After adding require_admin to admin endpoints, tests using
unauthenticated client or auth_client got 401/403. Also fix mock user
ID to be a valid UUID (was "test-user-123", now a proper UUID4).
- Add admin_override and admin_client fixtures to conftest
- Update test_pokemon.py, test_games.py, test_genlocke_boss.py to use
admin_client for write operations on admin endpoints
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
If a previous test run was interrupted before teardown, PostgreSQL enum
types persist with stale values, causing create_all to fail. Adding
drop_all first ensures a clean slate.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The frontend needs to know if the current user is an admin so it can show/hide the Admin nav link and protect admin routes client-side.
Bean: nuzlocke-tracker-5svj
chore: Update beans
Navigation links now change based on authentication state:
- Logged out: Home, Runs, Genlockes, Stats
- Logged in: New Run, My Runs, Genlockes, Stats
- Admin: adds Admin link
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Wrap /runs/new and /genlockes/new with ProtectedRoute (requires login)
- Create AdminRoute component that checks isAdmin, redirects non-admins
with a toast notification
- Wrap all /admin/* routes with AdminRoute
- Deep-linking preserved: unauthenticated users redirect to login, then
back to the original protected route after auth
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add is_admin field to UserResponse schema and update AuthContext to
fetch user profile after login, storing and exposing isAdmin boolean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add require_admin FastAPI dependency that checks is_admin column on users
table. Apply it to all admin-facing write endpoints (games, pokemon,
evolutions, bosses, routes CRUD). Run-scoped endpoints remain protected
by require_auth only since they manage user's own data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add `is_admin` boolean column (default false) via Alembic migration
for role-based access control.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a guard script that blocks git commit/push on protected branches
(develop, main, master) via a PreToolUse hook. Update CLAUDE.md with
stricter branching rules: one commit per task, immediate commits on
feature branches, no direct commits to protected branches.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add user authentication with login/signup/protected routes, boss pokemon
detail fields and result team tracking, moves and abilities selector
components and API, run ownership and visibility controls, and various
UI improvements across encounters, run list, and journal pages.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove hardcoreMode, setModeOnly, and bossTeamMatch toggles which had
no mechanical impact on the tracker. Replace them with a customRules
markdown field so users can document their own rules (especially useful
for genlockes). Add react-markdown + remark-gfm for rendering and
@tailwindcss/typography for prose styling. The custom rules display is
collapsible and hidden by default.
Also simplifies the BossDefeatModal by removing the Lost result and
attempts counter, and always shows boss team size in the level cap bar.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
In custom mode, the region picker no longer filters out already-used
regions, letting users add multiple legs from the same region (e.g.
Black + Black 2 in Unova). Preset modes keep the one-per-region
behavior. Already-used regions show a subtle dot indicator.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
