groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(api): auto-link staff to Better-Auth user via email on first SSO login (GRO-480) #231

Merged
groombook-engineer[bot] merged 3 commits from fix/gro-478-auto-link-staff-user into main 2026-04-05 15:05:51 +00:00
Conversation 7 Commits 3 Files Changed 2
+21 -2

3 Commits

Author SHA1 Message Date
groombook-qa[bot] 9a3d8d1516 Merge branch 'main' into fix/gro-478-auto-link-staff-user 2026-04-05 14:59:21 +00:00
Flea Flicker e39924b236 fix(api): import isNull from @groombook/db instead of drizzle-orm directly 
drizzle-orm is not a direct dependency of @groombook/api, causing
TS2307 at typecheck time. Re-export isNull from @groombook/db and
update the import in rbac.ts.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-05 14:39:22 +00:00
Flea Flicker 711981e6f3 fix(api): auto-link staff to Better-Auth user via email on first SSO login (GRO-480) 
When a staff record exists with a matching email but no userId (e.g. seed data
or admin UI-created records), resolveStaffMiddleware now auto-links it to the
Better-Auth user record on first SSO login instead of returning 403.

Safety: only links when userId IS NULL, never overwrites an existing link.
Email matching is safe since it comes from the trusted SSO provider (Authentik).
Staff emails are unique by schema.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-05 14:30:25 +00:00