feat(bookings): restrict management to assigned PIC or super admin

Secure API endpoints with requireBookingManager authorization check Update confirmation page to prompt for login if unauthorized Add safe redirect handling to login and guest middleware
2026-05-09 13:28:50 +08:00
parent a56a6706b0
commit cb683d6b3d
11 changed files with 102 additions and 13 deletions
--- a/app/composables/useLocale.ts
+++ b/app/composables/useLocale.ts
@@ -109,6 +109,8 @@ const messages = {
    'confirm.alreadyPendingDescription': 'This booking was already pending confirmation.',
    'confirm.cancelledDescription': 'The booking has been returned to pending status.',
    'confirm.cancelFailed': 'Cancellation failed',
+    'confirm.signInToManage': 'Sign in to manage this booking',
+    'confirm.managementRestricted': 'Only the assigned PIC or Super Admin can manage this booking.',
    'receipt.badge': 'Ticket Receipt',
    'receipt.mainQr': 'Main QR',
    'receipt.seatList': 'Seat List',
@@ -277,6 +279,8 @@ const messages = {
    'confirm.alreadyPendingDescription': '此预订已经处于待确认状态。',
    'confirm.cancelledDescription': '预订已回到待确认状态。',
    'confirm.cancelFailed': '取消失败',
+    'confirm.signInToManage': '登录以管理此预订',
+    'confirm.managementRestricted': '只有指定负责人或 Super Admin 可以管理此预订。',
    'receipt.badge': '票券收据',
    'receipt.mainQr': '主二维码',
    'receipt.seatList': '座位列表',