refactor: CASL, Timezone, Database Scripts (#149)

* fix: Client CASL (#138)

* fix: client casl

* simplyify survey fetch

* simplify fetch and normalize function

* review: add comments for Natalie

* deserialization updates

* timezone handling updates

* refactor: consolidate useApi

* refactor: update signup page with api response structure

* refactor: mc

---------

Co-authored-by: Anant Mittal <anmittal@uw.edu>

* feat: location script (#137)

* feat: location script

* bulk import options

* refactor: moved location CRUD script to server/src

- resolves absolute import statements
- IDE recognizes node packages

* remove: old location crud file

---------

Co-authored-by: Anant Mittal <anmittal@uw.edu>

* Timezone Fixes (#153)

* fix: client-side permission checks will always use Pacific timezone regardless of the server TIMEZONE configuration, potentially causing inconsistencies between client and server permission evaluations

* Update client/src/hooks/useAbility.tsx

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update server/.env.example

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update client/src/components/forms/LocationSelect.tsx

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* revert: gh copilot fix

* refactor: move all scripts to server folder

---------

Co-authored-by: Natalie Robbins <102693174+natalierobbins@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 3 people

client/src/components/forms/LocationSelect.tsx

@@ -16,24 +16,24 @@ export const LocationSelect = ({
 	...props
 }: LocationSelectProps) => {
 	const { locationService } = useApi();
-	const { data: locations = [] } = locationService.useLocations() || {};
+	const { data: locations = [] } = locationService.useLocations() ?? {};
 
-	const options = locations.map(
+	const options = locations?.map(
 		(location: { _id: string; hubName: string }) => ({
 			value: location._id,
 			label: location.hubName
 		})
 	);
 
 	const optionsWithEmpty = includeEmptyOption
-		? [{ value: '', label: 'Select a location' }, ...options]
+		? [{ value: '', label: 'Select a location' }, ...(options ?? [])]
 		: options;
 
 	return (
 		<FormSelect
 			{...props}
 			label="Location"
-			options={optionsWithEmpty}
+			options={optionsWithEmpty ?? []}
 			canEdit={canEdit}
 			showTooltip={showTooltip}
 		/>

client/src/contexts/AuthContext.tsx

@@ -28,6 +28,7 @@ interface AuthState {
 		subject: Subject;
 		conditions: Condition[];
 	}[];
+	serverTimezone: string;
 	isLoggedIn: boolean;
 	isLoading: boolean;
 }
@@ -49,12 +50,16 @@ interface AuthContextValue extends AuthState {
 			conditions: Condition[];
 		}[]
 	) => void;
+	setServerTimezone: (serverTimezone: string) => void;
 	clearSession: () => void;
 	fetchUserContext: (userObjectId: string) => Promise<void>;
 }
 
 const AuthContext = createContext<AuthContextValue | undefined>(undefined);
 
+// Default timezone fallback for client-side (matches server default)
+const DEFAULT_CLIENT_TIMEZONE = 'America/Los_Angeles';
+
 function getDefaultAuthState(): AuthState {
 	return {
 		token: '',
@@ -67,6 +72,7 @@ function getDefaultAuthState(): AuthState {
 		locationObjectId: '',
 		lastestLocationObjectId: '',
 		permissions: [],
+		serverTimezone: DEFAULT_CLIENT_TIMEZONE,
 		isLoggedIn: false,
 		isLoading: false
 	};
@@ -91,6 +97,7 @@ export const AuthProvider = ({ children }: { children: ReactNode }) => {
 			permissions: [],
 			locationObjectId: '',
 			lastestLocationObjectId: '',
+			serverTimezone: DEFAULT_CLIENT_TIMEZONE,
 			isLoggedIn: true,
 			isLoading: true
 		};
@@ -151,6 +158,7 @@ export const AuthProvider = ({ children }: { children: ReactNode }) => {
 				locationObjectId: user.data.locationObjectId,
 				lastestLocationObjectId: latestLocationObjectId,
 				permissions: user.data.permissions,
+				serverTimezone: user.serverTimezone ?? DEFAULT_CLIENT_TIMEZONE,
 				isLoggedIn: true,
 				isLoading: false
 			}));
@@ -200,6 +208,10 @@ export const AuthProvider = ({ children }: { children: ReactNode }) => {
 		setState(prev => ({ ...prev, permissions }));
 	};
 
+	const setServerTimezone = (serverTimezone: string) => {
+		setState(prev => ({ ...prev, serverTimezone }));
+	};
+
 	const clearSession = () => {
 		deleteAuthToken(); // Clears from Zustand
 		setState(getDefaultAuthState());
@@ -218,6 +230,7 @@ export const AuthProvider = ({ children }: { children: ReactNode }) => {
 		setLocationObjectId,
 		setLastestLocationObjectId,
 		setPermissions,
+		setServerTimezone,
 		clearSession,
 		fetchUserContext
 	};

client/src/hooks/useAbility.tsx

@@ -4,8 +4,13 @@ import { useAuthContext } from '@/contexts';
 import defineAbilitiesForUser from '@/permissions/abilityBuilder';
 
 export const useAbility = () => {
-	const { userRole, userObjectId, lastestLocationObjectId, permissions } =
-		useAuthContext();
+	const {
+		userRole,
+		userObjectId,
+		lastestLocationObjectId,
+		permissions,
+		serverTimezone
+	} = useAuthContext();
 
 	// updates whenever our auth store updates
 	return useMemo(
@@ -14,8 +19,15 @@ export const useAbility = () => {
 				userRole ?? '',
 				userObjectId ?? '',
 				lastestLocationObjectId ?? '',
-				permissions
+				permissions,
+				serverTimezone ?? 'America/Los_Angeles'
 			),
-		[userRole, userObjectId, lastestLocationObjectId, permissions]
+		[
+			userRole,
+			userObjectId,
+			lastestLocationObjectId,
+			permissions,
+			serverTimezone
+		]
 	);
 };