fix: applicant portal — document uploads, round filtering, auth hardening

Fix round-specific document uploads (submittedAt no longer blocks uploads), add view/download buttons for existing files, enforce active-round-only for uploads/deletes. Harden auth layout and set-password page. Filter applicant portal rounds by award track membership. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 13:29:39 +01:00
parent 1103d42439
commit a39e27f6ff
8 changed files with 192 additions and 37 deletions
--- a/src/app/(auth)/layout.tsx
+++ b/src/app/(auth)/layout.tsx
@@ -19,13 +19,14 @@ export default async function AuthLayout({
  // Redirect logged-in users to their dashboard
  // But NOT if they still need to set their password
  if (session?.user && !session.user.mustSetPassword) {
-    // Verify user still exists in DB (handles deleted accounts with stale sessions)
+    // Verify user still exists in DB and check onboarding status
    const dbUser = await prisma.user.findUnique({
      where: { id: session.user.id },
-      select: { id: true },
+      select: { id: true, onboardingCompletedAt: true },
    })

    if (dbUser) {
+
      const role = session.user.role
      if (role === 'SUPER_ADMIN' || role === 'PROGRAM_ADMIN') {
        redirect('/admin')