groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: allow groomer/receptionist roles to read staff records #151

Closed
groombook-engineer[bot] wants to merge 24 commits from fix/gro-162-groomer-staff-rbac into main
pull from: fix/gro-162-groomer-staff-rbac
merge into: groombook:main
Conversation 7 Commits 24 Files Changed 39
+18 -10
1 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 11be52a419 - Show all commits
apps/web/src/App.tsx
+18 -10
View File
@@ -17,6 +17,7 @@ import { DevLoginSelector, getDevUser } from "./pages/DevLoginSelector.js";
import { DevSessionIndicator } from "./components/DevSessionIndicator.js";
import { BrandingProvider, useBranding } from "./BrandingContext.js";
import { GlobalSearch } from "./components/GlobalSearch.js";
import { useSession, signIn } from "./lib/auth-client.js";
const NAV_LINKS = [
{ to: "/admin", label: "Appointments" },
@@ -133,6 +134,7 @@ function AdminLayout() {
export function App() {
const location = useLocation();
const [authDisabled, setAuthDisabled] = useState<boolean | null>(null);
const { data: session, isPending: sessionLoading } = useSession();
useEffect(() => {
fetch("/api/dev/config")
@@ -141,19 +143,11 @@ export function App() {
.catch(() => setAuthDisabled(false));
}, []);
// Show login selector page
if (location.pathname === "/login") {
// Show login selector page (only in development)
if (import.meta.env.DEV && location.pathname === "/login") {
return <DevLoginSelector />;
}
// While checking auth config, render nothing briefly
if (authDisabled === null) return null;
// If auth is disabled and no dev user is selected, redirect to login selector
if (authDisabled && !getDevUser() && location.pathname !== "/login") {
return <Navigate to="/login" replace />;
}
// Public booking redirect pages — no auth or portal chrome needed
if (location.pathname === "/booking/confirmed") {
return <BookingConfirmedPage />;
@@ -165,6 +159,20 @@ export function App() {
return <BookingErrorPage />;
}
// Still loading auth state
if (authDisabled === null || sessionLoading) return null;
// Dev mode: use dev login selector
if (authDisabled && !getDevUser() && location.pathname !== "/login") {
return <Navigate to="/login" replace />;
}
// Production mode: if no session, redirect to Authentik sign-in
if (!authDisabled && !session) {
signIn.social({ provider: "authentik" });
return null;
}
return (
<BrandingProvider>
{location.pathname.startsWith("/admin") ? (