feat: auth-aware UI and role-based access control #67

Merged

TheFurya merged 10 commits from feature/auth-aware-ui-and-role-based-access-control into develop 2026-03-21 11:44:07 +01:00

Conversation 0 Commits 10 Files Changed 27 +826 -347

10 Commits

Author	SHA1	Message	Date
Julian Tabel	533f0cad4a	fix(tests): mock useAuth in Layout tests for auth-aware navigation ... Layout now renders different nav links based on auth state. Tests were using a real AuthProvider which resolved to no user, causing them to look for "My Runs" and "Admin" links that only appear when logged in. Mock useAuth to test both logged-out and logged-in-as-admin states. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-21 11:42:20 +01:00
Julian Tabel	c17e776408	fix(tests): use admin_client for admin-protected endpoints ... After adding require_admin to admin endpoints, tests using unauthenticated client or auth_client got 401/403. Also fix mock user ID to be a valid UUID (was "test-user-123", now a proper UUID4). - Add admin_override and admin_client fixtures to conftest - Update test_pokemon.py, test_games.py, test_genlocke_boss.py to use admin_client for write operations on admin endpoints Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-21 11:39:10 +01:00
Julian Tabel	afd1c2543a	chore: update bean	2026-03-21 11:30:09 +01:00
Julian Tabel	4946ebb54c	fix(tests): drop_all before create_all to clear stale PostgreSQL enums ... If a previous test run was interrupted before teardown, PostgreSQL enum types persist with stale values, causing create_all to fail. Adding drop_all first ensures a clean slate. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-21 11:29:26 +01:00
Julian Tabel	7ff271efba	chore(auth-aware-ui-and-role-based-access-control): Expose admin status to frontend via user API ... The frontend needs to know if the current user is an admin so it can show/hide the Admin nav link and protect admin routes client-side. Bean: nuzlocke-tracker-5svj chore: Update beans	2026-03-21 11:23:54 +01:00
Julian Tabel	c7259a429a	feat: make navigation menu auth-aware ... Navigation links now change based on authentication state: - Logged out: Home, Runs, Genlockes, Stats - Logged in: New Run, My Runs, Genlockes, Stats - Admin: adds Admin link Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-21 11:22:24 +01:00
Julian Tabel	da33c62d62	feat: protect frontend routes with ProtectedRoute and AdminRoute ... - Wrap /runs/new and /genlockes/new with ProtectedRoute (requires login) - Create AdminRoute component that checks isAdmin, redirects non-admins with a toast notification - Wrap all /admin/* routes with AdminRoute - Deep-linking preserved: unauthenticated users redirect to login, then back to the original protected route after auth Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-21 11:19:30 +01:00
Julian Tabel	bbc6f2c3f4	feat: expose admin status to frontend via user API ... Add is_admin field to UserResponse schema and update AuthContext to fetch user profile after login, storing and exposing isAdmin boolean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-21 11:19:10 +01:00
Julian Tabel	2e66186fac	feat: add require_admin dependency and protect admin endpoints ... Add require_admin FastAPI dependency that checks is_admin column on users table. Apply it to all admin-facing write endpoints (games, pokemon, evolutions, bosses, routes CRUD). Run-scoped endpoints remain protected by require_auth only since they manage user's own data. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-21 11:14:55 +01:00
Julian Tabel	1042fff2b8	feat: add is_admin column to users table ... Add `is_admin` boolean column (default false) via Alembic migration for role-based access control. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-21 11:10:29 +01:00