Merge pull request #5 from StreetSupport/feature/3011-build-user-management-interface

3011 - Update logic regarding VolunteerRole

Author: o-seliuchenko

src/app/users/page.tsx

@@ -22,7 +22,7 @@ import { getAvailableLocations } from '@/utils/locationUtils';
 export default function UsersPage() {
   // Check authorization FIRST before any other logic
   const { isChecking, isAuthorized } = useAuthorization({
-    allowedRoles: [ROLES.SUPER_ADMIN, ROLES.CITY_ADMIN, ROLES.VOLUNTEER_ADMIN],
+    allowedRoles: [ROLES.SUPER_ADMIN, ROLES.CITY_ADMIN],
     requiredPage: '/users',
     autoRedirect: true
   });

src/components/users/AddRoleModal.tsx

@@ -32,7 +32,6 @@ export default function AddRoleModal({ isOpen, onClose, onAdd, currentRoles }: A
 
   const userAuthClaims = (session?.user?.authClaims || { roles: [], specificClaims: [] }) as UserAuthClaims;
   const isSuperAdmin = userAuthClaims.roles.includes(ROLES.SUPER_ADMIN);
-  const isVolunteerAdmin = userAuthClaims.roles.includes(ROLES.VOLUNTEER_ADMIN);
   const isCityAdmin = userAuthClaims.roles.includes(ROLES.CITY_ADMIN) || userAuthClaims.specificClaims.includes(ROLE_PREFIXES.CITY_ADMIN_FOR);
 
   useEffect(() => {
@@ -192,7 +191,7 @@ export default function AddRoleModal({ isOpen, onClose, onAdd, currentRoles }: A
               )}
 
               {/* Location Administrator */}
-              {(isSuperAdmin || isVolunteerAdmin || isCityAdmin) && (
+              {(isSuperAdmin || isCityAdmin) && (
                 <label className="flex items-center p-3 hover:bg-brand-i rounded-md cursor-pointer transition-colors">
                   <input
                     type="radio"
@@ -226,7 +225,7 @@ export default function AddRoleModal({ isOpen, onClose, onAdd, currentRoles }: A
               </label>
 
               {/* Volunteer Administrator */}
-              {(isSuperAdmin || isVolunteerAdmin) && (
+              {(isSuperAdmin) && (
                 <label className="flex items-center p-3 hover:bg-brand-i rounded-md cursor-pointer transition-colors">
                   <input
                     type="radio"
@@ -244,7 +243,7 @@ export default function AddRoleModal({ isOpen, onClose, onAdd, currentRoles }: A
               )}
 
               {/* SWEP Administrator */}
-              {(isSuperAdmin || isVolunteerAdmin || isCityAdmin) && (
+              {(isSuperAdmin || isCityAdmin) && (
                 <label className="flex items-center p-3 hover:bg-brand-i rounded-md cursor-pointer transition-colors">
                   <input
                     type="radio"

src/components/users/EditUserModal.tsx

@@ -37,7 +37,6 @@ export default function EditUserModal({
   const userAuthClaims = session?.user?.authClaims;
   const currentUserLocations = userAuthClaims ? getUserLocationSlugs(userAuthClaims) : null;
   const isSuperAdmin = userAuthClaims?.roles.includes(ROLES.SUPER_ADMIN) || false;
-  const isVolunteerAdmin = userAuthClaims?.roles.includes(ROLES.VOLUNTEER_ADMIN) || false;
 
   useEffect(() => {
     if (user && isOpen) {
@@ -85,8 +84,8 @@ export default function EditUserModal({
    * CityAdmin can only manage roles from their own locations
    */
   const canManageRole = (role: RoleDisplay): { canManage: boolean; reason?: string } => {
-    // SuperAdmin and VolunteerAdmin can manage all roles
-    if (isSuperAdmin || isVolunteerAdmin) {
+    // SuperAdmin can manage all roles
+    if (isSuperAdmin) {
       return { canManage: true };
     }
 

src/constants/roles.ts

@@ -103,48 +103,52 @@ export function isOrgSpecificRole(role: string): boolean {
   return role.startsWith(ROLE_PREFIXES.ADMIN_FOR);
 }
 
+// TODO: remove it if we don't need it
 /**
  * Extract the location/org slug from a specific role
  * @example extractRoleSlug('CityAdminFor:birmingham') => 'birmingham'
  */
-export function extractRoleSlug(role: string): string | null {
-  if (isLocationSpecificRole(role)) {
-    if (role.startsWith(ROLE_PREFIXES.CITY_ADMIN_FOR)) {
-      return role.substring(ROLE_PREFIXES.CITY_ADMIN_FOR.length);
-    }
-    if (role.startsWith(ROLE_PREFIXES.SWEP_ADMIN_FOR)) {
-      return role.substring(ROLE_PREFIXES.SWEP_ADMIN_FOR.length);
-    }
-  }
-  if (isOrgSpecificRole(role)) {
-    return role.substring(ROLE_PREFIXES.ADMIN_FOR.length);
-  }
-  return null;
-}
+// export function extractRoleSlug(role: string): string | null {
+//   if (isLocationSpecificRole(role)) {
+//     if (role.startsWith(ROLE_PREFIXES.CITY_ADMIN_FOR)) {
+//       return role.substring(ROLE_PREFIXES.CITY_ADMIN_FOR.length);
+//     }
+//     if (role.startsWith(ROLE_PREFIXES.SWEP_ADMIN_FOR)) {
+//       return role.substring(ROLE_PREFIXES.SWEP_ADMIN_FOR.length);
+//     }
+//   }
+//   if (isOrgSpecificRole(role)) {
+//     return role.substring(ROLE_PREFIXES.ADMIN_FOR.length);
+//   }
+//   return null;
+// }
 
+// TODO: remove it if we don't need it
 /**
  * Create a location-specific city admin role
  * @example createCityAdminRole('birmingham') => 'CityAdminFor:birmingham'
  */
-export function createCityAdminRole(locationSlug: string): string {
-  return `${ROLE_PREFIXES.CITY_ADMIN_FOR}${locationSlug}`;
-}
+// export function createCityAdminRole(locationSlug: string): string {
+//   return `${ROLE_PREFIXES.CITY_ADMIN_FOR}${locationSlug}`;
+// }
 
+// TODO: remove it if we don't need it
 /**
  * Create a location-specific SWEP admin role
  * @example createSwepAdminRole('birmingham') => 'SwepAdminFor:birmingham'
  */
-export function createSwepAdminRole(locationSlug: string): string {
-  return `${ROLE_PREFIXES.SWEP_ADMIN_FOR}${locationSlug}`;
-}
+// export function createSwepAdminRole(locationSlug: string): string {
+//   return `${ROLE_PREFIXES.SWEP_ADMIN_FOR}${locationSlug}`;
+// }
 
+// TODO: remove it if we don't need it
 /**
  * Create an org-specific admin role
  * @example createOrgAdminRole('org-slug') => 'AdminFor:org-slug'
  */
-export function createOrgAdminRole(orgSlug: string): string {
-  return `${ROLE_PREFIXES.ADMIN_FOR}${orgSlug}`;
-}
+// export function createOrgAdminRole(orgSlug: string): string {
+//   return `${ROLE_PREFIXES.ADMIN_FOR}${orgSlug}`;
+// }
 
 /**
  * Validate if a role string matches the expected format
@@ -165,26 +169,29 @@ export function isValidRole(role: string): boolean {
   return rolePatterns.some(pattern => pattern.test(role));
 }
 
+// TODO: remove it if we don't need it
 /**
  * Get all roles from a user's auth claims (base roles only)
  */
-export function getBaseRoles(authClaims: string[]): BaseRole[] {
-  return authClaims.filter(isBaseRole);
-}
+// export function getBaseRoles(authClaims: string[]): BaseRole[] {
+//   return authClaims.filter(isBaseRole);
+// }
 
+// TODO: remove it if we don't need it
 /**
  * Get all location-specific roles from auth claims
  */
 export function getLocationSpecificRoles(authClaims: string[]): string[] {
   return authClaims.filter(isLocationSpecificRole);
 }
 
+// TODO: remove it if we don't need it
 /**
  * Get all org-specific roles from auth claims
  */
-export function getOrgSpecificRoles(authClaims: string[]): string[] {
-  return authClaims.filter(isOrgSpecificRole);
-}
+// export function getOrgSpecificRoles(authClaims: string[]): string[] {
+//   return authClaims.filter(isOrgSpecificRole);
+// }
 
 /**
  * Check if user has a specific base role
@@ -200,71 +207,74 @@ export function isSuperAdmin(authClaims: string[]): boolean {
   return hasRole(authClaims, ROLES.SUPER_ADMIN);
 }
 
+// TODO: remove it if we don't need it
 /**
  * Check if user has access to a specific location
  */
-export function hasLocationAccess(authClaims: string[], locationSlug: string): boolean {
-  // SuperAdmin has access to all locations
-  if (isSuperAdmin(authClaims)) {
-    return true;
-  }
+// export function hasLocationAccess(authClaims: string[], locationSlug: string): boolean {
+//   // SuperAdmin has access to all locations
+//   if (isSuperAdmin(authClaims)) {
+//     return true;
+//   }
 
-  // Check for general CityAdmin role
-  if (hasRole(authClaims, ROLES.CITY_ADMIN)) {
-    return true;
-  }
+//   // Check for general CityAdmin role
+//   if (hasRole(authClaims, ROLES.CITY_ADMIN)) {
+//     return true;
+//   }
 
-  // Check for location-specific roles
-  const cityAdminRole = createCityAdminRole(locationSlug);
-  const swepAdminRole = createSwepAdminRole(locationSlug);
+//   // Check for location-specific roles
+//   const cityAdminRole = createCityAdminRole(locationSlug);
+//   const swepAdminRole = createSwepAdminRole(locationSlug);
 
-  return authClaims.includes(cityAdminRole) || authClaims.includes(swepAdminRole);
-}
+//   return authClaims.includes(cityAdminRole) || authClaims.includes(swepAdminRole);
+// }
 
+// TODO: remove it if we don't need it
 /**
  * Check if user has access to a specific organisation
  */
-export function hasOrgAccess(authClaims: string[], orgSlug: string): boolean {
-  // SuperAdmin has access to all organisations
-  if (isSuperAdmin(authClaims)) {
-    return true;
-  }
+// export function hasOrgAccess(authClaims: string[], orgSlug: string): boolean {
+//   // SuperAdmin has access to all organisations
+//   if (isSuperAdmin(authClaims)) {
+//     return true;
+//   }
 
-  // Check for general OrgAdmin role
-  if (hasRole(authClaims, ROLES.ORG_ADMIN)) {
-    return true;
-  }
+//   // Check for general OrgAdmin role
+//   if (hasRole(authClaims, ROLES.ORG_ADMIN)) {
+//     return true;
+//   }
 
-  // Check for org-specific role
-  const orgAdminRole = createOrgAdminRole(orgSlug);
-  return authClaims.includes(orgAdminRole);
-}
+//   // Check for org-specific role
+//   const orgAdminRole = createOrgAdminRole(orgSlug);
+//   return authClaims.includes(orgAdminRole);
+// }
 
+// TODO: remove it if we don't need it
 /**
  * Format role for display in UI
  */
-export function formatRoleForDisplay(role: string): string {
-  if (isBaseRole(role)) {
-    return ROLE_LABELS[role];
-  }
+// export function formatRoleForDisplay(role: string): string {
+//   if (isBaseRole(role)) {
+//     return ROLE_LABELS[role];
+//   }
 
-  const slug = extractRoleSlug(role);
-  if (!slug) {
-    return role;
-  }
+//   const slug = extractRoleSlug(role);
+//   if (!slug) {
+//     return role;
+//   }
 
-  if (role.startsWith(ROLE_PREFIXES.CITY_ADMIN_FOR)) {
-    return `City Admin for ${slug}`;
-  }
-  if (role.startsWith(ROLE_PREFIXES.SWEP_ADMIN_FOR)) {
-    return `SWEP Admin for ${slug}`;
-  }
-  if (role.startsWith(ROLE_PREFIXES.ADMIN_FOR)) {
-    return `Admin for ${slug}`;
-  }
+//   if (role.startsWith(ROLE_PREFIXES.CITY_ADMIN_FOR)) {
+//     return `City Admin for ${slug}`;
+//   }
+//   if (role.startsWith(ROLE_PREFIXES.SWEP_ADMIN_FOR)) {
+//     return `SWEP Admin for ${slug}`;
+//   }
+//   if (role.startsWith(ROLE_PREFIXES.ADMIN_FOR)) {
+//     return `Admin for ${slug}`;
+//   }
 
-  return role;
-}
+//   return role;
+// }
 
 /**
  * Get role options for dropdown/select components
@@ -287,13 +297,14 @@ export function getRoleOptions() {
  */
 export const ROLE_VALIDATION_PATTERN = /^(SuperAdmin|CityAdmin|CityAdminFor:.+|VolunteerAdmin|SwepAdmin|SwepAdminFor:.+|OrgAdmin|AdminFor:.+)$/;
 
+// TODO: remove it if we don't need it
 /**
  * Validate an array of roles
  */
-export function validateRoles(roles: string[]): { valid: boolean; invalidRoles: string[] } {
-  const invalidRoles = roles.filter(role => !isValidRole(role));
-  return {
-    valid: invalidRoles.length === 0,
-    invalidRoles,
-  };
-}
+// export function validateRoles(roles: string[]): { valid: boolean; invalidRoles: string[] } {
+//   const invalidRoles = roles.filter(role => !isValidRole(role));
+//   return {
+//     valid: invalidRoles.length === 0,
+//     invalidRoles,
+//   };
+// }

src/types/auth.ts

@@ -39,21 +39,22 @@ export const ROLE_PERMISSIONS: Record<UserRole, RolePermissions> = {
     ]
   },
   [ROLES.VOLUNTEER_ADMIN]: {
-    pages: ['/cities', '/organisations', '/advice', '/banners', '/swep-banners', '/users', '/resources'],
+    pages: ['/cities', '/organisations', '/advice', '/banners', '/swep-banners', '/resources'],
     apiEndpoints: [
-      { path: '/api/cities', methods: [HTTP_METHODS.GET, HTTP_METHODS.POST, HTTP_METHODS.PUT, HTTP_METHODS.PATCH] },
+      { path: '/api/cities', methods: [HTTP_METHODS.GET] },
       { path: '/api/service-providers', methods: [HTTP_METHODS.GET, HTTP_METHODS.POST, HTTP_METHODS.PUT, HTTP_METHODS.PATCH] },
       { path: '/api/services', methods: [HTTP_METHODS.GET, HTTP_METHODS.POST, HTTP_METHODS.PUT, HTTP_METHODS.PATCH] },
       { path: '/api/faqs', methods: [HTTP_METHODS.GET, HTTP_METHODS.POST, HTTP_METHODS.PUT, HTTP_METHODS.PATCH] },
       { path: '/api/banners', methods: [HTTP_METHODS.GET, HTTP_METHODS.POST, HTTP_METHODS.PUT, HTTP_METHODS.PATCH] },
       { path: '/api/swep-banners', methods: [HTTP_METHODS.GET, HTTP_METHODS.POST, HTTP_METHODS.PUT, HTTP_METHODS.PATCH] },
       { path: '/api/resources', methods: [HTTP_METHODS.GET, HTTP_METHODS.POST, HTTP_METHODS.PUT, HTTP_METHODS.PATCH] },
-      { path: '/api/users', methods: [HTTP_METHODS.GET, HTTP_METHODS.POST, HTTP_METHODS.PUT, HTTP_METHODS.PATCH] }
+      { path: '/api/users', methods: [HTTP_METHODS.POST] }
     ]
   },
   [ROLES.ORG_ADMIN]: {
     pages: ['/organisations'],
     apiEndpoints: [
+      { path: '/api/cities', methods: [HTTP_METHODS.GET] },
       { path: '/api/service-providers', methods: ['*'] },
       { path: '/api/services', methods: ['*'] },
       { path: '/api/users', methods: [HTTP_METHODS.POST] },