MOPC/MOPC-Portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: admin role change, logo access, magic link validation, login help

Browse Source 
- Add updateTeamMemberRole mutation for admins to change team member roles
- Allow any team member (not just lead) to change project logo
- Add visible "Add logo"/"Change" label under logo for discoverability
- Pre-check email existence before sending magic link (show error)
- Add "forgot which email" contact link on login page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt
2026-03-05 16:37:45 +01:00
parent 67670472f7
commit 6b6f5e33f5
6 changed files with 159 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/app/(admin)/admin/projects/[id]/page.tsx
View File

@@ -171,6 +171,16 @@ function ProjectDetailContent({ projectId }: { projectId: string }) {
}, },
}) })
const updateTeamMemberRole = trpc.project.updateTeamMemberRole.useMutation({
onSuccess: () => {
toast.success('Role updated')
utils.project.getFullDetail.invalidate({ id: projectId })
},
onError: (err) => {
toast.error(err.message || 'Failed to update role')
},
})
const removeTeamMember = trpc.project.removeTeamMember.useMutation({ const removeTeamMember = trpc.project.removeTeamMember.useMutation({
onSuccess: () => { onSuccess: () => {
toast.success('Team member removed') toast.success('Team member removed')
@@ -538,9 +548,25 @@ function ProjectDetailContent({ projectId }: { projectId: string }) {
<Link href={`/admin/members/${member.user.id}`} className="font-medium text-sm truncate hover:underline text-primary"> <Link href={`/admin/members/${member.user.id}`} className="font-medium text-sm truncate hover:underline text-primary">
{member.user.name || 'Unnamed'} {member.user.name || 'Unnamed'}
</Link> </Link>
<Badge variant="outline" className="text-xs"> <Select
{member.role === 'LEAD' ? 'Lead' : member.role === 'ADVISOR' ? 'Advisor' : 'Member'} value={member.role}
</Badge> onValueChange={(value) =>
updateTeamMemberRole.mutate({
projectId: project.id,
userId: member.user.id,
role: value as 'LEAD' | 'MEMBER' | 'ADVISOR',
})
}
>
<SelectTrigger className="h-6 w-auto text-xs px-2 py-0 border-dashed gap-1">
<SelectValue />
</SelectTrigger>
<SelectContent>
<SelectItem value="LEAD">Lead</SelectItem>
<SelectItem value="MEMBER">Member</SelectItem>
<SelectItem value="ADVISOR">Advisor</SelectItem>
</SelectContent>
</Select>
</div> </div>
<p className="text-xs text-muted-foreground truncate"> <p className="text-xs text-muted-foreground truncate">
{member.user.email} {member.user.email}

19
src/app/(applicant)/applicant/page.tsx
View File

@@ -124,8 +124,7 @@ export default function ApplicantDashboardPage() {
{/* Header */} {/* Header */}
<div className="flex items-start justify-between flex-wrap gap-4"> <div className="flex items-start justify-between flex-wrap gap-4">
<div className="flex items-center gap-4"> <div className="flex items-center gap-4">
{/* Project logo — clickable for team leads to change */} {/* Project logo — clickable for any team member to change */}
{project.isTeamLead ? (
<ProjectLogoUpload <ProjectLogoUpload
projectId={project.id} projectId={project.id}
currentLogoUrl={data.logoUrl} currentLogoUrl={data.logoUrl}
@@ -133,8 +132,9 @@ export default function ApplicantDashboardPage() {
> >
<button <button
type="button" type="button"
className="group relative shrink-0 h-14 w-14 rounded-xl border bg-muted/50 flex items-center justify-center overflow-hidden cursor-pointer hover:ring-2 hover:ring-primary/30 transition-all" className="group relative shrink-0 flex flex-col items-center gap-1 cursor-pointer"
> >
<div className="relative h-14 w-14 rounded-xl border bg-muted/50 flex items-center justify-center overflow-hidden hover:ring-2 hover:ring-primary/30 transition-all">
{data.logoUrl ? ( {data.logoUrl ? (
<img src={data.logoUrl} alt={project.title} className="h-full w-full object-cover" /> <img src={data.logoUrl} alt={project.title} className="h-full w-full object-cover" />
) : ( ) : (
@@ -143,17 +143,12 @@ export default function ApplicantDashboardPage() {
<div className="absolute inset-0 bg-black/0 group-hover:bg-black/40 transition-colors flex items-center justify-center"> <div className="absolute inset-0 bg-black/0 group-hover:bg-black/40 transition-colors flex items-center justify-center">
<Pencil className="h-4 w-4 text-white opacity-0 group-hover:opacity-100 transition-opacity" /> <Pencil className="h-4 w-4 text-white opacity-0 group-hover:opacity-100 transition-opacity" />
</div> </div>
</div>
<span className="text-[10px] text-primary/70 group-hover:text-primary transition-colors">
{data.logoUrl ? 'Change' : 'Add logo'}
</span>
</button> </button>
</ProjectLogoUpload> </ProjectLogoUpload>
) : (
<div className="shrink-0 h-14 w-14 rounded-xl border bg-muted/50 flex items-center justify-center overflow-hidden">
{data.logoUrl ? (
<img src={data.logoUrl} alt={project.title} className="h-full w-full object-cover" />
) : (
<FileText className="h-7 w-7 text-muted-foreground/60" />
)}
</div>
)}
<div> <div>
<div className="flex items-center gap-3"> <div className="flex items-center gap-3">
<h1 className="text-2xl font-semibold tracking-tight">{project.title}</h1> <h1 className="text-2xl font-semibold tracking-tight">{project.title}</h1>

21
src/app/(applicant)/applicant/team/page.tsx
View File

@@ -244,8 +244,7 @@ export default function ApplicantProjectPage() {
<div className="space-y-6"> <div className="space-y-6">
{/* Header */} {/* Header */}
<div className="flex items-center gap-4"> <div className="flex items-center gap-4">
{/* Project logo — clickable for team leads */} {/* Project logo — clickable for any team member to change */}
{isTeamLead ? (
<ProjectLogoUpload <ProjectLogoUpload
projectId={projectId} projectId={projectId}
currentLogoUrl={logoUrl} currentLogoUrl={logoUrl}
@@ -253,8 +252,9 @@ export default function ApplicantProjectPage() {
> >
<button <button
type="button" type="button"
className="group relative shrink-0 h-14 w-14 rounded-xl border bg-muted/50 flex items-center justify-center overflow-hidden cursor-pointer hover:ring-2 hover:ring-primary/30 transition-all" className="group relative shrink-0 flex flex-col items-center gap-1 cursor-pointer"
> >
<div className="relative h-14 w-14 rounded-xl border bg-muted/50 flex items-center justify-center overflow-hidden hover:ring-2 hover:ring-primary/30 transition-all">
{logoUrl ? ( {logoUrl ? (
<img src={logoUrl} alt={project.title} className="h-full w-full object-cover" /> <img src={logoUrl} alt={project.title} className="h-full w-full object-cover" />
) : ( ) : (
@@ -263,17 +263,12 @@ export default function ApplicantProjectPage() {
<div className="absolute inset-0 bg-black/0 group-hover:bg-black/40 transition-colors flex items-center justify-center"> <div className="absolute inset-0 bg-black/0 group-hover:bg-black/40 transition-colors flex items-center justify-center">
<Pencil className="h-4 w-4 text-white opacity-0 group-hover:opacity-100 transition-opacity" /> <Pencil className="h-4 w-4 text-white opacity-0 group-hover:opacity-100 transition-opacity" />
</div> </div>
</div>
<span className="text-[10px] text-primary/70 group-hover:text-primary transition-colors">
{logoUrl ? 'Change' : 'Add logo'}
</span>
</button> </button>
</ProjectLogoUpload> </ProjectLogoUpload>
) : (
<div className="shrink-0 h-14 w-14 rounded-xl border bg-muted/50 flex items-center justify-center overflow-hidden">
{logoUrl ? (
<img src={logoUrl} alt={project.title} className="h-full w-full object-cover" />
) : (
<FolderOpen className="h-7 w-7 text-muted-foreground/60" />
)}
</div>
)}
<div> <div>
<h1 className="text-2xl font-semibold tracking-tight"> <h1 className="text-2xl font-semibold tracking-tight">
{project.title} {project.title}
@@ -388,7 +383,7 @@ export default function ApplicantProjectPage() {
</Card> </Card>
{/* Project Logo */} {/* Project Logo */}
{isTeamLead && projectId && ( {projectId && (
<Card> <Card>
<CardHeader> <CardHeader>
<CardTitle className="flex items-center gap-2"> <CardTitle className="flex items-center gap-2">

19
src/app/(auth)/login/page.tsx
View File

@@ -69,6 +69,19 @@ export default function LoginPage() {
setError(null) setError(null)
try { try {
// Pre-check: does this email exist?
const checkRes = await fetch('/api/auth/check-email', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email }),
})
const checkData = await checkRes.json()
if (!checkData.exists) {
setError('No account found with this email address. Please check the email you used to sign up, or contact the administrator.')
setIsLoading(false)
return
}
// Get CSRF token first // Get CSRF token first
const csrfRes = await fetch('/api/auth/csrf') const csrfRes = await fetch('/api/auth/csrf')
const { csrfToken } = await csrfRes.json() const { csrfToken } = await csrfRes.json()
@@ -300,6 +313,12 @@ export default function LoginPage() {
</> </>
)} )}
</button> </button>
<p className="mt-3 text-xs text-muted-foreground/70 text-center">
Don&apos;t remember which email you used?{' '}
<a href="mailto:contact@monaco-opc.com" className="underline hover:text-primary transition-colors">
Contact the MOPC team
</a>
</p>
</div> </div>
</CardContent> </CardContent>
</Card> </Card>

26
src/app/api/auth/check-email/route.ts Normal file
View File

@@ -0,0 +1,26 @@
import { NextRequest, NextResponse } from 'next/server'
import { prisma } from '@/lib/prisma'
/**
* Pre-check whether an email exists before sending a magic link.
* This is a closed platform (no self-registration) so revealing
* email existence is acceptable and helps users who mistype.
*/
export async function POST(req: NextRequest) {
try {
const { email } = await req.json()
if (!email || typeof email !== 'string') {
return NextResponse.json({ exists: false }, { status: 400 })
}
const user = await prisma.user.findUnique({
where: { email: email.toLowerCase().trim() },
select: { status: true },
})
const exists = !!user && user.status !== 'SUSPENDED'
return NextResponse.json({ exists })
} catch {
return NextResponse.json({ exists: false }, { status: 500 })
}
}

52
src/server/routers/project.ts
View File

@@ -1611,6 +1611,58 @@ export const projectRouter = router({
return { success: true } return { success: true }
}), }),
/**
* Update a team member's role (admin only).
* Prevents removing the last LEAD.
*/
updateTeamMemberRole: adminProcedure
.input(
z.object({
projectId: z.string(),
userId: z.string(),
role: z.enum(['LEAD', 'MEMBER', 'ADVISOR']),
})
)
.mutation(async ({ ctx, input }) => {
const { projectId, userId, role } = input
const member = await ctx.prisma.teamMember.findUniqueOrThrow({
where: { projectId_userId: { projectId, userId } },
select: { role: true },
})
// Prevent removing the last LEAD
if (member.role === 'LEAD' && role !== 'LEAD') {
const leadCount = await ctx.prisma.teamMember.count({
where: { projectId, role: 'LEAD' },
})
if (leadCount <= 1) {
throw new TRPCError({
code: 'BAD_REQUEST',
message: 'Cannot change the role of the last team lead',
})
}
}
await ctx.prisma.teamMember.update({
where: { projectId_userId: { projectId, userId } },
data: { role },
})
await logAudit({
prisma: ctx.prisma,
userId: ctx.user.id,
action: 'UPDATE_TEAM_MEMBER_ROLE',
entityType: 'Project',
entityId: projectId,
detailsJson: { targetUserId: userId, oldRole: member.role, newRole: role },
ipAddress: ctx.ip,
userAgent: ctx.userAgent,
})
return { success: true }
}),
// ========================================================================= // =========================================================================
// BULK NOTIFICATION ENDPOINTS // BULK NOTIFICATION ENDPOINTS
// ========================================================================= // =========================================================================