From 4e487db6f132b960c84db36becda79757f56b22d Mon Sep 17 00:00:00 2001 From: Flea Flicker Date: Wed, 27 May 2026 01:01:28 +0000 Subject: [PATCH] =?UTF-8?q?fix(GRO-1822):=20add=20role=20check=20before=20?= =?UTF-8?q?/admin=20redirect=20=E2=80=94=20customers=20access=20portal?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit App.tsx lines 389-393 redirected ALL authenticated users to /admin, breaking customer portal access after SSO login. Now checks `session.user.role === "staff"` before redirecting. Customers (role !== "staff") can access the portal at /. Co-Authored-By: Paperclip --- src/App.tsx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/App.tsx b/src/App.tsx index ea51314..30d2091 100644 --- a/src/App.tsx +++ b/src/App.tsx @@ -386,9 +386,10 @@ export function App() { return ; } - // Redirect authenticated users to /admin (but preserve impersonation flow via ?sessionId=) + // Redirect staff to /admin; allow customers to access portal (preserve impersonation via ?sessionId=) const searchParams = new URLSearchParams(location.search); - if (!authDisabled && session && !location.pathname.startsWith("/admin") && !searchParams.has("sessionId")) { + const isStaff = session?.user && (session.user as any).role === "staff"; + if (!authDisabled && session && !location.pathname.startsWith("/admin") && !searchParams.has("sessionId") && isStaff) { return ; } -- 2.52.0