SGAOperations · wongcolin45 · Mar 28, 2026 · Mar 28, 2026 · Mar 28, 2026 · Mar 29, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,6 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       DATABASE_URL: ${{ secrets.DATABASE_URL_TEST }}
+      DIRECT_URL: ${{ secrets.DATABASE_URL_TEST }}
       NODE_ENV: test
     steps:
       - name: Checkout repository
@@ -30,7 +31,11 @@ jobs:
       - name: Generate Prisma Client
         working-directory: attendance-manager
         run: npx prisma generate
-
+
+      - name: Run Migrations
+        working-directory: attendance-manager
+        run: npx prisma migrate deploy
+
       - name: Lint
         working-directory: attendance-manager
         run: npm run lint

diff --git a/...e-manager/prisma/migrations/20260328000000_add_role_type_and_voting_to_user/migration.sql b/...e-manager/prisma/migrations/20260328000000_add_role_type_and_voting_to_user/migration.sql
@@ -0,0 +1,4 @@
+-- Add new RoleType enum values only
+ALTER TYPE "RoleType" ADD VALUE IF NOT EXISTS 'SUPER_ADMIN';
+ALTER TYPE "RoleType" ADD VALUE IF NOT EXISTS 'ADMIN';
+ALTER TYPE "RoleType" ADD VALUE IF NOT EXISTS 'SENATOR';
diff --git a/attendance-manager/prisma/migrations/20260328000001_add_role_type_column/migration.sql b/attendance-manager/prisma/migrations/20260328000001_add_role_type_column/migration.sql
@@ -0,0 +1,16 @@
+-- Add roleType column with default MEMBER
+ALTER TABLE "User" ADD COLUMN "roleType" "RoleType" NOT NULL DEFAULT 'MEMBER';
+
+-- Add isVotingMember column with default false
+ALTER TABLE "User" ADD COLUMN "isVotingMember" BOOLEAN NOT NULL DEFAULT false;
+
+-- Backfill roleType from existing Role table
+UPDATE "User" u
+SET "roleType" = r."roleType"
+FROM "Role" r
+WHERE u."roleId" = r."roleId";
+
+-- Backfill isVotingMember: true for MEMBER role users
+UPDATE "User"
+SET "isVotingMember" = true
+WHERE "roleType" = 'MEMBER';
diff --git a/attendance-manager/prisma/migrations/20260401000000_remove_none_role_type/migration.sql b/attendance-manager/prisma/migrations/20260401000000_remove_none_role_type/migration.sql
@@ -0,0 +1,3 @@
+-- Convert any NONE role types to MEMBER
+UPDATE "User" SET "roleType" = 'MEMBER' WHERE "roleType"::text = 'NONE';
+UPDATE "Role" SET "roleType" = 'MEMBER' WHERE "roleType"::text = 'NONE';
diff --git a/...ance-manager/prisma/migrations/20260407000000_drop_none_from_role_type_enum/migration.sql b/...ance-manager/prisma/migrations/20260407000000_drop_none_from_role_type_enum/migration.sql
@@ -0,0 +1,21 @@
+-- Convert any remaining NONE role types to MEMBER
+UPDATE "User" SET "roleType" = 'MEMBER' WHERE "roleType"::text = 'NONE';
+UPDATE "Role" SET "roleType" = 'MEMBER' WHERE "roleType"::text = 'NONE';
+
+-- Recreate the RoleType enum without NONE
+-- Drop column defaults that reference the enum first
+ALTER TABLE "User" ALTER COLUMN "roleType" DROP DEFAULT;
+
+-- Create new enum without NONE
+CREATE TYPE "RoleType_new" AS ENUM ('SUPER_ADMIN', 'ADMIN', 'SENATOR', 'EBOARD', 'MEMBER');
+
+-- Migrate columns to new enum type
+ALTER TABLE "User" ALTER COLUMN "roleType" TYPE "RoleType_new" USING "roleType"::text::"RoleType_new";
+ALTER TABLE "Role" ALTER COLUMN "roleType" TYPE "RoleType_new" USING "roleType"::text::"RoleType_new";
+
+-- Drop old type and rename
+DROP TYPE "RoleType";
+ALTER TYPE "RoleType_new" RENAME TO "RoleType";
+
+-- Restore default
+ALTER TABLE "User" ALTER COLUMN "roleType" SET DEFAULT 'MEMBER';
diff --git a/attendance-manager/prisma/schema.prisma b/attendance-manager/prisma/schema.prisma
@@ -23,6 +23,8 @@ model User {
   firstName  String
   lastName   String
   roleId     String
+  roleType       RoleType     @default(MEMBER)
+  isVotingMember Boolean      @default(false)
   password   String?  // Optional - Supabase handles authentication
   attendance Attendance[]
   role       Role         @relation(fields: [roleId], references: [roleId])
@@ -96,6 +98,9 @@ model VotingRecord {
 }
 
 enum RoleType {
+  SUPER_ADMIN
+  ADMIN
+  SENATOR
   EBOARD
   MEMBER
 }

diff --git a/attendance-manager/src/app/api/attendance/[attendanceId]/route.ts b/attendance-manager/src/app/api/attendance/[attendanceId]/route.ts
@@ -1,5 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { AttendanceController } from '../../../../attendance/attendance.controller';
+import { requireAuth } from '@/utils/api-auth';
+import { checkCanManageAttendance } from '@/utils/permissions';
 
 /**
  * Updates an Attendance
@@ -12,6 +14,11 @@ export async function PATCH(
   req: NextRequest,
   { params }: { params: Promise<{ attendanceId: string }> },
 ) {
+  const { user, error } = await requireAuth();
+  if (error) return error;
+  if (!checkCanManageAttendance(user.roleType)) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
   try {
     const { attendanceId } = await params;
     const data = await req.json();
@@ -38,6 +45,11 @@ export async function DELETE(
   req: NextRequest,
   { params }: { params: Promise<{ attendanceId: string }> },
 ) {
+  const { user, error } = await requireAuth();
+  if (error) return error;
+  if (!checkCanManageAttendance(user.roleType)) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
   try {
     const { attendanceId } = await params; // Await params
     await AttendanceController.deleteAttendance(attendanceId);

diff --git a/attendance-manager/src/app/api/auth/signup/route.ts b/attendance-manager/src/app/api/auth/signup/route.ts
@@ -74,6 +74,7 @@ export async function POST(request: Request) {
           lastName,
           nuid,
           roleId: finalRoleId,
+          roleType: RoleType.MEMBER,
           password: undefined, // Optional - Supabase handles authentication
         },
         include: {

diff --git a/attendance-manager/src/app/api/meeting/[id]/route.ts b/attendance-manager/src/app/api/meeting/[id]/route.ts
@@ -1,4 +1,10 @@
+import { NextResponse } from 'next/server';
 import { MeetingController } from '@/meeting/meeting.controller';
+import { requireAuth } from '@/utils/api-auth';
+import {
+  checkCanEditMeetings,
+  checkCanManageMeetings,
+} from '@/utils/permissions';
 
 export async function GET(
   request: Request,
@@ -12,6 +18,11 @@ export async function PUT(
   request: Request,
   { params }: { params: Promise<{ id: string }> },
 ) {
+  const { user, error } = await requireAuth();
+  if (error) return error;
+  if (!checkCanEditMeetings(user.roleType)) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
   const { id } = await params;
   return MeetingController.updateMeeting(request, { meetingId: id });
 }
@@ -20,6 +31,11 @@ export async function DELETE(
   request: Request,
   { params }: { params: Promise<{ id: string }> },
 ) {
+  const { user, error } = await requireAuth();
+  if (error) return error;
+  if (!checkCanManageMeetings(user.roleType)) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
   const { id } = await params;
   return MeetingController.deleteMeeting({ meetingId: id });
 }
diff --git a/attendance-manager/src/app/api/meeting/route.ts b/attendance-manager/src/app/api/meeting/route.ts
@@ -1,4 +1,7 @@
+import { NextResponse } from 'next/server';
 import { MeetingController } from '@/meeting/meeting.controller';
+import { requireAuth } from '@/utils/api-auth';
+import { checkCanManageMeetings } from '@/utils/permissions';
 /**
  * @swagger
  * /api/users:
@@ -25,5 +28,10 @@ export async function GET() {
  *         description: Missing required fields.
  */
 export async function POST(request: Request) {
+  const { user, error } = await requireAuth();
+  if (error) return error;
+  if (!checkCanManageMeetings(user.roleType)) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
   return MeetingController.createMeeting(request);
 }