Fix: wildcard permissions (GM modules visible), Admin link and module card

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-22 14:49:27 +04:00
parent 842678674b
commit 6034f774ed
2 changed files with 30 additions and 12 deletions
--- a/frontend/src/app/dashboard/page.tsx
+++ b/frontend/src/app/dashboard/page.tsx
@@ -83,6 +83,16 @@ function DashboardContent() {
      href: '/marketing',
      description: 'الحملات التسويقية والعملاء المحتملين',
      permission: 'marketing'
+    },
+    {
+      id: 'admin',
+      name: 'لوحة الإدارة',
+      nameEn: 'Admin Panel',
+      icon: Shield,
+      color: 'bg-red-500',
+      href: '/admin',
+      description: 'إدارة المستخدمين والأدوار وسجل العمليات',
+      permission: 'admin'
    }
  ]

@@ -118,7 +128,7 @@ function DashboardContent() {
              </div>

              {/* Admin Panel Link - Only for admins */}
-              {user?.role?.name === 'المدير العام' && (
+              {(hasPermission('admin', 'view') || user?.role?.name === 'المدير العام' || user?.role?.nameEn === 'General Manager') && (
                <Link
                  href="/admin"
                  className="p-2 hover:bg-red-50 rounded-lg transition-colors relative group"
--- a/frontend/src/contexts/AuthContext.tsx
+++ b/frontend/src/contexts/AuthContext.tsx
@@ -59,18 +59,26 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
  }, [])

  // Transform backend permissions format to frontend format
+  // Backend uses actions: ['*'] or ['read','create',...] - wildcard grants all
  const transformPermissions = (permissions: any[]): Permission[] => {
-    return permissions.map(p => ({
-      id: p.id,
-      module: p.module,
-      actions: p.actions,
-      canView: p.actions?.includes('read') || false,
-      canCreate: p.actions?.includes('create') || false,
-      canEdit: p.actions?.includes('update') || false,
-      canDelete: p.actions?.includes('delete') || false,
-      canExport: p.actions?.includes('export') || false,
-      canApprove: p.actions?.includes('approve') || false,
-    }))
+    const hasWildcard = (actions: string[] | any) => {
+      const arr = Array.isArray(actions) ? actions : []
+      return arr.includes('*') || arr.includes('all')
+    }
+    return permissions.map(p => {
+      const wildcard = hasWildcard(p.actions)
+      return {
+        id: p.id,
+        module: p.module,
+        actions: p.actions,
+        canView: wildcard || p.actions?.includes('read') || false,
+        canCreate: wildcard || p.actions?.includes('create') || false,
+        canEdit: wildcard || p.actions?.includes('update') || false,
+        canDelete: wildcard || p.actions?.includes('delete') || false,
+        canExport: wildcard || p.actions?.includes('export') || false,
+        canApprove: wildcard || p.actions?.includes('approve') || false,
+      }
+    })
  }

  const fetchUserData = async (token: string) => {