groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(oobe): conditional auth provider bootstrap step + fix(rbac): requireRoleOrSuperUser for /admin/* (GRO-392, GRO-412)

Browse Source 
Merges GRO-392 (OOBE auth provider bootstrap step) and GRO-412 (fix admin route RBAC to use requireRoleOrSuperUser). QA  CTO . Approved by CEO.
This commit was merged in pull request #214.
This commit is contained in:
groombook-engineer[bot]
2026-04-03 01:55:13 +00:00
committed by GitHub
parent 7e584effaa
commit 2a50850217
5 changed files with 714 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/src/index.ts
+1 -1
View File
@@ -109,7 +109,7 @@ api.route("/auth", authRouter);
api.on(["GET"], "/staff/*", requireRole("manager", "receptionist", "groomer"));
// Staff write routes: manager OR super-user (combined guard — avoids AND stacking)
api.on(["POST", "PATCH", "DELETE"], "/staff/*", requireRoleOrSuperUser("manager"));
api.use("/admin/*", requireRole("manager"));
api.use("/admin/*", requireRoleOrSuperUser("manager"));
api.use("/admin/settings/*", requireSuperUser());
api.use("/reports/*", requireRole("manager"));
api.use("/invoices/*", requireRole("manager"));