Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth0 Integration and Role-Based Access Control for Event Data Management #160

Open
wants to merge 17 commits into
base: dev
Choose a base branch
from
Open

Auth0 Integration and Role-Based Access Control for Event Data Management #160

wants to merge 17 commits into from

Conversation

Chayan8837
Copy link
Contributor

Auth0 Integration and Role-Based Access Control for Event Data Management

Description

This PR implements the integration of Auth0 authentication and role-based access control (RBAC) to manage event data. Admin users can now modify event data, while regular users are restricted from accessing or editing event data.

Fixes #133

Type of change

Implementation Details

1. User Model Modification:

  • Added a role field to the user model in the database, where the role can be changed by an admin (via the backend/database).

2. Event Data API:

  • Created an API endpoint to manage event data.
  • Added middleware to ensure only users with the admin role can access and modify event data.

3. Role Verification Middleware:

  • Implemented backend verification using middleware to restrict unauthorized access to API endpoints.
  • Middleware checks the user’s role and blocks access to event data modification if the user is not an admin.

4. Event Page UI:

  • On the frontend, the "Edit Event Data" button is now conditionally displayed based on the user’s role.
  • A client-side middleware checks the user’s role to ensure the "Edit Event Data" button is only visible to admin users.

5. Token Update Middleware:

  • Added middleware to update the user's role in the JWT token if their role changes in the database, allowing the user to access the new role's permissions without needing to log in again (optional but recommended for user experience).

6. Error Handling:

  • Proper error handling for unauthorized access attempts to ensure users receive meaningful messages when trying to access restricted functionalities.

  • user view
    Screenshot from 2025-02-27 21-59-59

  • admin view
    Screenshot from 2025-02-27 22-00-17

  • client Middleware

Screenshot from 2025-02-27 22-01-05

-- user permisions

Screenshot from 2025-02-27 22-05-16

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Test Configuration:

  • Firmware version:
  • Hardware:
  • Toolchain:
  • SDK:

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@Chayan8837
Copy link
Contributor Author

Chayan8837 commented Feb 27, 2025
edited
Loading

@MAVRICK-1 @devsayanR please check the pr

@Chayan8837 Chayan8837 force-pushed the auth0-rbac-event-management branch from 9b14c2a to 09b0f6b Compare February 27, 2025 16:57
@MAVRICK-1
Copy link
Member

@Chayan8837 great work, @devsayanR could you please review it once

devsayanR
devsayanR reviewed Feb 28, 2025
View reviewed changes
src/app/(site)/createEvent/page.tsx Outdated
@@ -64,7 +67,7 @@ const CreateEventPage: React.FC = () => {
if (eventData.imageFile) {
const formData = new FormData();
formData.append("image", eventData.imageFile); // Append image file
formData.append("key", "f43b433f78cbc31cb8db83f31f76ee8c"); // Your ImgBB API key
formData.append("key", "6658a35ca5550b19a3b5bbd33fec2ed7"); // Your ImgBB API key
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey you haven't put the api key into the .env file??

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No , base branch , using the apy key directly ,so I just add mine ,but I will chnge it before merge ,
And the firabase config too ..

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok , add this api key in env fie

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any other chnges ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devsayanR devsayanR devsayanR left review comments

Assignees
No one assigned
Labels
None yet
Projects
new website
Status: In progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[C4GT Community]: Auth0 Integration and allow Event data edit button to admin users only
3 participants
@Chayan8837 @MAVRICK-1 @devsayanR