feat(access): strict allowlist + add groups by search

* UnifiPageGrant::userCanAccess no longer falls back to "open" when a page has no grants saved. Pages now require an explicit grant for every non-super-admin user — either a direct user grant or via a group they belong to. Matches the new dashboard-wide access model. * Route enforcement returns 404 (was 403) so ungranted users can't even confirm the page exists. * New /settings/pages-access/groups/search endpoint mirrors the user typeahead. Groups are no longer all listed by default — only super-admin groups (locked-on) and groups with at least one existing grant show up in the matrix. Operators add more via search. v1.7.1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 19:59:28 -04:00
parent f953fde2be
commit f5848907f5
5 changed files with 45 additions and 10 deletions
--- a/composer.json
+++ b/composer.json
@@ -1,7 +1,7 @@
 {
    "name": "dashboard/unifi",
    "description": "UniFi network management, WiFi stats, and captive portal authentication for the Dashboard platform",
-    "version": "1.7.0",
+    "version": "1.7.1",
    "type": "library",
    "license": "MIT",
    "autoload": {