[AC-1452] Restrict access to 'Organization Info' and 'Two-Step Login' settings pages with a permission check (#9483)

* Guard Organization Info route - Owners only * Guard TwoFactor route - Owners only and Organization must be able to use 2FA * Update guards to use function syntax --------- Co-authored-by: Addison Beck <hello@addisonbeck.com>
2024-11-04 09:01:01 +01:00 · 2024-07-03 17:45:49 +01:00 · 2024-07-03 17:45:49 +01:00 · a9abc772c2
commit a9abc772c2
parent 9c17878330
1 changed files with 12 additions and 2 deletions
--- a/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts
+++ b/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts
@ -22,11 +22,21 @@ const routes: Routes = [
        canActivate: [organizationRedirectGuard(getSettingsRoute)],
        children: [], // This is required to make the auto redirect work,
      },
-      { path: "account", component: AccountComponent, data: { titleId: "organizationInfo" } },
+      {
+        path: "account",
+        component: AccountComponent,
+        canActivate: [organizationPermissionsGuard((o) => o.isOwner)],
+        data: {
+          titleId: "organizationInfo",
+        },
+      },
      {
        path: "two-factor",
        component: TwoFactorSetupComponent,
-        data: { titleId: "twoStepLogin" },
+        canActivate: [organizationPermissionsGuard((o) => o.use2fa && o.isOwner)],
+        data: {
+          titleId: "twoStepLogin",
+        },
      },
      {
        path: "policies",