Auth and User Permissions

[jennifer-luo-dev]

Authentication and User Permission Updates

Vansh, Kai

Overview

This ticket implements updates to authentication behavior, user permissions, and user status management. The goal is to ensure proper access control for the Admin page, correct default permissions for newly invited users, consistent login redirection, and accurate tracking of user status throughout the invite and verification process.

Task

Update authentication logic and user management to:

• Restrict Admin page access based on user permissions
• Assign default permissions to newly invited users
• Redirect users to the correct page after login
• Track and update user status during the invite and verification process

Task Breakdown

Admin Page Access Control

• Ensure only users with permissions set to Admin can access the Admin page
• Reference and update logic in middleware.ts to enforce this restriction
• If a user without Admin permissions attempts to access the Admin page, redirect them to the Overview page
• Confirm the redirect occurs before the Admin page renders

Default Permissions for Invited Users

• When a new user is invited, automatically set the permissions attribute to User
• Ensure this value is written to the user_info table during the invite process
• Confirm the default permission persists correctly after user registration

Login Redirect Behavior

• After a user logs in from the login page, automatically redirect them to the Overview page
• Ensure this redirect works consistently across authentication flows
• Verify users cannot remain on the login page after successful authentication

User Status Management

• When an invite is sent, set the user’s status to Pending in the user_info table
• When the user completes the verification process, update the status to Active
• Ensure the status update occurs only after successful verification
• Confirm status changes persist correctly in the database

UI and Status Consistency

• Ensure user status displayed in the UI reflects the correct value from the database
• Reference the Figma designs for how user status should appear in the interface
• Confirm status updates are reflected immediately after verification

Acceptance Criteria

• Users without Admin permissions cannot access the Admin page
• Unauthorized access attempts redirect users to the Overview page
• Newly invited users are assigned permissions = User in the user_info table
• After login, users are automatically redirected to the Overview page
• Invited users have status = Pending until verification is completed
• After verification, the user’s status updates to Active
• UI correctly reflects the user’s status
• No authentication errors or access control regressions occur