fix: give global admins more perms

Author: tsurbs

Dioxus.toml

@@ -5,10 +5,11 @@ android_manifest = "./mobile/AndroidManifest.xml"
 
 [web.app]
 title = "Terrier"
+index = "./index.html"
 
 [web.app.head]
 html = """
-<link rel="manifest" href="/manifest.json">
+<link rel="manifest" href="/api/manifest.json">
 <meta name="theme-color" content="#ffffff">
 <meta name="apple-mobile-web-app-capable" content="yes">
 <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">

index.html

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Terrier</title>
+  <meta content="text/html;charset=utf-8" http-equiv="Content-Type" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <meta charset="UTF-8" />
+  <link rel="manifest" href="/api/manifest.json">
+  <meta name="theme-color" content="#ffffff">
+  <meta name="apple-mobile-web-app-capable" content="yes">
+  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
+  <link rel="apple-touch-icon" href="/icons/icon-192.png">
+</head>
+<body>
+  <div id="main"></div>
+</body>
+</html>

src/domain/applications/handlers/checkin.rs

@@ -2,7 +2,9 @@ use dioxus::prelude::*;
 use serde::{Deserialize, Serialize};
 
 #[cfg(feature = "server")]
-use crate::core::auth::{context::RequestContext, middleware::SyncedUser};
+use crate::core::auth::{
+    context::RequestContext, middleware::SyncedUser, permissions::Permissions,
+};
 #[cfg(feature = "server")]
 use utoipa::ToSchema;
 
@@ -162,12 +164,13 @@ pub async fn organizer_checkin(
 
     let hackathon = ctx.hackathon()?;
 
-    // Verify user is organizer or admin
+    // Verify user is organizer, admin, or global admin
+    let is_global_admin = Permissions::is_global_admin(&ctx);
     let role_repo = UserRoleRepository::new(&ctx.state.db);
     let is_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
     let is_organizer = role_repo.is_organizer(ctx.user.id, hackathon.id).await?;
 
-    if !is_admin && !is_organizer {
+    if !is_global_admin && !is_admin && !is_organizer {
         return Err(ServerFnError::new(
             "Only organizers can check in participants",
         ));
@@ -236,12 +239,13 @@ pub async fn organizer_remove_checkin(
 
     let hackathon = ctx.hackathon()?;
 
-    // Verify user is organizer or admin
+    // Verify user is organizer, admin, or global admin
+    let is_global_admin = Permissions::is_global_admin(&ctx);
     let role_repo = UserRoleRepository::new(&ctx.state.db);
     let is_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
     let is_organizer = role_repo.is_organizer(ctx.user.id, hackathon.id).await?;
 
-    if !is_admin && !is_organizer {
+    if !is_global_admin && !is_admin && !is_organizer {
         return Err(ServerFnError::new("Only organizers can remove check-ins"));
     }
 
@@ -284,12 +288,13 @@ pub async fn get_attendees(slug: String, event_id: i32) -> Result<Vec<Attendee>,
 
     let hackathon = ctx.hackathon()?;
 
-    // Verify user is organizer or admin
+    // Verify user is organizer, admin, or global admin
+    let is_global_admin = Permissions::is_global_admin(&ctx);
     let role_repo = UserRoleRepository::new(&ctx.state.db);
     let is_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
     let is_organizer = role_repo.is_organizer(ctx.user.id, hackathon.id).await?;
 
-    if !is_admin && !is_organizer {
+    if !is_global_admin && !is_admin && !is_organizer {
         return Err(ServerFnError::new("Only organizers can view attendees"));
     }
 
@@ -412,12 +417,13 @@ pub async fn get_participant_info(
 
     let hackathon = ctx.hackathon()?;
 
-    // Verify user is organizer or admin
+    // Verify user is organizer, admin, or global admin
+    let is_global_admin = Permissions::is_global_admin(&ctx);
     let role_repo = UserRoleRepository::new(&ctx.state.db);
     let is_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
     let is_organizer = role_repo.is_organizer(ctx.user.id, hackathon.id).await?;
 
-    if !is_admin && !is_organizer {
+    if !is_global_admin && !is_admin && !is_organizer {
         return Err(ServerFnError::new(
             "Only organizers can look up participants",
         ));

src/domain/applications/handlers/events.rs

@@ -1,7 +1,9 @@
 use dioxus::prelude::*;
 
 #[cfg(feature = "server")]
-use crate::core::auth::{context::RequestContext, middleware::SyncedUser};
+use crate::core::auth::{
+    context::RequestContext, middleware::SyncedUser, permissions::Permissions,
+};
 
 /// Get user schedule
 #[cfg_attr(feature = "server", utoipa::path(
@@ -111,11 +113,12 @@ pub async fn create_event(
 
     let hackathon = ctx.hackathon()?;
 
-    // Check if user is admin
+    // Check if user is admin (global or hackathon-level)
+    let is_global_admin = Permissions::is_global_admin(&ctx);
     let role_repo = UserRoleRepository::new(&ctx.state.db);
-    let is_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
+    let is_hackathon_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
 
-    if !is_admin {
+    if !is_global_admin && !is_hackathon_admin {
         return Err(ServerFnError::new("Only admins can create events"));
     }
 
@@ -231,11 +234,12 @@ pub async fn update_event(
 
     let hackathon = ctx.hackathon()?;
 
-    // Check if user is admin
+    // Check if user is admin (global or hackathon-level)
+    let is_global_admin = Permissions::is_global_admin(&ctx);
     let role_repo = UserRoleRepository::new(&ctx.state.db);
-    let is_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
+    let is_hackathon_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
 
-    if !is_admin {
+    if !is_global_admin && !is_hackathon_admin {
         return Err(ServerFnError::new("Only admins can update events"));
     }
 
@@ -332,11 +336,12 @@ pub async fn delete_event(slug: String, id: i32) -> Result<(), ServerFnError> {
 
     let hackathon = ctx.hackathon()?;
 
-    // Check if user is admin
+    // Check if user is admin (global or hackathon-level)
+    let is_global_admin = Permissions::is_global_admin(&ctx);
     let role_repo = UserRoleRepository::new(&ctx.state.db);
-    let is_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
+    let is_hackathon_admin = role_repo.is_admin(ctx.user.id, hackathon.id).await?;
 
-    if !is_admin {
+    if !is_global_admin && !is_hackathon_admin {
         return Err(ServerFnError::new("Only admins can delete events"));
     }
 

src/domain/hackathons/handlers/manifest.rs

@@ -71,52 +71,14 @@ pub async fn get_manifest(
     let icons = if let Some(ref icon_url) = hackathon.app_icon_url {
         // When a custom icon is uploaded, use it for all sizes
         // The browser will scale it appropriately
-        vec![
-            ManifestIcon {
-                src: icon_url.clone(),
-                sizes: "512x512".to_string(),
-                icon_type: guess_icon_type(icon_url),
-            },
-            ManifestIcon {
-                src: icon_url.clone(),
-                sizes: "192x192".to_string(),
-                icon_type: guess_icon_type(icon_url),
-            },
-            ManifestIcon {
-                src: icon_url.clone(),
-                sizes: "144x144".to_string(),
-                icon_type: guess_icon_type(icon_url),
-            },
-            ManifestIcon {
-                src: icon_url.clone(),
-                sizes: "96x96".to_string(),
-                icon_type: guess_icon_type(icon_url),
-            },
-        ]
+        vec![ManifestIcon {
+            src: icon_url.clone(),
+            sizes: "512x512".to_string(),
+            icon_type: guess_icon_type(icon_url),
+        }]
     } else {
-        // Fall back to default icons
-        vec![
-            ManifestIcon {
-                src: "/th26_icons/android/android-launchericon-512-512.png".to_string(),
-                sizes: "512x512".to_string(),
-                icon_type: "image/png".to_string(),
-            },
-            ManifestIcon {
-                src: "/th26_icons/android/android-launchericon-192-192.png".to_string(),
-                sizes: "192x192".to_string(),
-                icon_type: "image/png".to_string(),
-            },
-            ManifestIcon {
-                src: "/th26_icons/android/android-launchericon-144-144.png".to_string(),
-                sizes: "144x144".to_string(),
-                icon_type: "image/png".to_string(),
-            },
-            ManifestIcon {
-                src: "/th26_icons/android/android-launchericon-96-96.png".to_string(),
-                sizes: "96x96".to_string(),
-                icon_type: "image/png".to_string(),
-            },
-        ]
+        // Fall back to default icons (do not exist yet)
+        vec![]
     };
 
     // Build manifest with hackathon-specific data
@@ -159,3 +121,130 @@ fn guess_icon_type(url: &str) -> String {
         "image/png".to_string()
     }
 }
+
+/// Serve manifest.json at root, extracting hackathon slug from Referer header
+pub async fn get_root_manifest(
+    State(state): State<AppState>,
+    headers: HeaderMap,
+) -> impl IntoResponse {
+    // Try to extract hackathon slug from Referer header
+    let slug = headers
+        .get("referer")
+        .and_then(|r| r.to_str().ok())
+        .and_then(|referer| {
+            // Parse URL like "https://example.com/h/th26/dashboard"
+            // Extract the slug after "/h/"
+            if let Some(start) = referer.find("/h/") {
+                let rest = &referer[start + 3..];
+                // Take until next "/" or end
+                let slug = rest.split('/').next()?;
+                if !slug.is_empty() {
+                    return Some(slug.to_string());
+                }
+            }
+            None
+        });
+
+    let Some(slug) = slug else {
+        // No hackathon context, return a default/generic manifest
+        let manifest = WebManifest {
+            name: "Terrier".to_string(),
+            short_name: "Terrier".to_string(),
+            description: "Hackathon management platform".to_string(),
+            start_url: "/".to_string(),
+            scope: "/".to_string(),
+            display: "fullscreen".to_string(),
+            background_color: "#F4F2F3".to_string(),
+            theme_color: "#F4F2F3".to_string(),
+            orientation: "portrait".to_string(),
+            icons: vec![],
+        };
+
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            "Content-Type",
+            HeaderValue::from_static("application/manifest+json"),
+        );
+        return (headers, Json(manifest)).into_response();
+    };
+
+    // Find the hackathon
+    let hackathon = match hackathons::Entity::find()
+        .filter(hackathons::Column::Slug.eq(&slug))
+        .one(&state.db)
+        .await
+    {
+        Ok(Some(h)) => h,
+        Ok(None) => {
+            // Fallback to generic manifest
+            let manifest = WebManifest {
+                name: "Terrier".to_string(),
+                short_name: "Terrier".to_string(),
+                description: "Hackathon management platform".to_string(),
+                start_url: "/".to_string(),
+                scope: "/".to_string(),
+                display: "fullscreen".to_string(),
+                background_color: "#F4F2F3".to_string(),
+                theme_color: "#F4F2F3".to_string(),
+                orientation: "portrait".to_string(),
+                icons: vec![],
+            };
+
+            let mut headers = HeaderMap::new();
+            headers.insert(
+                "Content-Type",
+                HeaderValue::from_static("application/manifest+json"),
+            );
+            return (headers, Json(manifest)).into_response();
+        }
+        Err(e) => {
+            tracing::error!("Failed to fetch hackathon: {:?}", e);
+            return (StatusCode::INTERNAL_SERVER_ERROR, "Database error").into_response();
+        }
+    };
+
+    let scope = format!("/h/{}/", slug);
+    let start_url = format!("/h/{}/", slug);
+
+    let theme_color = hackathon
+        .theme_color
+        .clone()
+        .unwrap_or_else(|| "#F4F2F3".to_string());
+    let background_color = hackathon
+        .background_color
+        .clone()
+        .unwrap_or_else(|| "#F4F2F3".to_string());
+
+    let icons = if let Some(ref icon_url) = hackathon.app_icon_url {
+        vec![ManifestIcon {
+            src: icon_url.clone(),
+            sizes: "512x512".to_string(),
+            icon_type: guess_icon_type(icon_url),
+        }]
+    } else {
+        vec![]
+    };
+
+    let manifest = WebManifest {
+        name: hackathon.name.clone(),
+        short_name: hackathon.name.clone(),
+        description: hackathon
+            .description
+            .unwrap_or_else(|| format!("The app for {}!", hackathon.name)),
+        start_url,
+        scope,
+        display: "fullscreen".to_string(),
+        background_color,
+        theme_color,
+        orientation: "portrait".to_string(),
+        icons,
+    };
+
+    let mut headers = HeaderMap::new();
+    headers.insert(
+        "Content-Type",
+        HeaderValue::from_static("application/manifest+json"),
+    );
+
+    (headers, Json(manifest)).into_response()
+}