groombook/web
13
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(GRO-2513): gate Settings nav+route to manager/super-user, eliminate groomer 403 #82

Merged
Flea Flicker merged 1 commits from feature/gro-2513-settings-role-gate into dev 2026-06-25 01:58:13 +00:00
Conversation 0 Commits 1 Files Changed 3
+85 -47
Lint Roller commented 2026-06-25 01:56:41 +00:00
Member
Copy Link
Copy Source

Summary

Gates the Settings surface in the staff admin console to manager/super-user roles only, eliminating the groomer/receptionist 403.

Root cause: NAV_LINKS in App.tsx rendered Settings unconditionally for all staff roles, and Settings.tsx fired GET /api/admin/settings on mount without any role check. The backend requireRoleOrSuperUser("manager") guard was correct — the web layer was calling it for the wrong roles.

Changes:

  • src/App.tsxAdminLayout fetches /api/staff/me on mount; Settings tab only rendered when role=manager || isSuperUser (fail-closed while loading); /admin/settings route redirects non-managers to /admin
  • src/pages/Settings.tsx — replaced two parallel-fire useEffects with a single sequential flow: user role fetched first, then /api/admin/settings only for managers/super-users, /api/admin/auth-provider only for super-users
  • UAT_PLAYBOOK.md — updated §5.14 with 8 role-path test cases (TC-WEB-5.14.1–8)

Out of scope: no backend changes; no CORS/auth/session/OOBE changes.

Test plan

  • Manager: Settings tab visible in nav; /api/admin/settings → 200; no 403 anywhere in network
  • Super-user: Settings tab visible + auth-provider section shown
  • Groomer: Settings tab absent; navigating directly to /admin/settings redirects to /admin; zero 403s in network panel
  • Shared endpoints (/api/appointments, /api/clients, /api/staff) → 200 for all roles
  • TypeScript: tsc --noEmit passes (✓ verified locally)

Updated UAT_PLAYBOOK.md §5.14 — new role-gated Settings test cases (TC-WEB-5.14.1–8).

🤖 Generated with Claude Code

## Summary Gates the Settings surface in the staff admin console to manager/super-user roles only, eliminating the groomer/receptionist 403. **Root cause:** `NAV_LINKS` in `App.tsx` rendered Settings unconditionally for all staff roles, and `Settings.tsx` fired `GET /api/admin/settings` on mount without any role check. The backend `requireRoleOrSuperUser("manager")` guard was correct — the web layer was calling it for the wrong roles. **Changes:** - `src/App.tsx` — `AdminLayout` fetches `/api/staff/me` on mount; Settings tab only rendered when `role=manager || isSuperUser` (fail-closed while loading); `/admin/settings` route redirects non-managers to `/admin` - `src/pages/Settings.tsx` — replaced two parallel-fire `useEffect`s with a single sequential flow: user role fetched first, then `/api/admin/settings` only for managers/super-users, `/api/admin/auth-provider` only for super-users - `UAT_PLAYBOOK.md` — updated §5.14 with 8 role-path test cases (TC-WEB-5.14.1–8) **Out of scope:** no backend changes; no CORS/auth/session/OOBE changes. ## Test plan - [ ] Manager: Settings tab visible in nav; `/api/admin/settings` → 200; no 403 anywhere in network - [ ] Super-user: Settings tab visible + auth-provider section shown - [ ] Groomer: Settings tab absent; navigating directly to `/admin/settings` redirects to `/admin`; zero 403s in network panel - [ ] Shared endpoints (`/api/appointments`, `/api/clients`, `/api/staff`) → 200 for all roles - [ ] TypeScript: `tsc --noEmit` passes (✓ verified locally) Updated UAT_PLAYBOOK.md §5.14 — new role-gated Settings test cases (TC-WEB-5.14.1–8). 🤖 Generated with [Claude Code](https://claude.com/claude-code)
Lint Roller added 1 commit 2026-06-25 01:56:42 +00:00
feat(GRO-2513): gate Settings nav+route to manager/super-user, eliminate groomer 403
CI / Test (pull_request) Successful in 22s
Details
CI / Lint & Typecheck (pull_request) Successful in 30s
Details
CI / Build & Push Docker Image (pull_request) Successful in 46s
Details
c7b96eebc4 
- App.tsx AdminLayout: fetch /api/staff/me on mount, filter NAV_LINKS so
  Settings only appears for role=manager or isSuperUser (fail-closed while
  loading). Guard /admin/settings route to redirect non-managers to /admin.
- Settings.tsx: replace parallel-fire useEffects with a single sequential
  flow — fetch /api/staff/me first, then only call /api/admin/settings for
  managers/super-users and /api/admin/auth-provider for super-users only.
  Groomers/receptionists never trigger the 403.
- UAT_PLAYBOOK.md §5.14: updated with role-gated test cases (TC-WEB-5.14.1–8)
  covering manager-sees-tab, groomer-no-tab, direct-URL redirect, zero-403,
  and shared-endpoint regression.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
Flea Flicker merged commit 2ce7966fe9 into dev 2026-06-25 01:58:13 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/web#82
Delete Branch "feature/gro-2513-settings-role-gate"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?