groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
fa18c41677648450f3c026be52f02869fb125869
app/apps
T
History
Flea Flicker fa18c41677 fix(api): exempt OOBE setup from staff middleware and auto-create staff (GRO-485) 
Exempt POST /api/setup from resolveStaffMiddleware so OOBE users (with no
pre-existing staff record) can complete the out-of-box experience without
getting blocked by the "no staff record found" 403 error.

Changes:
- rbac.ts: add /api/setup to path exemption alongside /api/auth/
- setup.ts POST /: add find-or-create logic that:
  - Looks up existing staff by userId from JWT
  - Auto-links legacy staff records by email if userId is null
  - Creates a new staff record if none exists (OOBE case)
  - Returns 400 if JWT has no email and no staff record found
- setup.test.ts: add regression tests for all scenarios

Fixes GRO-485 (OOBE regression introduced by GRO-480).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-05 19:37:23 +00:00
..
api
fix(api): exempt OOBE setup from staff middleware and auto-create staff (GRO-485)
2026-04-05 19:37:23 +00:00
e2e
fix(e2e): resolve remaining 2 E2E test failures
2026-04-02 15:48:21 +00:00
groombook/overlays/uat
fix(GRO-451): re-seal UAT secrets with correct cluster certificate
2026-04-04 12:27:23 +00:00
web
Merge remote-tracking branch 'origin/main' into feat/gro-392-oobe-auth-provider-bootstrap
2026-04-03 07:51:46 +00:00