fix(front): use cookies for activa account storage and fix backend not using actor

Author: mvallenet

app/(dashboard)/dashboard/community/[id]/layout.tsx

@@ -9,6 +9,7 @@ import { communityInfo, communityUserRoles } from "@/lib/queries/community";
 import { userInfoOptions } from "@/lib/queries/user";
 import { ScreenContainerCentered } from "@/components/layout/screen-container";
 import DashboardCommunityContextProvider from "@/components/providers/dashboard-community-context-provider";
+import { getActiveAccountServer } from "@/lib/active-account/server";
 
 interface DashboardCommunityManagementPageProps {
   params: Promise<{ id: string }>;
@@ -38,6 +39,9 @@ async function DashboardCommunityManagementPage({
     );
   }
 
+  const activeAccount = await getActiveAccountServer();
+  const entityId = activeAccount?.id ?? userProfileId;
+
   let communityData;
 
   try {
@@ -47,7 +51,7 @@ async function DashboardCommunityManagementPage({
   }
 
   const roles = await queryClient.fetchQuery(
-    communityUserRoles(communityId, userProfileId),
+    communityUserRoles(communityId, entityId),
   );
 
   const renderLayout = () => (

app/(dashboard)/dashboard/community/communities-table.tsx

@@ -10,13 +10,18 @@ import {
 } from "@/lib/queries/community";
 import useManualPagination from "@/hooks/use-manual-pagination";
 import { userInfoOptions } from "@/lib/queries/user";
+import { useActiveAccount } from "@/components/providers/active-account-provider";
 
 export default function CommunitiesTable() {
   const { getToken, userId: authId } = useAuth();
+  const { activeAccount } = useActiveAccount();
   const { data: userInfo } = useSuspenseQuery(
     userInfoOptions(getToken, authId),
   );
 
+  const entityId = activeAccount?.id ?? userInfo?.userId;
+  const teamId = activeAccount?.type === "team" ? activeAccount.id : undefined;
+
   const [tablePage, setTablePage] = useQueryState("page", {
     defaultValue: 1,
     parse: (value) => {
@@ -28,11 +33,12 @@ export default function CommunitiesTable() {
   const { data: communities, isFetching: isFetchingCommunities } =
     useSuspenseQuery(
       communitiesByUserRolesListSuspense(
-        userInfo?.userId,
+        entityId,
         tablePage - 1,
         DEFAULT_COMMUNITIES_LIMIT,
         ["administrator"],
         getToken,
+        teamId,
       ),
     );
 

app/(dashboard)/dashboard/event/[id]/(default)/layout.tsx

@@ -16,6 +16,7 @@ import DashboardEventInfo from "@/components/features/dashboard/event/dashboard-
 import DashboardEventEditionContextProvider from "@/components/providers/dashboard-event-edition-context-provider";
 import DashboardEventContextProvider from "@/components/providers/dashboard-event-context-provider";
 import { withEventRoleRestrictions } from "@/lib/permissions/with-roles-required";
+import { getActiveAccountServer } from "@/lib/active-account/server";
 
 interface DashboardEventInfoLayoutProps {
   params: Promise<{ id: string }>;
@@ -45,6 +46,10 @@ async function DashboardEventInfoLayoutProps({
     );
   }
 
+  const activeAccount = await getActiveAccountServer();
+  const entityId = activeAccount?.id ?? userProfileId;
+  const teamId = activeAccount?.type === "team" ? activeAccount.id : undefined;
+
   let eventInfo;
 
   try {
@@ -56,9 +61,7 @@ async function DashboardEventInfoLayoutProps({
     notFound();
   }
 
-  const roles = await queryClient.fetchQuery(
-    eventUserRoles(eventId, userProfileId),
-  );
+  const roles = await queryClient.fetchQuery(eventUserRoles(eventId, entityId));
 
   queryClient.prefetchInfiniteQuery(
     communitiesListByEvent(eventId, DEFAULT_COMMUNITIES_LIMIT),
@@ -85,7 +88,7 @@ async function DashboardEventInfoLayoutProps({
     );
   }
 
-  queryClient.prefetchQuery(eventGatekeepersEmails(eventId, getToken));
+  queryClient.prefetchQuery(eventGatekeepersEmails(eventId, getToken, teamId));
 
   return (
     <HydrationBoundary state={dehydrate(queryClient)}>

app/(general)/tickets/tickets-events-list.tsx

@@ -16,6 +16,7 @@ import Text from "@/components/widgets/texts/text";
 import EventCardListLayout from "@/components/features/event/event-card-list-layout";
 import { LoaderMoreButton } from "@/components/widgets/buttons/load-more-button";
 import { SafeEventInfo } from "@/types/schemas";
+import { useActiveAccount } from "@/components/providers/active-account-provider";
 
 export function TicketsEventsList({
   now,
@@ -27,6 +28,11 @@ export function TicketsEventsList({
   userId: string;
 }) {
   const { getToken } = useAuth();
+  const { activeAccount } = useActiveAccount();
+
+  const entityId = activeAccount?.id ?? userId;
+  const teamId = activeAccount?.type === "team" ? activeAccount.id : undefined;
+
   const {
     data: eventsPages,
     isFetchingNextPage,
@@ -36,20 +42,22 @@ export function TicketsEventsList({
   } = useSuspenseInfiniteQuery(
     from === "upcoming"
       ? eventsByParticipantList(
-          userId,
+          entityId,
           DiscoverableFilter.UNSPECIFIED,
           now,
           Number.MAX_SAFE_INTEGER,
           DEFAULT_EVENTS_LIMIT,
           getToken,
+          teamId,
         )
       : eventsByParticipantList(
-          userId,
+          entityId,
           DiscoverableFilter.UNSPECIFIED,
           now - 1,
           0,
           DEFAULT_EVENTS_LIMIT,
           getToken,
+          teamId,
         ),
   );
 

backend/list_events_by_user_roles.go

@@ -22,18 +22,14 @@ func (s *ZenaoServer) ListEventsByUserRoles(ctx context.Context, req *connect.Re
 		}
 	}
 
-	// Viewing undiscoverable events is restricted to the user themselves
+	// Viewing undiscoverable events is restricted to the user themselves (or their team)
 	if req.Msg.DiscoverableFilter != zenaov1.DiscoverableFilter_DISCOVERABLE_FILTER_DISCOVERABLE {
-		user := s.Auth.GetUser(ctx)
-		if user == nil {
-			return nil, errors.New("unauthorized: authentication required to view undiscoverable events")
-		}
-		zUser, err := s.EnsureUserExists(ctx, user)
+		actor, err := s.GetActor(ctx, req.Header())
 		if err != nil {
-			return nil, err
+			return nil, errors.New("unauthorized: authentication required to view undiscoverable events")
 		}
-		if zUser.ID != req.Msg.UserId {
-			return nil, errors.New("unauthorized: user_id must match authenticated user")
+		if actor.ID() != req.Msg.UserId {
+			return nil, errors.New("unauthorized: user_id must match authenticated user or team")
 		}
 	}
 

components/features/dashboard/home/events-table/index.tsx

@@ -11,6 +11,7 @@ import {
 } from "@/lib/queries/events-list";
 import { DiscoverableFilter } from "@/app/gen/zenao/v1/zenao_pb";
 import useManualPagination from "@/hooks/use-manual-pagination";
+import { useActiveAccount } from "@/components/providers/active-account-provider";
 
 interface EventsTableProps {
   now: number;
@@ -19,10 +20,14 @@ interface EventsTableProps {
 
 export default function EventsTable({ now, tab }: EventsTableProps) {
   const { getToken, userId } = useAuth();
+  const { activeAccount } = useActiveAccount();
   const { data: userInfo } = useSuspenseQuery(
     userInfoOptions(getToken, userId),
   );
 
+  const entityId = activeAccount?.id ?? userInfo?.userId;
+  const teamId = activeAccount?.type === "team" ? activeAccount.id : undefined;
+
   const [tablePage, setTablePage] = useQueryState("page", {
     defaultValue: 1,
     parse: (value) => {
@@ -34,28 +39,30 @@ export default function EventsTable({ now, tab }: EventsTableProps) {
   const { data: pastEvents, isFetching: isFetchingPastEvents } =
     useSuspenseQuery(
       eventsByRolesListSuspense(
-        userInfo?.userId,
+        entityId,
         DiscoverableFilter.UNSPECIFIED,
         now - 1,
         0,
         DEFAULT_EVENTS_LIMIT,
         tablePage - 1,
         ["organizer", "gatekeeper"],
         getToken,
+        teamId,
       ),
     );
 
   const { data: upcomingEvents, isFetching: isFetchingUpcomingEvents } =
     useSuspenseQuery(
       eventsByRolesListSuspense(
-        userInfo?.userId,
+        entityId,
         DiscoverableFilter.UNSPECIFIED,
         now,
         Number.MAX_SAFE_INTEGER,
         DEFAULT_EVENTS_LIMIT,
         tablePage - 1,
         ["organizer", "gatekeeper"],
         getToken,
+        teamId,
       ),
     );
 

components/providers/active-account-provider.tsx

@@ -1,34 +1,20 @@
 "use client";
 
 import { createContext, useContext, useState, useEffect } from "react";
-import { z } from "zod";
 import { getQueryClient } from "@/lib/get-query-client";
-
-const activeAccountSchema = z.object({
-  type: z.enum(["personal", "team"]),
-  id: z.string(),
-});
-
-type ActiveAccount = z.infer<typeof activeAccountSchema>;
+import {
+  type ActiveAccount,
+  getActiveAccountCookie,
+  setActiveAccountCookie,
+  clearActiveAccountCookie,
+} from "@/lib/active-account/cookie";
 
 type ActiveAccountContextProps = {
   activeAccount: ActiveAccount | null;
   switchAccount: (account: ActiveAccount) => void;
   isTeamContext: boolean;
 };
 
-const STORAGE_KEY = "zenao-active-account";
-
-function parseStoredAccount(stored: string): ActiveAccount | null {
-  try {
-    const parsed: unknown = JSON.parse(stored); // eslint-disable-line no-restricted-syntax
-    const result = activeAccountSchema.safeParse(parsed);
-    return result.success ? result.data : null;
-  } catch {
-    return null;
-  }
-}
-
 const defaultValue: ActiveAccountContextProps = {
   activeAccount: null,
   switchAccount: () => {},
@@ -46,20 +32,17 @@ function ActiveAccountProvider({ children }: { children: React.ReactNode }) {
   );
 
   useEffect(() => {
-    const stored = localStorage.getItem(STORAGE_KEY);
-    if (stored) {
-      const account = parseStoredAccount(stored);
-      if (account) {
-        setActiveAccount(account);
-      } else {
-        localStorage.removeItem(STORAGE_KEY);
-      }
+    const account = getActiveAccountCookie();
+    if (account) {
+      setActiveAccount(account);
+    } else {
+      clearActiveAccountCookie();
     }
   }, []);
 
   const switchAccount = (account: ActiveAccount) => {
     setActiveAccount(account);
-    localStorage.setItem(STORAGE_KEY, JSON.stringify(account));
+    setActiveAccountCookie(account);
     getQueryClient().invalidateQueries();
   };
 

hooks/use-account-switcher.ts

@@ -3,21 +3,43 @@
 import { useState, useEffect } from "react";
 import { useAuth } from "@clerk/nextjs";
 import { useQuery } from "@tanstack/react-query";
+import { useRouter, usePathname } from "next/navigation";
 import { useActiveAccount } from "@/components/providers/active-account-provider";
 import { userTeamsOptions } from "@/lib/queries/team";
 
+const RESTRICTED_DASHBOARD_PATTERNS = [
+  /^\/dashboard\/event\/[^/]+/,
+  /^\/dashboard\/community\/[^/]+/,
+];
+
+function isRestrictedPage(pathname: string): boolean {
+  return RESTRICTED_DASHBOARD_PATTERNS.some((pattern) =>
+    pattern.test(pathname),
+  );
+}
+
 export function useAccountSwitcher(userId: string) {
   const { getToken } = useAuth();
   const { activeAccount, switchAccount } = useActiveAccount();
   const [isCreateTeamOpen, setIsCreateTeamOpen] = useState(false);
+  const router = useRouter();
+  const pathname = usePathname();
 
   const { data: teams = [], isFetched } = useQuery(
     userTeamsOptions(getToken, userId),
   );
   const isPersonalActive = !activeAccount || activeAccount.type === "personal";
 
   useEffect(() => {
-    if (!isFetched || activeAccount?.type !== "team") return;
+    if (!userId) return;
+
+    if (!activeAccount) {
+      switchAccount({ type: "personal", id: userId });
+      return;
+    }
+
+    if (!isFetched || activeAccount.type !== "team") return;
+
     const teamExists = teams.some((t) => t.teamId === activeAccount.id);
     if (!teamExists) {
       switchAccount({ type: "personal", id: userId });
@@ -29,13 +51,19 @@ export function useAccountSwitcher(userId: string) {
       type: "personal",
       id: userId,
     });
+    if (isRestrictedPage(pathname)) {
+      router.push("/dashboard");
+    }
   };
 
   const handleSwitchToTeam = (teamId: string) => {
     switchAccount({
       type: "team",
       id: teamId,
     });
+    if (isRestrictedPage(pathname)) {
+      router.push("/dashboard");
+    }
   };
 
   return {

lib/active-account/cookie.ts

@@ -0,0 +1,41 @@
+import { z } from "zod";
+
+export const ACTIVE_ACCOUNT_COOKIE_KEY = "zenao-active-account";
+
+export const activeAccountSchema = z.object({
+  type: z.enum(["personal", "team"]),
+  id: z.string(),
+});
+
+export type ActiveAccount = z.infer<typeof activeAccountSchema>;
+
+export function setActiveAccountCookie(account: ActiveAccount): void {
+  const value = JSON.stringify(account);
+  document.cookie = `${ACTIVE_ACCOUNT_COOKIE_KEY}=${encodeURIComponent(value)}; path=/; max-age=${60 * 60 * 24 * 365}; SameSite=Lax`;
+}
+
+export function getActiveAccountCookie(): ActiveAccount | null {
+  if (typeof document === "undefined") {
+    return null;
+  }
+
+  const cookies = document.cookie.split(";");
+  for (const cookie of cookies) {
+    const [name, ...valueParts] = cookie.trim().split("=");
+    if (name === ACTIVE_ACCOUNT_COOKIE_KEY) {
+      try {
+        const value = decodeURIComponent(valueParts.join("="));
+        const parsed: unknown = JSON.parse(value); // eslint-disable-line no-restricted-syntax
+        const result = activeAccountSchema.safeParse(parsed);
+        return result.success ? result.data : null;
+      } catch {
+        return null;
+      }
+    }
+  }
+  return null;
+}
+
+export function clearActiveAccountCookie(): void {
+  document.cookie = `${ACTIVE_ACCOUNT_COOKIE_KEY}=; path=/; max-age=0`;
+}