diff --git a/ui/src/stores/authStore.js b/ui/src/stores/authStore.js index e17eda2..82e0557 100644 --- a/ui/src/stores/authStore.js +++ b/ui/src/stores/authStore.js @@ -3,6 +3,40 @@ import { defineStore } from 'pinia' import api from 'src/services/api' import { usePermissionStore } from 'stores/permissionStore' +function normalizeRoleCode (value) { + return String(value || '').trim().toLowerCase() +} + +function roleCodeFromUser (user) { + if (!user || typeof user !== 'object') return '' + + return normalizeRoleCode( + user.role_code ?? + user.roleCode ?? + user.RoleCode + ) +} + +function decodeJwtPayload (token) { + const raw = String(token || '').trim() + if (!raw) return null + + const parts = raw.split('.') + if (parts.length !== 3) return null + + try { + const base64 = parts[1] + .replace(/-/g, '+') + .replace(/_/g, '/') + .padEnd(Math.ceil(parts[1].length / 4) * 4, '=') + + const json = atob(base64) + return JSON.parse(json) + } catch { + return null + } +} + export const useAuthStore = defineStore('auth', { state: () => { let user = null @@ -29,8 +63,13 @@ export const useAuthStore = defineStore('auth', { mustChangePassword: s => !!s.forcePasswordChange, // 🔥 TEK ADMIN KURALI - isAdmin: s => - String(s.user?.role_code || '').toLowerCase() === 'admin' + isAdmin: s => { + const fromUser = roleCodeFromUser(s.user) + if (fromUser) return fromUser === 'admin' + + const payload = decodeJwtPayload(s.token) + return normalizeRoleCode(payload?.role_code) === 'admin' + } }, actions: { @@ -39,7 +78,15 @@ export const useAuthStore = defineStore('auth', { ========================================================= */ setSession ({ token, user }) { this.token = token - this.user = user ?? null + if (user) { + // Keep prior role fields if backend returns partial user payload. + this.user = { + ...(this.user || {}), + ...user + } + } else { + this.user = null + } this.forcePasswordChange = !!user?.force_password_change localStorage.setItem('token', token)