Perform an audit of every web component available. Look in the /components directory and the /interfaces directory. Look at the relationship between auth and permissions, tpen-project-loaded, connectedCallback(), and render(). Look for CheckPermissions.
Identify which components properly implement a permissions check and which ones do not. Make a list of components that should be edited so that how and when permissions are checked, and the consequences for what is rendered, is consistent across all the components and interfaces. In some cases this will mean components will never render themselves because the user does not have sufficient permissions to use them.
For example, links out to interfaces should not be shown to users who do not have the minimum permission required to use those interfaces. A user with the VIEWER role would never be able to use /project/manage and so they should never see the thinks.
Perform an audit of every web component available. Look in the /components directory and the /interfaces directory. Look at the relationship between auth and permissions, tpen-project-loaded, connectedCallback(), and render(). Look for
CheckPermissions.Identify which components properly implement a permissions check and which ones do not. Make a list of components that should be edited so that how and when permissions are checked, and the consequences for what is rendered, is consistent across all the components and interfaces. In some cases this will mean components will never render themselves because the user does not have sufficient permissions to use them.