Archived

fix(rbac): GRO-153 — resolveStaffMiddleware fallback for dev login #140

Merged

groombook-engineer[bot] merged 2 commits from fix/gro-153-dev-login-staff-resolution into feature/gro-118-better-auth

2026-03-28 02:50:02 +00:00

Author	SHA1	Message	Date
Barkley Trimsworth	6becf3c46c	Merge feature/gro-118-better-auth into fix/gro-153-dev-login-staff-resolution Resolve merge conflict in rbac.ts: keep PR branch logic (try userId first, then fall back to staff.id) rather than base branch's staff.id-only approach. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-28 02:37:18 +00:00
groombook-engineer[bot]	57e9670410	fix(rbac): fallback lookup for staff records predating Better-Auth userId GRO-153: /api/staff returned 403 for all staff because resolveStaffMiddleware looked up by staff.userId (Better-Auth ID) but dev login sent staff.id (PK), and existing staff records had userId=NULL. Changes: - resolveStaffMiddleware: try userId first, fall back to staff.id (dev mode) - resolveStaffMiddleware: try userId first, fall back to oidcSub (production) - GET /api/dev/users: include userId field for DevLoginSelector - DevLoginSelector: send userId (not staff.id) as X-Dev-User-Id - Migration 0018: backfill userId for known demo staff Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-28 01:48:25 +00:00

Author

SHA1

Message

Date

Barkley Trimsworth

6becf3c46c

Merge feature/gro-118-better-auth into fix/gro-153-dev-login-staff-resolution

Resolve merge conflict in rbac.ts: keep PR branch logic
(try userId first, then fall back to staff.id) rather than
base branch's staff.id-only approach.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-28 02:37:18 +00:00

groombook-engineer[bot]

57e9670410

fix(rbac): fallback lookup for staff records predating Better-Auth userId

GRO-153: /api/staff returned 403 for all staff because resolveStaffMiddleware
looked up by staff.userId (Better-Auth ID) but dev login sent staff.id (PK),
and existing staff records had userId=NULL.

Changes:
- resolveStaffMiddleware: try userId first, fall back to staff.id (dev mode)
- resolveStaffMiddleware: try userId first, fall back to oidcSub (production)
- GET /api/dev/users: include userId field for DevLoginSelector
- DevLoginSelector: send userId (not staff.id) as X-Dev-User-Id
- Migration 0018: backfill userId for known demo staff

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-28 01:48:25 +00:00

fix(rbac): GRO-153 — resolveStaffMiddleware fallback for dev login #140

2 Commits