fix: applicant portal — document uploads, round filtering, auth hardening

Fix round-specific document uploads (submittedAt no longer blocks uploads), add view/download buttons for existing files, enforce active-round-only for uploads/deletes. Harden auth layout and set-password page. Filter applicant portal rounds by award track membership. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 13:29:39 +01:00
parent 1103d42439
commit a39e27f6ff
8 changed files with 192 additions and 37 deletions
--- a/src/app/(applicant)/applicant/documents/page.tsx
+++ b/src/app/(applicant)/applicant/documents/page.tsx
@@ -3,6 +3,7 @@
 import { useSession } from 'next-auth/react'
 import { trpc } from '@/lib/trpc/client'
 import { Badge } from '@/components/ui/badge'
+import { Button } from '@/components/ui/button'
 import {
  Card,
  CardContent,
@@ -20,6 +21,7 @@ import {
  Video,
  File,
  Download,
+  Eye,
 } from 'lucide-react'

 const fileTypeIcons: Record<string, typeof FileText> = {
@@ -42,6 +44,34 @@ const fileTypeLabels: Record<string, string> = {
  SUPPORTING_DOC: 'Supporting Document',
 }

+function FileActionButtons({ bucket, objectKey, fileName }: { bucket: string; objectKey: string; fileName: string }) {
+  const { data: viewData } = trpc.file.getDownloadUrl.useQuery(
+    { bucket, objectKey, forDownload: false },
+    { staleTime: 10 * 60 * 1000 }
+  )
+  const { data: dlData } = trpc.file.getDownloadUrl.useQuery(
+    { bucket, objectKey, forDownload: true, fileName },
+    { staleTime: 10 * 60 * 1000 }
+  )
+  const viewUrl = typeof viewData === 'string' ? viewData : viewData?.url
+  const dlUrl = typeof dlData === 'string' ? dlData : dlData?.url
+
+  return (
+    <div className="flex items-center gap-1 shrink-0">
+      <Button variant="ghost" size="sm" className="h-7 px-2 text-xs gap-1" asChild disabled={!viewUrl}>
+        <a href={viewUrl || '#'} target="_blank" rel="noopener noreferrer">
+          <Eye className="h-3 w-3" /> View
+        </a>
+      </Button>
+      <Button variant="ghost" size="sm" className="h-7 px-2 text-xs gap-1" asChild disabled={!dlUrl}>
+        <a href={dlUrl || '#'} download={fileName}>
+          <Download className="h-3 w-3" /> Download
+        </a>
+      </Button>
+    </div>
+  )
+}
+
 export default function ApplicantDocumentsPage() {
  const { status: sessionStatus } = useSession()
  const isAuthenticated = sessionStatus === 'authenticated'
@@ -82,7 +112,7 @@ export default function ApplicantDocumentsPage() {
    )
  }

-  const { project, openRounds } = data
+  const { project, openRounds, isRejected } = data
  const isDraft = !project.submittedAt

  return (
@@ -98,8 +128,20 @@ export default function ApplicantDocumentsPage() {
        </p>
      </div>

+      {/* Rejected banner */}
+      {isRejected && (
+        <Card className="border-destructive/50 bg-destructive/5">
+          <CardContent className="flex items-center gap-3 py-4">
+            <AlertTriangle className="h-5 w-5 text-destructive shrink-0" />
+            <p className="text-sm text-destructive">
+              Your project was not selected to advance. Documents are view-only.
+            </p>
+          </CardContent>
+        </Card>
+      )}
+
      {/* Per-round upload sections */}
-      {openRounds.length > 0 && (
+      {!isRejected && openRounds.length > 0 && (
        <div className="space-y-6">
          {openRounds.map((round: { id: string; name: string; windowCloseAt?: string | Date | null }) => {
            const now = new Date()
@@ -163,18 +205,18 @@ export default function ApplicantDocumentsPage() {
            <div className="space-y-2">
              {project.files.map((file) => {
                const Icon = fileTypeIcons[file.fileType] || File
-                const fileRecord = file as typeof file & { isLate?: boolean; roundId?: string | null }
+                const fileRecord = file as typeof file & { isLate?: boolean; roundId?: string | null; bucket?: string; objectKey?: string }

                return (
                  <div
                    key={file.id}
                    className="flex items-center justify-between p-3 rounded-lg border"
                  >
-                    <div className="flex items-center gap-3">
-                      <Icon className="h-5 w-5 text-muted-foreground" />
-                      <div>
+                    <div className="flex items-center gap-3 min-w-0">
+                      <Icon className="h-5 w-5 text-muted-foreground shrink-0" />
+                      <div className="min-w-0">
                        <div className="flex items-center gap-2">
-                          <p className="font-medium text-sm">{file.fileName}</p>
+                          <p className="font-medium text-sm truncate">{file.fileName}</p>
                          {fileRecord.isLate && (
                            <Badge variant="warning" className="text-xs gap-1">
                              <AlertTriangle className="h-3 w-3" />
@@ -189,6 +231,13 @@ export default function ApplicantDocumentsPage() {
                        </p>
                      </div>
                    </div>
+                    {fileRecord.bucket && fileRecord.objectKey && (
+                      <FileActionButtons
+                        bucket={fileRecord.bucket}
+                        objectKey={fileRecord.objectKey}
+                        fileName={file.fileName}
+                      />
+                    )}
                  </div>
                )
              })}