Skip to content

[SL-259] Admin panel auth and role-based access control#290

Merged
MahadAhmed25 merged 4 commits intomainfrom
feature/SL-259
Feb 12, 2026
Merged

[SL-259] Admin panel auth and role-based access control#290
MahadAhmed25 merged 4 commits intomainfrom
feature/SL-259

Conversation

@MahadAhmed25
Copy link
Member

@MahadAhmed25 MahadAhmed25 commented Feb 12, 2026

Backend:

  • Add Roles decorator and RolesGuard for role-based access control
  • Gate users, stats, and events endpoints by role (Admin/Member)
  • Require password confirmation when changing a user's admin role
  • Add verifyUserPassword and replaceRoles to UsersService
  • Fix getUserTickets: allow self-access or Admin (keeps mobile app working)
  • Update seed data: remove Guest role, use @mcmaster.ca emails, add passwordHash
  • Extend CORS with methods used by admin panel

Frontend web-admin:

  • Add login page, auth middleware, and token handling
  • Add JWT to API requests and logout in DashboardShell
  • Gate advanced settings to admins; show confirm + password for role changes
  • Replace raw JSON with friendly "Password is incorrect" message on error
  • Add getMe, updateUserRoles, login to API client

@MahadAhmed25
add admin auth, RBAC, and role-change password confirmation
9a96c41 
Backend:
- Add Roles decorator and RolesGuard for role-based access control
- Gate users, stats, and events endpoints by role (Admin/Member)
- Require password confirmation when changing a user's admin role
- Add verifyUserPassword and replaceRoles to UsersService
- Fix getUserTickets: allow self-access or Admin (keeps mobile app working)
- Update seed data: remove Guest role, use @mcmaster.ca emails, add passwordHash
- Extend CORS with methods used by admin panel

Frontend web-admin:
- Add login page, auth middleware, and token handling
- Add JWT to API requests and logout in DashboardShell
- Gate advanced settings to admins; show confirm + password for role changes
- Replace raw JSON with friendly "Password is incorrect" message on error
- Add getMe, updateUserRoles, login to API client
@MahadAhmed25
Merge branch 'main' of github.com:4G06-Streamliners/MacSync into feat…
e095aae 
…ure/SL-259
@MahadAhmed25
Implement global exception handling and enhance role management
0605c59
@MahadAhmed25
Fix linting issues in backend
6cae495
@MahadAhmed25 MahadAhmed25 merged commit a0975cc into main Feb 12, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MahadAhmed25