SBCQ-93: Authenticated role, staff user policy, and other tweaks

[BradyMitch]

🎯 Summary

SBCQ-93

New default Authenticated role instead of CSR. This role can login and view things, but not edit anything.

Added policy for staff_user resource under utils/policies. This dictates what the signed in user is allowed to do relating to a staff_user record. Does not include what they can do with location or counter (these will have their own policies).

.VSCode -> Removed deprecated extension

prisma -> New Authenticated role, added staff_user seed data.

api login -> Added cache control headers so login page isn't cached. Caused an issue when SSO went down and I had to clear my browser data to login.

api protected / auth middleware / util getAuthContext -> Updated to allow pages to access auth context, not just api routes

hooks -> Removed editable roles hook as this functionality is replaced by security policy

lib/prisma/staff_user -> Updated types from StaffUser to StaffUserWithRelations to include related location and counter

Updated all confirm archive modal components under components/settings/ to have try catch in handleSave and added error message display. Also removed ...formData from update functions as we only need to update the deletedAt field.

Updated all components under components/settings/ that updated or inserted data to use window.location.href to force a re-fetch of the page's data.

src\components\settings\users -> Updates to use the new policy to determine when the user can view, edit, archive, and what roles they can select from when changing a user's role.

🧪 Testing

1. Run npm run db:reset and npm run db:seed to load new database changes.
2. Login to the app to create your new user again, then logout.
3. In SSO Portal, change your role to Administrator. You can use this method any time you want to promote yourself to a higher role. For demotion you should use the Queue app.
4. Go to Settings > Users page.
5. As an Administrator, you should not be able to archive yourself, but you should be able to see and be able to edit all other users. Finish by changing your role to SDM.
6. As an SDM, you should see all other users in your location and be able to edit any user with a role equal to or lower than your own. You should not be able to edit Administrators or promote anyone to that role. If you change your location you should not see other users.
7. Test other lower roles. When you get to Authenticated you will not be able to edit any users (including your own).

🔰 Checklist

• I have read and agree with the following checklist.

• I have performed a self-review of my code.
• I have commented my code, particularly in hard-to-understand areas.
• I have made corresponding changes to the documentation where required.
• I have tested my changes to the best of my ability.
• I have consulted with the team if introducing a new dependency.
• My changes generate no new warnings.