fix api security issues and update pages issue
This commit is contained in:
@@ -1,8 +1,9 @@
|
||||
import { useState } from 'react'
|
||||
import { useLocation, useNavigate } from 'react-router-dom'
|
||||
import { fetchDashboardRoute } from '../api/session'
|
||||
import { fetchDashboardRoute, postRoleSwitch } from '../api/session'
|
||||
import { useAuth } from '../auth/AuthProvider'
|
||||
import { spaPathFromCiUrl } from '../lib/ciSpaPaths'
|
||||
import { isParentPortalRole, isTeacherPortalRole } from '../lib/portalRoles'
|
||||
|
||||
/** Shared navigation after JWT login when the account has multiple roles (CI `welcome_back` / `select_role`). */
|
||||
export function useContinueWithRole() {
|
||||
@@ -19,19 +20,30 @@ export function useContinueWithRole() {
|
||||
setBusyRole(nextRole)
|
||||
setError(null)
|
||||
try {
|
||||
setSelectedRole(nextRole)
|
||||
const roleLower = nextRole.toLowerCase()
|
||||
const fromApp = from.startsWith('/app') ? from : ''
|
||||
const hasDeepLink = Boolean(fromApp && fromApp !== '/app/home')
|
||||
|
||||
let target: string
|
||||
let target: string | null = null
|
||||
try {
|
||||
const switched = await postRoleSwitch(nextRole)
|
||||
const route = switched.data?.dashboard_route
|
||||
const mapped = route ? spaPathFromCiUrl(route) : null
|
||||
if (mapped) {
|
||||
target = mapped
|
||||
}
|
||||
} catch {
|
||||
/* fall back to client-side role defaults */
|
||||
}
|
||||
|
||||
setSelectedRole(nextRole)
|
||||
|
||||
if (hasDeepLink) {
|
||||
target = fromApp
|
||||
} else if (roleLower === 'parent') {
|
||||
} else if (isParentPortalRole(nextRole)) {
|
||||
target = '/app/parent/home'
|
||||
} else if (roleLower === 'teacher' || roleLower === 'teacher_assistant') {
|
||||
} else if (isTeacherPortalRole(nextRole)) {
|
||||
target = '/app/teacher_dashboard'
|
||||
} else {
|
||||
} else if (!target) {
|
||||
target = '/app/home'
|
||||
try {
|
||||
const dash = await fetchDashboardRoute()
|
||||
@@ -43,7 +55,7 @@ export function useContinueWithRole() {
|
||||
}
|
||||
}
|
||||
|
||||
navigate(target, { replace: true })
|
||||
navigate(target ?? '/app/home', { replace: true })
|
||||
} catch (e) {
|
||||
setError(e instanceof Error ? e.message : 'Unable to continue.')
|
||||
} finally {
|
||||
|
||||
Reference in New Issue
Block a user