Merge main into feat/gro-395-demo-assets
Resolve conflict in settings.ts: keep S3 logo migration imports. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
groombook-engineer[bot]
@@ -395,11 +395,11 @@ jobs:
|
||||
|
||||
git push -u origin "chore/update-image-tags-${TAG}"
|
||||
|
||||
# Create PR with auto-merge
|
||||
# Create PR and merge immediately (no required checks on groombook/infra)
|
||||
PR_URL=$(gh pr create \
|
||||
--repo groombook/infra \
|
||||
--base main \
|
||||
--head "chore/update-image-tags-${TAG}" \
|
||||
--title "chore: deploy ${TAG} to dev" \
|
||||
--body "[GRO-178](/GRO/issues/GRO-178) — automated image tag update from main merge")
|
||||
gh pr merge "$PR_URL" --auto --merge
|
||||
gh pr merge "$PR_URL" --merge
|
||||
|
||||
@@ -25,6 +25,7 @@ const RECEPTIONIST: StaffRow = {
|
||||
oidcSub: "oidc-receptionist-sub",
|
||||
userId: "ba-user-receptionist",
|
||||
role: "receptionist",
|
||||
isSuperUser: false,
|
||||
name: "Receptionist Rita",
|
||||
email: "receptionist@example.com",
|
||||
};
|
||||
@@ -35,6 +36,7 @@ const GROOMER: StaffRow = {
|
||||
oidcSub: "oidc-groomer-sub",
|
||||
userId: "ba-user-groomer",
|
||||
role: "groomer",
|
||||
isSuperUser: false,
|
||||
name: "Groomer Gary",
|
||||
email: "groomer@example.com",
|
||||
};
|
||||
@@ -122,7 +124,7 @@ function buildWithStaff(
|
||||
|
||||
// ─── Import middleware ────────────────────────────────────────────────────────
|
||||
|
||||
const { resolveStaffMiddleware, requireRole } = await import(
|
||||
const { resolveStaffMiddleware, requireRole, requireSuperUser } = await import(
|
||||
"../middleware/rbac.js"
|
||||
);
|
||||
|
||||
@@ -253,3 +255,74 @@ describe("requireRole", () => {
|
||||
expect(contentType).toContain("application/json");
|
||||
});
|
||||
});
|
||||
|
||||
// ─── requireSuperUser tests ─────────────────────────────────────────────────
|
||||
|
||||
describe("requireSuperUser", () => {
|
||||
it("allows access when staff is a super user", async () => {
|
||||
const app = buildWithStaff(MANAGER, requireSuperUser());
|
||||
const res = await app.request("/test");
|
||||
expect(res.status).toBe(200);
|
||||
});
|
||||
|
||||
it("allows access when manager is also a super user", async () => {
|
||||
// MANAGER has isSuperUser: true
|
||||
const app = buildWithStaff(MANAGER, requireSuperUser());
|
||||
const res = await app.request("/test");
|
||||
expect(res.status).toBe(200);
|
||||
});
|
||||
|
||||
it("returns 403 for a non-super-user receptionist", async () => {
|
||||
// RECEPTIONIST has isSuperUser: false
|
||||
const app = buildWithStaff(RECEPTIONIST, requireSuperUser());
|
||||
const res = await app.request("/test");
|
||||
expect(res.status).toBe(403);
|
||||
const body = await res.json();
|
||||
expect(body.error).toMatch(/super user privileges required/i);
|
||||
});
|
||||
|
||||
it("returns 403 for a non-super-user groomer", async () => {
|
||||
// GROOMER has isSuperUser: false
|
||||
const app = buildWithStaff(GROOMER, requireSuperUser());
|
||||
const res = await app.request("/test");
|
||||
expect(res.status).toBe(403);
|
||||
});
|
||||
|
||||
it("returns 403 when staff record is not resolved", async () => {
|
||||
// Manually remove staff from context to simulate unresolved staff
|
||||
const testApp = new Hono<AppEnv>();
|
||||
testApp.use("*", async (c, next) => {
|
||||
c.set("jwtPayload", { sub: "test-sub" });
|
||||
// Do NOT set staff - simulate unresolved staff
|
||||
await next();
|
||||
});
|
||||
testApp.use("*", requireSuperUser());
|
||||
testApp.get("/test", (c) => c.json({ ok: true }));
|
||||
const res = await testApp.request("/test");
|
||||
expect(res.status).toBe(403);
|
||||
const body = await res.json();
|
||||
expect(body.error).toMatch(/staff record not resolved/i);
|
||||
});
|
||||
|
||||
it("receptionist cannot grant super user status on staff PATCH", async () => {
|
||||
// This tests the inline guard in staff.ts handler, not the middleware itself,
|
||||
// but we test requireSuperUser to verify the middleware correctly blocks
|
||||
const app = buildWithStaff(RECEPTIONIST, requireSuperUser());
|
||||
const res = await app.request("/test", {
|
||||
method: "PATCH",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ isSuperUser: true }),
|
||||
});
|
||||
expect(res.status).toBe(403);
|
||||
const body = await res.json();
|
||||
expect(body.error).toMatch(/super user privileges required/i);
|
||||
});
|
||||
|
||||
it("returns 403 with JSON body for super user violation", async () => {
|
||||
const app = buildWithStaff(RECEPTIONIST, requireSuperUser());
|
||||
const res = await app.request("/test");
|
||||
expect(res.status).toBe(403);
|
||||
const contentType = res.headers.get("content-type") ?? "";
|
||||
expect(contentType).toContain("application/json");
|
||||
});
|
||||
});
|
||||
|
||||
@@ -42,7 +42,7 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
|
||||
if (!manager) {
|
||||
return c.json({ error: "Forbidden: no staff records found" }, 403);
|
||||
}
|
||||
c.set("staff", { ...manager, isSuperUser: true });
|
||||
c.set("staff", { ...manager, isSuperUser: manager.isSuperUser ?? false });
|
||||
await next();
|
||||
return;
|
||||
}
|
||||
@@ -52,7 +52,7 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
|
||||
.from(staff)
|
||||
.where(eq(staff.userId, devUserId));
|
||||
if (row) {
|
||||
c.set("staff", { ...row, isSuperUser: true });
|
||||
c.set("staff", { ...row, isSuperUser: row.isSuperUser ?? false });
|
||||
await next();
|
||||
return;
|
||||
}
|
||||
@@ -68,7 +68,7 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
|
||||
403
|
||||
);
|
||||
}
|
||||
c.set("staff", { ...fallbackRow, isSuperUser: true });
|
||||
c.set("staff", { ...fallbackRow, isSuperUser: fallbackRow.isSuperUser ?? false });
|
||||
await next();
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@ import { zValidator } from "@hono/zod-validator";
|
||||
import { z } from "zod/v3";
|
||||
import { eq, getDb, businessSettings } from "@groombook/db";
|
||||
import { getPresignedUploadUrl, getPresignedGetUrl, deleteObject } from "../lib/s3.js";
|
||||
import { requireSuperUser } from "../middleware/rbac.js";
|
||||
|
||||
export const settingsRouter = new Hono();
|
||||
|
||||
@@ -29,6 +30,7 @@ const updateSettingsSchema = z.object({
|
||||
// PATCH /api/admin/settings — update business settings
|
||||
settingsRouter.patch(
|
||||
"/",
|
||||
requireSuperUser(),
|
||||
zValidator("json", updateSettingsSchema),
|
||||
async (c) => {
|
||||
const db = getDb();
|
||||
|
||||
@@ -262,6 +262,9 @@ export function App() {
|
||||
return <Navigate to="/setup" replace />;
|
||||
}
|
||||
|
||||
// Don't render portal chrome at /login — DevLoginSelector is shown instead
|
||||
const showCustomerPortal = !location.pathname.startsWith("/admin") && location.pathname !== "/login";
|
||||
|
||||
return (
|
||||
<BrandingProvider>
|
||||
{location.pathname.startsWith("/admin") ? (
|
||||
@@ -271,12 +274,12 @@ export function App() {
|
||||
</Routes>
|
||||
{authDisabled && <DevSessionIndicator />}
|
||||
</>
|
||||
) : (
|
||||
) : showCustomerPortal ? (
|
||||
<>
|
||||
<CustomerPortal />
|
||||
{authDisabled && <DevSessionIndicator />}
|
||||
</>
|
||||
)}
|
||||
) : null}
|
||||
</BrandingProvider>
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user