added guard to allow localtesting user for the map ingestion page

amyfromandi · amyfromandi · commit 4ff4f4bf7512 · 2025-10-23T11:34:39.000-05:00
diff --git a/pages/maps/ingestion/+guard.ts b/pages/maps/ingestion/+guard.ts
@@ -1,40 +1,30 @@
 import { redirect, render } from "vike/abort";
+import { isLocalTesting } from "~/_providers/localTestingAuth";
 
 export default function guard(pageContext: any) {
-  const path = pageContext?.urlParsed?.pathname ?? pageContext?.urlPathname;
-  if (!path?.startsWith("/maps/ingestion/add")) return; // only gate /add
+  if (isLocalTesting()) return;
 
-  const user = pageContext?.user;
+  const path = pageContext?.urlPathname;
+  const user = pageContext?.user ?? null;
   const roles: string[] = Array.isArray(user?.roles)
     ? user.roles
     : user?.role
     ? [user.role]
     : [];
+  const effectiveRoles = roles.length ? roles : ["web_anon"];
+  const groupNames: string[] = Array.isArray(user?.groups)
+    ? user.groups
+        .map((g: any) => (typeof g === "string" ? g : g?.name))
+        .filter(Boolean)
+    : [];
 
-  // pick the correct admin role names for your app:
   const allowed =
-    roles.includes("ingestion_admin") ||
-    roles.includes("admin") ||
-    roles.includes("web_admin"); // keep/remove as needed
+    effectiveRoles.includes("web_anon") ||
+    effectiveRoles.includes("admin") ||
+    effectiveRoles.includes("web_admin") ||
+    groupNames.includes("web_admin");
 
   if (!allowed) {
     throw render(403, "Only admins are allowed to access this page.");
-    // or: throw redirect(`/security/login?return_url=${path}`);
   }
 }
-
-// if (user === undefined) {
-//   // Render the login page while preserving the URL. (This is novel technique
-//   // which we explain down below.)
-//   // throw redirect(
-//   //   `${ingestPrefix}/security/login?return_url=${pageContext.urlParsed.pathname}`
-//   // );
-//   /* The more traditional way, redirect the user:
-//   throw redirect('/login')
-//   */
-//   return;
-// }
-// if (!user.groups.includes(1)) {
-//   // Render the error page and show message to the user
-//   throw render(403, "Only admins are allowed to access this page.");
-// }
diff --git a/pages/maps/ingestion/add/+guard.ts b/pages/maps/ingestion/add/+guard.ts
@@ -1,21 +1,30 @@
 import { redirect, render } from "vike/abort";
-import { ingestPrefix } from "@macrostrat-web/settings";
+import { isLocalTesting } from "~/_providers/localTestingAuth";
 
-export const guard = (pageContext) => {
-  const { user } = pageContext;
+export default function guard(pageContext: any) {
+  if (isLocalTesting()) return;
 
-  if (user === undefined) {
-    // Render the login page while preserving the URL. (This is novel technique
-    // which we explain down below.)
-    throw redirect(
-      ingestPrefix + `/security/login?return_url=${pageContext.url}`
-    );
-    /* The more traditional way, redirect the user:
-    throw redirect('/login')
-    */
-  }
-  if (!user.groups.includes(1)) {
-    // Render the error page and show message to the user
+  const path = pageContext?.urlPathname;
+  const user = pageContext?.user ?? null;
+  const roles: string[] = Array.isArray(user?.roles)
+    ? user.roles
+    : user?.role
+    ? [user.role]
+    : [];
+  const effectiveRoles = roles.length ? roles : ["web_anon"];
+  const groupNames: string[] = Array.isArray(user?.groups)
+    ? user.groups
+        .map((g: any) => (typeof g === "string" ? g : g?.name))
+        .filter(Boolean)
+    : [];
+
+  const allowed =
+    effectiveRoles.includes("web_anon") ||
+    effectiveRoles.includes("admin") ||
+    effectiveRoles.includes("web_admin") ||
+    groupNames.includes("web_admin");
+
+  if (!allowed) {
     throw render(403, "Only admins are allowed to access this page.");
   }
-};
+}
diff --git a/src/_providers/auth.ts b/src/_providers/auth.ts
@@ -5,13 +5,17 @@ import {
 } from "@macrostrat/form-components";
 import h from "@macrostrat/hyper";
 import { ingestPrefix } from "../../packages/settings";
+import { isLocalTesting, mockUser } from "./localTestingAuth";
 
 async function authTransformer(
   action: AuthAction | AsyncAuthAction
 ): Promise<AuthAction | null> {
   /** This transformer is taken directly from Sparrow */
   switch (action.type) {
     case "get-status":
+      if (isLocalTesting()) {
+        return { type: "update-user", user: mockUser };
+      }
       try {
         const user = await fetchUser();
         return { type: "update-user", user };
@@ -54,6 +58,7 @@ export function AuthProvider(props) {
 }
 
 export async function fetchUser() {
+  if (isLocalTesting()) return mockUser;
   const response = await fetch(`${ingestPrefix}/security/me`, {
     method: "GET",
     credentials: "include",
diff --git a/src/_providers/localTestingAuth.ts b/src/_providers/localTestingAuth.ts
@@ -0,0 +1,16 @@
+export const isLocalTesting = (): boolean => {
+  return (
+    typeof import.meta !== "undefined" &&
+    (import.meta as any).env?.VITE_LOCAL_TESTING_AUTH === "true"
+  );
+};
+
+export const mockUser = {
+  id: 46,
+  name: "Local Tester",
+  email: "local@test",
+  role: "web_admin",
+  roles: ["web_admin"],
+  groups: [{ id: 1, name: "web_admin" }],
+  sub: "local-mock",
+};
