feat(auth): Separate committee and admin roles and add wiki link for …

…committee
compsci-adl · Feb 6, 2025 · 3b36961 · 3b36961
1 parent 6ebcc44
commit 3b36961
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 4 deletions.
diff --git a/next-auth.d.ts b/next-auth.d.ts
@@ -9,6 +9,7 @@ declare module 'next-auth' {
             firstName?: string;
             lastName?: string;
             isCommittee?: boolean;
+            isAdmin?: boolean;
         };
     }
 }
diff --git a/src/app/admin/page.tsx b/src/app/admin/page.tsx
@@ -59,7 +59,7 @@ export type Member = {
 
 export default async function AdminPage({ searchParams }: { searchParams?: { page?: string } }) {
     const session = await auth();
-    if (!session?.user?.isCommittee) {
+    if (!session?.user?.isAdmin) {
         return notFound();
     }
 

diff --git a/src/app/api/payment/route.ts b/src/app/api/payment/route.ts
@@ -99,7 +99,7 @@ export async function PUT(request: Request) {
     });
 
     const session = await auth();
-    if (!session?.user?.isCommittee) {
+    if (!session?.user?.isAdmin) {
         return new Response(null, { status: 401 });
     }
 

diff --git a/src/auth.ts b/src/auth.ts
@@ -22,6 +22,7 @@ interface ExtendedSession extends Session {
         firstName?: string;
         lastName?: string;
         isCommittee?: boolean;
+        isAdmin?: boolean;
     };
 }
 
@@ -32,9 +33,12 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
         async jwt({ token, user, account, profile }) {
             if (account?.access_token) {
                 const decodedToken = decodeJwt<KeycloakToken>(account.access_token);
-                if (decodedToken?.realm_access?.roles?.includes('restricted-access')) {
+                if (decodedToken?.realm_access?.roles?.includes('committee')) {
                     token.isCommittee = true;
                 }
+                if (decodedToken?.realm_access?.roles?.includes('restricted-access')) {
+                    token.isAdmin = true;
+                }
             }
             if (user) {
                 token.email = user.email;
@@ -61,6 +65,9 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
                 (session.user as ExtendedSession['user']).isCommittee = token.isCommittee as
                     | boolean
                     | undefined;
+                (session.user as ExtendedSession['user']).isAdmin = token.isAdmin as
+                    | boolean
+                    | undefined;
             }
             return session;
         },

diff --git a/src/components/Header/components/Links.tsx b/src/components/Header/components/Links.tsx
@@ -22,6 +22,16 @@ export function MenuLinks({ data, onClick }: { data: HeaderData; onClick?: () =>
                     Settings
                 </Link>
             )}
+            {data.isCommittee && (
+                <Link
+                    href="https://wiki.csclub.org.au"
+                    target="_blank"
+                    className="block hover:underline"
+                    onClick={onClick}
+                >
+                    Wiki
+                </Link>
+            )}
             {data.isAdmin && (
                 <Link href="/admin" className="block hover:underline" onClick={onClick}>
                     Admin Panel

diff --git a/src/components/Header/index.tsx b/src/components/Header/index.tsx
@@ -38,9 +38,10 @@ const getHeaderData = async () => {
     return {
         isSignedIn: true as const,
         avatar: avatar,
-        isAdmin: session?.user
+        isCommittee: session?.user
             ? ((session.user.isCommittee as boolean | undefined) ?? false)
             : false,
+        isAdmin: session?.user ? ((session.user.isAdmin as boolean | undefined) ?? false) : false,
         nextStep,
         isMember: nextStep === null,
     };