Refactored user/volunteer/participant identity.

2026-03-10 14:08:00 -05:00 · 2026-03-10 14:08:00 -05:00 · 1eb6a99ff6
commit 1eb6a99ff6
parent e640bf8bed
28 changed files with 469 additions and 265 deletions
--- a/handle_volunteers.go
+++ b/handle_volunteers.go
@ -21,7 +21,7 @@ func (app *App) handleListVolunteers(w http.ResponseWriter, r *http.Request) {
 	}

 	claims := claimsFromContext(r)
-	if claims.Role == "colead" && deptID == nil && len(claims.DeptIDs) > 0 {
+	if hasAnyRole(claims.Roles, []string{"colead"}) && !hasAnyRole(claims.Roles, []string{"admin", "staffing"}) && deptID == nil && len(claims.DeptIDs) > 0 {
 		deptID = &claims.DeptIDs[0]
 	}

@ -55,7 +55,7 @@ func (app *App) handleCreateVolunteer(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	claims := claimsFromContext(r)
-	if claims.Role == "colead" {
+	if hasAnyRole(claims.Roles, []string{"colead"}) && !hasAnyRole(claims.Roles, []string{"admin", "staffing"}) {
 		if body.DepartmentID == nil || !inSlice(*body.DepartmentID, claims.DeptIDs) {
 			writeError(w, "forbidden: outside your department", http.StatusForbidden)
 			return
@ -127,7 +127,7 @@ func (app *App) handleUpdateVolunteer(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	claims := claimsFromContext(r)
-	if claims.Role == "colead" {
+	if hasAnyRole(claims.Roles, []string{"colead"}) && !hasAnyRole(claims.Roles, []string{"admin", "staffing"}) {
 		existing, _ := app.getVolunteer(id)
 		if existing == nil || existing.DepartmentID == nil || !inSlice(*existing.DepartmentID, claims.DeptIDs) {
 			writeError(w, "forbidden: outside your department", http.StatusForbidden)
@ -171,7 +171,7 @@ func (app *App) handleMarkVolunteerReady(w http.ResponseWriter, r *http.Request)
 		return
 	}
 	claims := claimsFromContext(r)
-	v, err := app.markVolunteerReady(id, claims.UserID)
+	v, err := app.markVolunteerReady(id, claims.ParticipantID)
 	if err != nil {
 		writeError(w, err.Error(), http.StatusInternalServerError)
 		return