feat(repo): hide write UI for users without push access
Fetch the viewer's push permission via GET /repos/{owner}/{repo} when
entering a repo and gate every write affordance behind it: edit and
image-upload buttons in StackedNote, new-fleeting-note and YouTube
buttons in FleetingNotes, and interactive checkboxes in TodoNotes
(rendered disabled when read-only). Anonymous viewers get the same
treatment because the permissions field is absent without auth, which
collapses to canPush = false.
Previously every write button was visible regardless of role, so
read-role collaborators and anonymous viewers could enter edit mode and
type before the save failed with 401/403.
This commit is contained in:
@@ -100,6 +100,7 @@ useTitleNotes(repo)
|
||||
|
||||
const store = useUserRepoStore()
|
||||
const hasBacklinks = computed(() => store.userSettings?.backlink)
|
||||
const canPush = computed(() => store.canPush)
|
||||
|
||||
const { displayNoteOverlay } = useNoteOverlay(className.value, index)
|
||||
const displayedTitle = computed(() => filenameToNoteTitle(props.title ?? ""))
|
||||
@@ -303,7 +304,7 @@ const onBadgeClick = async () => {
|
||||
class="action"
|
||||
/>
|
||||
<button
|
||||
v-if="isMarkdown"
|
||||
v-if="isMarkdown && canPush"
|
||||
class="action button is-text is-light"
|
||||
:class="{ 'is-link': mode === 'edit' }"
|
||||
:style="mode === 'edit' ? 'color: var(--color-primary)' : ''"
|
||||
@@ -353,7 +354,7 @@ const onBadgeClick = async () => {
|
||||
</svg>
|
||||
</button>
|
||||
<button
|
||||
v-if="isMarkdown && mode === 'edit'"
|
||||
v-if="isMarkdown && mode === 'edit' && canPush"
|
||||
class="action button is-text is-light"
|
||||
:title="isUploading ? 'Uploading…' : 'Upload image'"
|
||||
:disabled="isUploading"
|
||||
|
||||
Reference in New Issue
Block a user