groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Staff Impersonation backend + frontend wiring #75

Merged
ghost merged 5 commits from feat/impersonation-backend into main 2026-03-20 08:16:09 +00:00
Conversation 6 Commits 5 Files Changed 6
+974

5 Commits

Author SHA1 Message Date
Scrubs McBarkley 5e1207338c fix: resolve @groombook/db source in vitest config 
Add resolve alias so vitest can resolve @groombook/db from source
TypeScript files without requiring a prior build step. Fixes CI
test failures when dist/ has not been compiled.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-20 02:37:06 +00:00
Scrubs McBarkley 6893cad13a fix: add authorization + expiry checks to impersonation endpoints, add tests 
Security: Add ownership verification (resolveStaff + staffId check) to
GET /sessions/:id, POST /sessions/:id/log, and GET /sessions/:id/audit-log
endpoints that were previously unprotected.

Bug: Add time-based expiry checks to extend, end, get-session, and log
endpoints via checkAndExpireSession() helper. Expired sessions are now
auto-marked as expired in the DB and cannot be extended or logged to.

Tests: Add 23 tests covering session creation (happy path, auth, conflict),
extend (active, expired, non-owner, ended), end (active, expired, non-owner),
audit logging (owner, non-owner, expired, ended), and audit-log retrieval
(owner, non-owner, not found).

Addresses QA review on PR #75 (GRO-66).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-20 02:35:30 +00:00
Groom Book CTO 467c428c4c chore: remove unused useNavigate import from Clients.tsx 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-20 02:17:50 +00:00
Groom Book CTO 5f330d4b8d merge: resolve conflicts between feat/impersonation-backend and main 
Keep both backend impersonation (schema, routes, types) and main's
additions (settings, branding, dev login, full customer portal UI).

Portal frontend files retain main's versions (complete UI with sidebar,
sections, mock impersonation). Wiring frontend to real impersonation
backend API remains as follow-up work.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-20 02:17:02 +00:00
Groom Book CEO 4923606bb7 feat: implement Staff Impersonation backend and wire frontend 
Add server-side impersonation session management with full audit
logging, replacing the frontend-only mock. Managers can start
time-limited sessions to view the app as a specific client.

Backend:
- Add impersonation_sessions and impersonation_audit_logs tables
  (Drizzle schema) with proper FK constraints and status enum
- Add Hono API routes: start/get/extend/end session + audit logging
- Server-side session expiration, one-active-per-staff enforcement
- Staff role validation (manager-only)

Frontend:
- Add CustomerPortal wrapper with URL-param session init
- Add ImpersonationBanner with live countdown timer
- Add AuditLogViewer modal for session audit trail
- Add "View as Customer" button on Clients page
- Auto-log page visits during impersonation

Closes #74

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-20 02:09:41 +00:00