guest report visible to guest

Author: kanekoshoyu

src/components/interactive/ReportCard.tsx

@@ -164,13 +164,21 @@ export default function ReportCard() {
         const reportData = json.data ?? null;
 
         // Check access control: only allow the creator of the submission to view the report
-        if (reportData && currentUser) {
+        // Exception: reports generated by guests (EXTERNAL.guest_user_id) are publicly viewable
+        if (reportData) {
           const submissionUserId = reportData.submission?.user_created?.id;
-          if (submissionUserId && submissionUserId !== currentUser.id) {
-            throw new Error("Access denied. You can only view reports for your own submissions.");
+          const isGuestReport = submissionUserId === EXTERNAL.guest_user_id;
+          
+          if (!isGuestReport) {
+            // For non-guest reports, enforce strict access control
+            if (!currentUser) {
+              throw new Error("Please log in to view this report.");
+            }
+            if (submissionUserId && submissionUserId !== currentUser.id) {
+              throw new Error("Access denied. You can only view reports for your own submissions.");
+            }
           }
-        } else if (reportData && !currentUser) {
-          throw new Error("Please log in to view this report.");
+          // Guest reports are accessible to everyone, no additional checks needed
         }
 
         setReport(reportData);
@@ -292,17 +300,10 @@ export default function ReportCard() {
   return (
     <>
       <Card className="w-full">
-        <CardHeader className="relative">
+        <CardHeader>
           <CardTitle className="text-center">
             Role Fit Index Report
           </CardTitle>
-          <Button 
-            onClick={handlePrint} 
-            className="absolute top-1/2 right-6 -translate-y-1/2 flex items-center gap-2"
-          >
-            <Download className="h-4 w-4" />
-            Download PDF
-          </Button>
         </CardHeader>
       <CardContent className="space-y-8">
         {/* Header */}
@@ -509,6 +510,17 @@ export default function ReportCard() {
             </LoginMask>
           </div>
         </div>
+
+        {/* Download Button */}
+        <div className="flex justify-center pt-4">
+          <Button 
+            onClick={handlePrint} 
+            className="flex items-center gap-2"
+          >
+            <Download className="h-4 w-4" />
+            Download PDF
+          </Button>
+        </div>
       </CardContent>
       </Card>
 

src/constant.ts

@@ -2,6 +2,7 @@ export const EXTERNAL = {
     onboarding_form_url: "https://form.typeform.com/to/FOz4fXGm",
     directus_url: "https://directus.bounteer.com",
     directus_key: "dZtMfEuzhzUS0YATh0pOZfBAdOYlhowE", // guest account
+    guest_user_id: "f25f8ce7-e4c9-40b8-ab65-40cde3409f27", // guest user id
     auth_idp_key: "logto",
     auth_idp_logput_url: "https://logto-app.bounteer.com/oidc/session/end?post_logout_redirect_uri=https://bounteer.com"
 }