g/_groupSlug/cookbooks/index.vue
+++ b/frontend/pages/g/_groupSlug/cookbooks/index.vue
@@ -90,24 +90,17 @@
 </template>
 
 <script lang="ts">
-import { defineComponent, useRouter } from "@nuxtjs/composition-api";
+import { defineComponent } from "@nuxtjs/composition-api";
 import draggable from "vuedraggable";
 import { useCookbooks } from "@/composables/use-group-cookbooks";
-import { useLoggedInState } from "~/composables/use-logged-in-state";
 import RecipeOrganizerSelector from "~/components/Domain/Recipe/RecipeOrganizerSelector.vue";
 
 export default defineComponent({
   components: { draggable, RecipeOrganizerSelector },
+  middleware: "auth",
   setup() {
-    const { isOwnGroup, loggedIn } = useLoggedInState();
-    const router = useRouter();
-
-    if (!(loggedIn.value && isOwnGroup.value)) {
-      router.back();
-    }
-
     const { cookbooks, actions } = useCookbooks();
-
+    console.log(cookbooks);
     return {
       cookbooks,
       actions,

From 88529457bf5a71d08dd94eb5a77ffcd310f8befe Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Thu, 1 Feb 2024 07:50:34 +0000
Subject: [PATCH 05/15] =?UTF-8?q?=F0=9F=A7=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 frontend/pages/g/_groupSlug/cookbooks/index.vue | 1 -
 1 file changed, 1 deletion(-)

diff --git a/frontend/pages/g/_groupSlug/cookbooks/index.vue b/frontend/pages/g/_groupSlug/cookbooks/index.vue
index 35ad12fa8111..8a6e0c52d437 100644
--- a/frontend/pages/g/_groupSlug/cookbooks/index.vue
+++ b/frontend/pages/g/_groupSlug/cookbooks/index.vue
@@ -100,7 +100,6 @@ export default defineComponent({
   middleware: "auth",
   setup() {
     const { cookbooks, actions } = useCookbooks();
-    console.log(cookbooks);
     return {
       cookbooks,
       actions,

From 5ef23e0330c6eb914126e6f770b2139ec6767ce8 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Fri, 2 Feb 2024 14:43:59 +0000
Subject: [PATCH 06/15] add group-only middleware

---
 frontend/middleware/group-only.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 frontend/middleware/group-only.ts

diff --git a/frontend/middleware/group-only.ts b/frontend/middleware/group-only.ts
new file mode 100644
index 000000000000..92882287cafe
--- /dev/null
+++ b/frontend/middleware/group-only.ts
@@ -0,0 +1,11 @@
+interface GroupOnlyRedirectParams {
+  $auth: any
+  route: any
+  redirect: (path: string) => void
+}
+
+export default function ({ $auth, route, redirect }: GroupOnlyRedirectParams) {
+  if (route.params.groupSlug !== $auth.user.groupSlug) {
+    redirect("/")
+  }
+}

From 0301713214def9fca05bef09806c951452a64ec6 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Fri, 2 Feb 2024 14:45:30 +0000
Subject: [PATCH 07/15] add auth and group only to groupSlug pages

---
 frontend/pages/g/_groupSlug/cookbooks/index.vue           | 2 +-
 frontend/pages/g/_groupSlug/r/_slug/ingredient-parser.vue | 1 +
 frontend/pages/g/_groupSlug/r/create.vue                  | 1 +
 frontend/pages/g/_groupSlug/recipes/categories/index.vue  | 1 +
 frontend/pages/g/_groupSlug/recipes/tags/index.vue        | 1 +
 frontend/pages/g/_groupSlug/recipes/timeline.vue          | 1 +
 frontend/pages/g/_groupSlug/recipes/tools/index.vue       | 1 +
 7 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/frontend/pages/g/_groupSlug/cookbooks/index.vue b/frontend/pages/g/_groupSlug/cookbooks/index.vue
index 8a6e0c52d437..cb9ed03d36ff 100644
--- a/frontend/pages/g/_groupSlug/cookbooks/index.vue
+++ b/frontend/pages/g/_groupSlug/cookbooks/index.vue
@@ -97,7 +97,7 @@ import RecipeOrganizerSelector from "~/components/Domain/Recipe/RecipeOrganizerS
 
 export default defineComponent({
   components: { draggable, RecipeOrganizerSelector },
-  middleware: "auth",
+  middleware: ["auth", "group-only"],
   setup() {
     const { cookbooks, actions } = useCookbooks();
     return {
diff --git a/frontend/pages/g/_groupSlug/r/_slug/ingredient-parser.vue b/frontend/pages/g/_groupSlug/r/_slug/ingredient-parser.vue
index 358a9a25fc1f..aa5327818cd9 100644
--- a/frontend/pages/g/_groupSlug/r/_slug/ingredient-parser.vue
+++ b/frontend/pages/g/_groupSlug/r/_slug/ingredient-parser.vue
@@ -123,6 +123,7 @@ export default defineComponent({
   components: {
     RecipeIngredientEditor,
   },
+  middleware: ["auth", "group-only"],
   setup() {
     const { $auth } = useContext();
     const panels = ref<number[]>([]);
diff --git a/frontend/pages/g/_groupSlug/r/create.vue b/frontend/pages/g/_groupSlug/r/create.vue
index 064500f5fa68..2fd3f4bdfc48 100644
--- a/frontend/pages/g/_groupSlug/r/create.vue
+++ b/frontend/pages/g/_groupSlug/r/create.vue
@@ -33,6 +33,7 @@ import AdvancedOnly from "~/components/global/AdvancedOnly.vue";
 
 export default defineComponent({
   components: { AdvancedOnly },
+  middleware: ["auth", "group-only"],
   setup() {
     const { $auth, $globals, i18n } = useContext();
 
diff --git a/frontend/pages/g/_groupSlug/recipes/categories/index.vue b/frontend/pages/g/_groupSlug/recipes/categories/index.vue
index 0c986c374041..1cc94cf8681b 100644
--- a/frontend/pages/g/_groupSlug/recipes/categories/index.vue
+++ b/frontend/pages/g/_groupSlug/recipes/categories/index.vue
@@ -22,6 +22,7 @@ export default defineComponent({
   components: {
     RecipeOrganizerPage,
   },
+  middleware: ["auth", "group-only"],
   setup() {
     const { items, actions } = useCategoryStore();
 
diff --git a/frontend/pages/g/_groupSlug/recipes/tags/index.vue b/frontend/pages/g/_groupSlug/recipes/tags/index.vue
index f8d1f21857fd..861fead9face 100644
--- a/frontend/pages/g/_groupSlug/recipes/tags/index.vue
+++ b/frontend/pages/g/_groupSlug/recipes/tags/index.vue
@@ -22,6 +22,7 @@ export default defineComponent({
   components: {
     RecipeOrganizerPage,
   },
+  middleware: ["auth", "group-only"],
   setup() {
     const { items, actions } = useTagStore();
 
diff --git a/frontend/pages/g/_groupSlug/recipes/timeline.vue b/frontend/pages/g/_groupSlug/recipes/timeline.vue
index 913baaafafd8..114cf9b34480 100644
--- a/frontend/pages/g/_groupSlug/recipes/timeline.vue
+++ b/frontend/pages/g/_groupSlug/recipes/timeline.vue
@@ -17,6 +17,7 @@ import RecipeTimeline from "~/components/Domain/Recipe/RecipeTimeline.vue";
 
 export default defineComponent({
   components: { RecipeTimeline },
+  middleware: ["auth", "group-only"],
   setup() {
     const api = useUserApi();
     const ready = ref<boolean>(false);
diff --git a/frontend/pages/g/_groupSlug/recipes/tools/index.vue b/frontend/pages/g/_groupSlug/recipes/tools/index.vue
index 9f086448d4fe..ff2eaa8b205c 100644
--- a/frontend/pages/g/_groupSlug/recipes/tools/index.vue
+++ b/frontend/pages/g/_groupSlug/recipes/tools/index.vue
@@ -22,6 +22,7 @@ export default defineComponent({
   components: {
     RecipeOrganizerPage,
   },
+  middleware: ["auth", "group-only"],
   setup() {
     const toolStore = useToolStore();
     const dialog = ref(false);

From e7f5a4adff02295c3b6a4df05ce88711e84ab449 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Fri, 2 Feb 2024 14:58:39 +0000
Subject: [PATCH 08/15] move middleware for manage data page to parrent
 component

---
 frontend/pages/group/data.vue            | 1 +
 frontend/pages/group/data/categories.vue | 1 -
 frontend/pages/group/data/foods.vue      | 1 -
 frontend/pages/group/data/labels.vue     | 1 -
 frontend/pages/group/data/recipes.vue    | 1 -
 frontend/pages/group/data/tags.vue       | 1 -
 frontend/pages/group/data/tools.vue      | 1 -
 frontend/pages/group/data/units.vue      | 1 -
 8 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/frontend/pages/group/data.vue b/frontend/pages/group/data.vue
index abf7041103f0..f48b59a9c305 100644
--- a/frontend/pages/group/data.vue
+++ b/frontend/pages/group/data.vue
@@ -30,6 +30,7 @@
 import { computed, defineComponent, useContext, useRoute } from "@nuxtjs/composition-api";
 
 export default defineComponent({
+  middleware: ["auth", "can-organize-only"],
   props: {
     value: {
       type: Boolean,
diff --git a/frontend/pages/group/data/categories.vue b/frontend/pages/group/data/categories.vue
index 038c716c0e43..290e4f79e083 100644
--- a/frontend/pages/group/data/categories.vue
+++ b/frontend/pages/group/data/categories.vue
@@ -73,7 +73,6 @@ import { useCategoryStore, useCategoryData } from "~/composables/store";
 import { RecipeCategory } from "~/lib/api/types/admin";
 
 export default defineComponent({
-  middleware: ["auth", "can-organize-only"],
   setup() {
     const { i18n } = useContext();
     const tableConfig = {
diff --git a/frontend/pages/group/data/foods.vue b/frontend/pages/group/data/foods.vue
index aca6f2074fb5..43470809d786 100644
--- a/frontend/pages/group/data/foods.vue
+++ b/frontend/pages/group/data/foods.vue
@@ -202,7 +202,6 @@ import { VForm } from "~/types/vuetify";
 
 export default defineComponent({
   components: { MultiPurposeLabel, RecipeDataAliasManagerDialog },
-  middleware: ["auth", "can-organize-only"],
   setup() {
     const userApi = useUserApi();
     const { i18n } = useContext();
diff --git a/frontend/pages/group/data/labels.vue b/frontend/pages/group/data/labels.vue
index 7d1e45ea85d0..604135b05873 100644
--- a/frontend/pages/group/data/labels.vue
+++ b/frontend/pages/group/data/labels.vue
@@ -122,7 +122,6 @@ import { useLabelData, useLabelStore } from "~/composables/store";
 
 export default defineComponent({
   components: { MultiPurposeLabel },
-  middleware: ["auth", "can-organize-only"],
   setup() {
     const userApi = useUserApi();
     const { i18n } = useContext();
diff --git a/frontend/pages/group/data/recipes.vue b/frontend/pages/group/data/recipes.vue
index 2cd55aad4ea9..0803f285badc 100644
--- a/frontend/pages/group/data/recipes.vue
+++ b/frontend/pages/group/data/recipes.vue
@@ -176,7 +176,6 @@ enum MODES {
 
 export default defineComponent({
   components: { RecipeDataTable, RecipeOrganizerSelector, GroupExportData, RecipeSettingsSwitches },
-  middleware: ["auth", "can-organize-only"],
   scrollToTop: true,
   setup() {
     const { getAllRecipes, refreshRecipes } = useRecipes(true, true);
diff --git a/frontend/pages/group/data/tags.vue b/frontend/pages/group/data/tags.vue
index b2440b4e5c0c..076a23f08b4d 100644
--- a/frontend/pages/group/data/tags.vue
+++ b/frontend/pages/group/data/tags.vue
@@ -73,7 +73,6 @@ import { useTagStore, useTagData } from "~/composables/store";
 import { RecipeTag } from "~/lib/api/types/admin";
 
 export default defineComponent({
-  middleware: ["auth", "can-organize-only"],
   setup() {
     const { i18n } = useContext();
     const tableConfig = {
diff --git a/frontend/pages/group/data/tools.vue b/frontend/pages/group/data/tools.vue
index 49825faf2da1..4ff3c547819b 100644
--- a/frontend/pages/group/data/tools.vue
+++ b/frontend/pages/group/data/tools.vue
@@ -80,7 +80,6 @@ import { useToolStore, useToolData } from "~/composables/store";
 import { RecipeTool } from "~/lib/api/types/admin";
 
 export default defineComponent({
-  middleware: ["auth", "can-organize-only"],
   setup() {
     const { i18n } = useContext();
     const tableConfig = {
diff --git a/frontend/pages/group/data/units.vue b/frontend/pages/group/data/units.vue
index f1d42ba464f1..9ce5fa991110 100644
--- a/frontend/pages/group/data/units.vue
+++ b/frontend/pages/group/data/units.vue
@@ -218,7 +218,6 @@ import { VForm } from "~/types/vuetify";
 
 export default defineComponent({
   components: { RecipeDataAliasManagerDialog },
-  middleware: ["auth", "can-organize-only"],
   setup() {
     const userApi = useUserApi();
     const { i18n } = useContext();

From 4cee8ea8792e6f5495737b016b6048b64c829fc6 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Fri, 2 Feb 2024 15:14:48 +0000
Subject: [PATCH 09/15] add can manage restriction

---
 frontend/middleware/can-manage-only.ts | 12 ++++++++++++
 frontend/pages/group/index.vue         |  1 +
 2 files changed, 13 insertions(+)
 create mode 100644 frontend/middleware/can-manage-only.ts

diff --git a/frontend/middleware/can-manage-only.ts b/frontend/middleware/can-manage-only.ts
new file mode 100644
index 000000000000..defdb89ad4b8
--- /dev/null
+++ b/frontend/middleware/can-manage-only.ts
@@ -0,0 +1,12 @@
+interface CanManageRedirectParams {
+  $auth: any
+  redirect: (path: string) => void
+}
+export default function ({ $auth, redirect }: CanManageRedirectParams) {
+  // If the user is not allowed to organize redirect to the home page
+  console.log($auth.user)
+  if (!$auth.user.canManage) {
+    console.warn("User is not allowed to manage group settings");
+    return redirect("/")
+  }
+}
diff --git a/frontend/pages/group/index.vue b/frontend/pages/group/index.vue
index 9b4e24678da3..b9893b25faee 100644
--- a/frontend/pages/group/index.vue
+++ b/frontend/pages/group/index.vue
@@ -65,6 +65,7 @@ import { useGroupSelf } from "~/composables/use-groups";
 import { ReadGroupPreferences } from "~/lib/api/types/group";
 
 export default defineComponent({
+  middleware: ["auth", "can-manage-only"],
   setup() {
     const { group, actions: groupActions } = useGroupSelf();
 

From f4df68a9e2e20992dd2791e1912668a49ccf92b9 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Fri, 2 Feb 2024 15:36:10 +0000
Subject: [PATCH 10/15] restrict access to /group pages

---
 frontend/pages/group/mealplan/planner.vue  | 1 +
 frontend/pages/group/mealplan/settings.vue | 1 +
 frontend/pages/group/members.vue           | 1 +
 frontend/pages/group/migrations.vue        | 1 +
 frontend/pages/group/notifiers.vue         | 1 +
 frontend/pages/group/webhooks.vue          | 1 +
 6 files changed, 6 insertions(+)

diff --git a/frontend/pages/group/mealplan/planner.vue b/frontend/pages/group/mealplan/planner.vue
index 1ae451f9a251..3ddc56ba967b 100644
--- a/frontend/pages/group/mealplan/planner.vue
+++ b/frontend/pages/group/mealplan/planner.vue
@@ -46,6 +46,7 @@ import { isSameDay, addDays, parseISO } from "date-fns";
 import { useMealplans } from "~/composables/use-group-mealplan";
 
 export default defineComponent({
+  middleware: ["auth"],
   setup() {
     const route = useRoute();
     const router = useRouter();
diff --git a/frontend/pages/group/mealplan/settings.vue b/frontend/pages/group/mealplan/settings.vue
index 580832196370..122719306c52 100644
--- a/frontend/pages/group/mealplan/settings.vue
+++ b/frontend/pages/group/mealplan/settings.vue
@@ -98,6 +98,7 @@ export default defineComponent({
     GroupMealPlanRuleForm,
     RecipeChips,
   },
+  middleware: ["auth"],
   props: {
     value: {
       type: Boolean,
diff --git a/frontend/pages/group/members.vue b/frontend/pages/group/members.vue
index 539a67d4e1d9..ec3a3c844543 100644
--- a/frontend/pages/group/members.vue
+++ b/frontend/pages/group/members.vue
@@ -78,6 +78,7 @@ export default defineComponent({
   components: {
     UserAvatar,
   },
+  middleware: ["auth"],
   setup() {
     const api = useUserApi();
 
diff --git a/frontend/pages/group/migrations.vue b/frontend/pages/group/migrations.vue
index 06466c588a58..af57585f4755 100644
--- a/frontend/pages/group/migrations.vue
+++ b/frontend/pages/group/migrations.vue
@@ -85,6 +85,7 @@ const MIGRATIONS = {
 };
 
 export default defineComponent({
+  middleware: ["auth", "advanced-only"],
   setup() {
     const { $globals, i18n } = useContext();
 
diff --git a/frontend/pages/group/notifiers.vue b/frontend/pages/group/notifiers.vue
index 732deedb64a6..12e5cf252c3d 100644
--- a/frontend/pages/group/notifiers.vue
+++ b/frontend/pages/group/notifiers.vue
@@ -124,6 +124,7 @@ interface OptionSection {
 }
 
 export default defineComponent({
+  middleware: ["auth", "advanced-only"],
   setup() {
     const api = useUserApi();
 
diff --git a/frontend/pages/group/webhooks.vue b/frontend/pages/group/webhooks.vue
index 134541fc07c5..e5a59ae805dd 100644
--- a/frontend/pages/group/webhooks.vue
+++ b/frontend/pages/group/webhooks.vue
@@ -50,6 +50,7 @@ import GroupWebhookEditor from "~/components/Domain/Group/GroupWebhookEditor.vue
 
 export default defineComponent({
   components: { GroupWebhookEditor },
+  middleware: ["auth", "advanced-only"],
   setup() {
     const { actions, webhooks } = useGroupWebhooks();
 

From c9acc48bd6f6d319787ecb142b41a485ba538d84 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Fri, 2 Feb 2024 15:56:26 +0000
Subject: [PATCH 11/15] add group reports

---
 frontend/pages/group/reports/_id.vue | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frontend/pages/group/reports/_id.vue b/frontend/pages/group/reports/_id.vue
index fb0646f93048..2fcd33b565d8 100644
--- a/frontend/pages/group/reports/_id.vue
+++ b/frontend/pages/group/reports/_id.vue
@@ -34,6 +34,7 @@ import { useUserApi } from "~/composables/api";
 import { ReportOut } from "~/lib/api/types/reports";
 
 export default defineComponent({
+  middleware: "auth",
   setup() {
     const route = useRoute();
     const id = route.value.params.id;

From e75b5f2f158ede687ed6976f4e6f3c60a045c55f Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Fri, 2 Feb 2024 16:00:18 +0000
Subject: [PATCH 12/15] add shopping lists

---
 frontend/pages/shopping-lists/_id.vue   | 1 +
 frontend/pages/shopping-lists/index.vue | 1 +
 2 files changed, 2 insertions(+)

diff --git a/frontend/pages/shopping-lists/_id.vue b/frontend/pages/shopping-lists/_id.vue
index 8ea06124484f..a8150f19bd6b 100644
--- a/frontend/pages/shopping-lists/_id.vue
+++ b/frontend/pages/shopping-lists/_id.vue
@@ -235,6 +235,7 @@ export default defineComponent({
     RecipeList,
     ShoppingListItemEditor,
   },
+  middleware: "auth",
   setup() {
     const { $auth, i18n } = useContext();
     const preferences = useShoppingListPreferences();
diff --git a/frontend/pages/shopping-lists/index.vue b/frontend/pages/shopping-lists/index.vue
index fecbbe4e64a9..9a504f7be13d 100644
--- a/frontend/pages/shopping-lists/index.vue
+++ b/frontend/pages/shopping-lists/index.vue
@@ -44,6 +44,7 @@ import { useUserApi } from "~/composables/api";
 import { useAsyncKey } from "~/composables/use-utils";
 
 export default defineComponent({
+  middleware: "auth",
   setup() {
     const { $auth } = useContext();
     const userApi = useUserApi();

From 6beea06a41bba67348225b9a2958d88f36163593 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Fri, 2 Feb 2024 16:17:38 +0000
Subject: [PATCH 13/15] show group settings option only to users that can
 manage the group

---
 frontend/pages/user/profile/index.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/pages/user/profile/index.vue b/frontend/pages/user/profile/index.vue
index 37041726747e..24a4e0f38a2d 100644
--- a/frontend/pages/user/profile/index.vue
+++ b/frontend/pages/user/profile/index.vue
@@ -113,7 +113,7 @@
         <p>{{ $t('profile.group-description') }}</p>
       </div>
       <v-row tag="section">
-        <v-col cols="12" sm="12" md="6">
+        <v-col v-if="$auth.user.canManage" cols="12" sm="12" md="6">
           <UserProfileLinkCard
             :link="{ text: $tc('profile.group-settings'), to: `/group` }"
             :image="require('~/static/svgs/manage-group-settings.svg')"

From 9cc59e81d6e6d8398a6b7832cce4e00b8b215dd3 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Fri, 2 Feb 2024 16:41:31 +0000
Subject: [PATCH 14/15] add comment to group-only

---
 frontend/middleware/group-only.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frontend/middleware/group-only.ts b/frontend/middleware/group-only.ts
index 92882287cafe..84f28f12725d 100644
--- a/frontend/middleware/group-only.ts
+++ b/frontend/middleware/group-only.ts
@@ -5,6 +5,7 @@ interface GroupOnlyRedirectParams {
 }
 
 export default function ({ $auth, route, redirect }: GroupOnlyRedirectParams) {
+  // this can only be used for routes that have a groupSlug parameter (e.g. /g/:groupSlug/...)
   if (route.params.groupSlug !== $auth.user.groupSlug) {
     redirect("/")
   }

From 7dbc03172595ca3e184b19d5956b7b5bea627bc6 Mon Sep 17 00:00:00 2001
From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
Date: Wed, 7 Feb 2024 11:28:26 +0000
Subject: [PATCH 15/15] update comments

---
 frontend/middleware/advanced-only.ts   | 2 +-
 frontend/middleware/can-manage-only.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/middleware/advanced-only.ts b/frontend/middleware/advanced-only.ts
index e9d69a2fd852..378e3044b3ea 100644
--- a/frontend/middleware/advanced-only.ts
+++ b/frontend/middleware/advanced-only.ts
@@ -3,7 +3,7 @@ interface AdvancedOnlyRedirectParams {
     redirect: (path: string) => void
 }
 export default function ({ $auth, redirect }: AdvancedOnlyRedirectParams) {
-    // If the user is not allowed to organize redirect to the home page
+    // If the user is not allowed to access advanced features redirect to the home page
     if (!$auth.user.advanced) {
         console.warn("User is not allowed to access advanced features");
         return redirect("/")
diff --git a/frontend/middleware/can-manage-only.ts b/frontend/middleware/can-manage-only.ts
index defdb89ad4b8..9c09819ca3d6 100644
--- a/frontend/middleware/can-manage-only.ts
+++ b/frontend/middleware/can-manage-only.ts
@@ -3,7 +3,7 @@ interface CanManageRedirectParams {
   redirect: (path: string) => void
 }
 export default function ({ $auth, redirect }: CanManageRedirectParams) {
-  // If the user is not allowed to organize redirect to the home page
+  // If the user is not allowed to manage group settings redirect to the home page
   console.log($auth.user)
   if (!$auth.user.canManage) {
     console.warn("User is not allowed to manage group settings");