feat(GRO-2513): gate Settings nav+route to manager/super-user, eliminate groomer 403 (#82)

feat(GRO-2513): gate Settings nav+route to manager/super-user, eliminate groomer 403 Co-Authored-By: Paperclip <noreply@paperclip.ing> Co-authored-by: Lint Roller <23+gb_lint@noreply.git.farh.net> Co-committed-by: Lint Roller <23+gb_lint@noreply.git.farh.net>
2026-06-25 01:58:13 +00:00
parent ddc4e3e052
commit 2ce7966fe9
3 changed files with 85 additions and 47 deletions
@@ -187,6 +187,17 @@ function AdminLayout() {
  const location = useLocation();
  const navigate = useNavigate();
  const { branding } = useBranding();
+  const [staffUser, setStaffUser] = useState<{ role: string; isSuperUser: boolean } | null>(null);
+
+  useEffect(() => {
+    fetch("/api/staff/me")
+      .then((r) => r.json())
+      .then((u) => setStaffUser({ role: u.role, isSuperUser: !!u.isSuperUser }))
+      .catch(() => setStaffUser({ role: "", isSuperUser: false }));
+  }, []);
+
+  const canSettings = staffUser !== null && (staffUser.role === "manager" || staffUser.isSuperUser);
+  const visibleNavLinks = NAV_LINKS.filter(({ to }) => to !== "/admin/settings" || canSettings);

  const logoSrc = branding.logoBase64 && branding.logoMimeType
    ? `data:${branding.logoMimeType};base64,${branding.logoBase64}`
@@ -251,7 +262,7 @@ function AdminLayout() {
          >
            Book
          </Link>
-          {NAV_LINKS.map(({ to, label }) => {
+          {visibleNavLinks.map(({ to, label }) => {
            const active =
              to === "/admin"
                ? location.pathname === "/admin"
@@ -308,7 +319,13 @@ function AdminLayout() {
          <Route path="/group-bookings" element={<GroupBookingPage />} />
          <Route path="/routes" element={<RoutesPage />} />
          <Route path="/reports" element={<ReportsPage />} />
-          <Route path="/settings" element={<SettingsPage />} />
+          <Route path="/settings" element={
+            staffUser === null
+              ? null
+              : canSettings
+                ? <SettingsPage />
+                : <Navigate to="/admin" replace />
+          } />
        </Routes>
      </main>
    </div>