MOPC/MOPC-Portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: applicant portal — document uploads, round filtering, auth hardening

Browse Source 
Fix round-specific document uploads (submittedAt no longer blocks uploads),
add view/download buttons for existing files, enforce active-round-only for
uploads/deletes. Harden auth layout and set-password page. Filter applicant
portal rounds by award track membership.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt
2026-03-04 13:29:39 +01:00
parent 1103d42439
commit a39e27f6ff
8 changed files with 192 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
src/app/(applicant)/applicant/documents/page.tsx
View File

@@ -3,6 +3,7 @@
import { useSession } from 'next-auth/react'
import { trpc } from '@/lib/trpc/client'
import { Badge } from '@/components/ui/badge'
import { Button } from '@/components/ui/button'
import {
Card,
CardContent,
@@ -20,6 +21,7 @@ import {
Video,
File,
Download,
Eye,
} from 'lucide-react'
const fileTypeIcons: Record<string, typeof FileText> = {
@@ -42,6 +44,34 @@ const fileTypeLabels: Record<string, string> = {
SUPPORTING_DOC: 'Supporting Document',
}
function FileActionButtons({ bucket, objectKey, fileName }: { bucket: string; objectKey: string; fileName: string }) {
const { data: viewData } = trpc.file.getDownloadUrl.useQuery(
{ bucket, objectKey, forDownload: false },
{ staleTime: 10 * 60 * 1000 }
)
const { data: dlData } = trpc.file.getDownloadUrl.useQuery(
{ bucket, objectKey, forDownload: true, fileName },
{ staleTime: 10 * 60 * 1000 }
)
const viewUrl = typeof viewData === 'string' ? viewData : viewData?.url
const dlUrl = typeof dlData === 'string' ? dlData : dlData?.url
return (
<div className="flex items-center gap-1 shrink-0">
<Button variant="ghost" size="sm" className="h-7 px-2 text-xs gap-1" asChild disabled={!viewUrl}>
<a href={viewUrl || '#'} target="_blank" rel="noopener noreferrer">
<Eye className="h-3 w-3" /> View
</a>
</Button>
<Button variant="ghost" size="sm" className="h-7 px-2 text-xs gap-1" asChild disabled={!dlUrl}>
<a href={dlUrl || '#'} download={fileName}>
<Download className="h-3 w-3" /> Download
</a>
</Button>
</div>
)
}
export default function ApplicantDocumentsPage() {
const { status: sessionStatus } = useSession()
const isAuthenticated = sessionStatus === 'authenticated'
@@ -82,7 +112,7 @@ export default function ApplicantDocumentsPage() {
)
}
const { project, openRounds } = data
const { project, openRounds, isRejected } = data
const isDraft = !project.submittedAt
return (
@@ -98,8 +128,20 @@ export default function ApplicantDocumentsPage() {
</p>
</div>
{/* Rejected banner */}
{isRejected && (
<Card className="border-destructive/50 bg-destructive/5">
<CardContent className="flex items-center gap-3 py-4">
<AlertTriangle className="h-5 w-5 text-destructive shrink-0" />
<p className="text-sm text-destructive">
Your project was not selected to advance. Documents are view-only.
</p>
</CardContent>
</Card>
)}
{/* Per-round upload sections */}
{openRounds.length > 0 && (
{!isRejected && openRounds.length > 0 && (
<div className="space-y-6">
{openRounds.map((round: { id: string; name: string; windowCloseAt?: string | Date | null }) => {
const now = new Date()
@@ -163,18 +205,18 @@ export default function ApplicantDocumentsPage() {
<div className="space-y-2">
{project.files.map((file) => {
const Icon = fileTypeIcons[file.fileType] || File
const fileRecord = file as typeof file & { isLate?: boolean; roundId?: string | null }
const fileRecord = file as typeof file & { isLate?: boolean; roundId?: string | null; bucket?: string; objectKey?: string }
return (
<div
key={file.id}
className="flex items-center justify-between p-3 rounded-lg border"
>
<div className="flex items-center gap-3">
<Icon className="h-5 w-5 text-muted-foreground" />
<div>
<div className="flex items-center gap-3 min-w-0">
<Icon className="h-5 w-5 text-muted-foreground shrink-0" />
<div className="min-w-0">
<div className="flex items-center gap-2">
<p className="font-medium text-sm">{file.fileName}</p>
<p className="font-medium text-sm truncate">{file.fileName}</p>
{fileRecord.isLate && (
<Badge variant="warning" className="text-xs gap-1">
<AlertTriangle className="h-3 w-3" />
@@ -189,6 +231,13 @@ export default function ApplicantDocumentsPage() {
</p>
</div>
</div>
{fileRecord.bucket && fileRecord.objectKey && (
<FileActionButtons
bucket={fileRecord.bucket}
objectKey={fileRecord.objectKey}
fileName={file.fileName}
/>
)}
</div>
)
})}

20
src/app/(applicant)/applicant/page.tsx
View File

@@ -111,7 +111,7 @@ export default function ApplicantDashboardPage() {
)
}
const { project, timeline, currentStatus, openRounds, hasPassedIntake } = data
const { project, timeline, currentStatus, openRounds, hasPassedIntake, isRejected } = data
const programYear = project.program?.year
const programName = project.program?.name
const totalEvaluations = evaluations?.reduce((sum, r) => sum + r.evaluationCount, 0) ?? 0
@@ -221,8 +221,23 @@ export default function ApplicantDashboardPage() {
</Card>
</AnimatedCard>
{/* Rejected banner */}
{isRejected && (
<AnimatedCard index={1}>
<Card className="border-destructive/50 bg-destructive/5">
<CardContent className="flex items-center gap-3 py-4">
<AlertCircle className="h-5 w-5 text-destructive shrink-0" />
<p className="text-sm text-destructive">
Your project was not selected to advance. Your project space is now read-only.
</p>
</CardContent>
</Card>
</AnimatedCard>
)}
{/* Quick actions */}
<AnimatedCard index={1}>
{!isRejected && (
<AnimatedCard index={2}>
<div className="grid gap-4 sm:grid-cols-2 lg:grid-cols-3">
<Link href={"/applicant/documents" as Route} className="group flex items-center gap-3 rounded-xl border border-border/60 p-4 transition-all duration-200 hover:-translate-y-0.5 hover:shadow-md hover:border-blue-500/30 hover:bg-blue-500/5">
<div className="rounded-xl bg-blue-500/10 p-2.5 transition-colors group-hover:bg-blue-500/20">
@@ -266,6 +281,7 @@ export default function ApplicantDashboardPage() {
)}
</div>
</AnimatedCard>
)}
{/* Document Completeness */}
{docCompleteness && docCompleteness.length > 0 && (

5
src/app/(applicant)/applicant/team/page.tsx
View File

@@ -123,6 +123,7 @@ export default function ApplicantProjectPage() {
const project = dashboardData?.project
const projectId = project?.id
const isIntakeOpen = dashboardData?.isIntakeOpen ?? false
const isRejected = dashboardData?.isRejected ?? false
const { data: teamData, isLoading: teamLoading, refetch } = trpc.applicant.getTeamMembers.useQuery(
{ projectId: projectId! },
@@ -398,7 +399,7 @@ export default function ApplicantProjectPage() {
Everyone on this list can view and collaborate on this project.
</CardDescription>
</div>
{isTeamLead && (
{isTeamLead && !isRejected && (
<Dialog open={isInviteOpen} onOpenChange={setIsInviteOpen}>
<DialogTrigger asChild>
<Button size="sm">
@@ -578,7 +579,7 @@ export default function ApplicantProjectPage() {
</div>
</div>
{isTeamLead && member.role !== 'LEAD' && teamData.submittedBy?.id !== member.userId && (
{isTeamLead && !isRejected && member.role !== 'LEAD' && teamData.submittedBy?.id !== member.userId && (
<AlertDialog>
<AlertDialogTrigger asChild>
<Button variant="ghost" size="icon" className="text-destructive">

5
src/app/(auth)/layout.tsx
View File

@@ -19,13 +19,14 @@ export default async function AuthLayout({
// Redirect logged-in users to their dashboard
// But NOT if they still need to set their password
if (session?.user && !session.user.mustSetPassword) {
// Verify user still exists in DB (handles deleted accounts with stale sessions)
// Verify user still exists in DB and check onboarding status
const dbUser = await prisma.user.findUnique({
where: { id: session.user.id },
select: { id: true },
select: { id: true, onboardingCompletedAt: true },
})
if (dbUser) {
const role = session.user.role
if (role === 'SUPER_ADMIN' || role === 'PROGRAM_ADMIN') {
redirect('/admin')

12
src/app/(auth)/set-password/page.tsx
View File

@@ -36,17 +36,9 @@ export default function SetPasswordPage() {
setIsSuccess(true)
// Update the session to reflect the password has been set
await updateSession()
// Redirect after a short delay
// Redirect after a short delay — all roles go to onboarding first
setTimeout(() => {
if (session?.user?.role === 'JURY_MEMBER') {
router.push('/jury')
} else if (session?.user?.role === 'SUPER_ADMIN' || session?.user?.role === 'PROGRAM_ADMIN') {
router.push('/admin')
} else if (session?.user?.role === 'APPLICANT') {
router.push('/onboarding')
} else {
router.push('/')
}
router.push('/onboarding')
}, 2000)
},
onError: (err) => {