feat: refactor role-based gating to database-driven CASL permissions & fix score-sheet layout access#90
Merged
Merged
Conversation
…efactor API URL management
…rations, and add admin settings pages
…ror handling, and update faculty detail view
…tching logic, and enhance score sheet layout
…ultyView component
…sion management system
…heets, faculty details, and 3D campus mapping
… associated services, controllers, and UI pages
…ard infrastructure
- Created `auth.contract.d.ts` and `auth.contract.js` to define API contracts for login and signup. - Added Zod schemas for request and response validation in `erp.js`. - Introduced `index.d.ts` and `index.js` to export the authentication contract. - Implemented shared types for user roles and dashboard statistics in `types/index.d.ts` and `types/index.js`. - Configured TypeScript settings in `tsconfig.json` for the shared directory.
…esolution, layout providers, and state management hooks.
- Created manifest.json to track cached files. - Added meta.json for build metadata including hash and duration. - Included tar.zst file containing compressed build output.
- Implemented AcademicCalendarModule with service and controller. - Created CreateAcademicCalendarEventDto and UpdateAcademicCalendarEventDto for event creation and updates. - Added ParsePdfDto for handling PDF uploads. - Developed service methods for CRUD operations on academic calendar events. - Introduced admin interface for managing academic calendar events, including PDF upload and event review. - Implemented InteractiveCalendar component for displaying events with filtering options. - Added EventDetailModal for viewing and editing event details. - Created utility functions for event categorization and labeling.
- Updated event colors in calendar-utils.ts for better visibility and consistency. - Enhanced Sidebar component to allow dynamic resizing, saving the width in local storage. - Introduced new server scripts for database exploration and checking academic calendar events. - Added seeding script for academic calendar with detailed events for the academic year. - Created temporary check_db script for quick database checks.
…il modal accessibility
…ents - Added a button to create events directly from the Daily Brief section. - Updated the calendar header and filters for better accessibility and usability. - Improved styling for calendar events and filters, including color adjustments. - Enhanced the event display with additional information and improved layout. - Refactored event color utilities for consistency and better readability.
…upport, and layout components
…d faculty components
… and form handling
…ceManager and StudentAttendance components
…nd Docker infrastructure for improved server-side state management
…agement, and real-time UI components
…UI components for chat interactions
… UI integration, and resizable layout
… for student grades, attendance, and scheduling.
…s, types, and schemas
…tool-calling loop
… tool services for chat functionality
…nd backend integration
… PDF parsing and bulk event import
…ement features and add supporting pages for examinations, noticeboard, and hostel issues.
…on and camera fly-to logic
…res, and backend seeding utilities
# Conflicts: # apps/frontend/src/app/(protected)/admin/academic-calendar/page.tsx # apps/frontend/src/app/(protected)/admin/canteen/page.tsx # apps/frontend/src/app/(protected)/admin/hostel/page.tsx # apps/frontend/src/app/(protected)/hostel-issues/page.tsx # packages/api/src/axios-instance.ts
… management and noticeboard client features
| export default function FinancePage() { | ||
| const { permissions, loading: permLoading } = usePermissions(); | ||
| const _isAdmin = (permissions as any)?.isAdmin || (permissions as any)?.role === 'college_admin'; | ||
| const { user, loading: authLoading, ability } = useAuth(); |
| const canScheduleExtraClass = userRole === "faculty"; | ||
| const { user, loading: authLoading, ability } = useAuth(); | ||
| const isFaculty = user?.role === "faculty"; | ||
| const isCollegeAdmin = user?.role === "college_admin"; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
1. Summary of Contribution
This contribution performs a comprehensive auditing and refactoring of frontend features that used legacy/hardcoded role checks (
user.role === '...',isStudent,isAdmin) to use database-driven CASL permissions viaability.can(). This aligns client-side authorization directly with the database-seeded roles and permissions.Key Refactorings & Fixes:
/score-sheetlayout whitelisted['college_admin', 'faculty']but redirected non-students to/dashboard. Refactored layout, sidebar, and page gating to useread/createpermissions onCgpaEntry, making the CGPA calculator accessible to students.create/update/deletepermissions onTimetable. Updatedseed-permissions.tsto grant thefacultyrole write permissions onTimetable, allowing them to successfully schedule extra classes.manage:NightCanteenItem(seeded for faculty) ormanage:all, resolving access permissions for dining management.Course,Enrollment,Grade,Room,FacultyBio,User,Department,Examination).FeeRecordCASL capabilities.2. Type of Contribution
Please select the type of contribution by marking with an [x]:
3. Verification Checklist
Please verify that your contribution meets the repository guidelines:
pnpm run lintorturbo run lint) and builds successfully.shared/directory for any new data inputs.any.docs/orapps/docs/directories.4. Performance & Impact
5. Additional Context and Documentation
pnpm --filter pec-frontend build.