kyle/vip-coordinator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Major Enhancement: NestJS Migration + CASL Authorization + Error Handling
Some checks failed
CI/CD Pipeline / Backend Tests (push) Has been cancelled
Details
CI/CD Pipeline / Frontend Tests (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (push) Has been cancelled
Details
CI/CD Pipeline / Security Scan (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details

Browse Source 
Complete rewrite from Express to NestJS with enterprise-grade features:

## Backend Improvements
- Migrated from Express to NestJS 11.0.1 with TypeScript
- Implemented Prisma ORM 7.3.0 for type-safe database access
- Added CASL authorization system replacing role-based guards
- Created global exception filters with structured logging
- Implemented Auth0 JWT authentication with Passport.js
- Added vehicle management with conflict detection
- Enhanced event scheduling with driver/vehicle assignment
- Comprehensive error handling and logging

## Frontend Improvements
- Upgraded to React 19.2.0 with Vite 7.2.4
- Implemented CASL-based permission system
- Added AbilityContext for declarative permissions
- Created ErrorHandler utility for consistent error messages
- Enhanced API client with request/response logging
- Added War Room (Command Center) dashboard
- Created VIP Schedule view with complete itineraries
- Implemented Vehicle Management UI
- Added mock data generators for testing (288 events across 20 VIPs)

## New Features
- Vehicle fleet management (types, capacity, status tracking)
- Complete 3-day Jamboree schedule generation
- Individual VIP schedule pages with PDF export (planned)
- Real-time War Room dashboard with auto-refresh
- Permission-based navigation filtering
- First user auto-approval as administrator

## Documentation
- Created CASL_AUTHORIZATION.md (comprehensive guide)
- Created ERROR_HANDLING.md (error handling patterns)
- Updated CLAUDE.md with new architecture
- Added migration guides and best practices

## Technical Debt Resolved
- Removed custom authentication in favor of Auth0
- Replaced role checks with CASL abilities
- Standardized error responses across API
- Implemented proper TypeScript typing
- Added comprehensive logging

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
kyle
2026-01-31 08:50:25 +01:00
parent 8ace1ab2c1
commit 868f7efc23
351 changed files with 44997 additions and 6276 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
backend/src/auth/abilities/ability.factory.ts Normal file
View File

@@ -0,0 +1,90 @@
import { AbilityBuilder, PureAbility, AbilityClass, ExtractSubjectType, InferSubjects } from '@casl/ability';
import { Injectable } from '@nestjs/common';
import { Role, User, VIP, Driver, ScheduleEvent, Flight, Vehicle } from '@prisma/client';
/**
* Define all possible actions in the system
*/
export enum Action {
Manage = 'manage', // Special: allows everything
Create = 'create',
Read = 'read',
Update = 'update',
Delete = 'delete',
Approve = 'approve', // Special: for user approval
UpdateStatus = 'update-status', // Special: for drivers to update event status
}
/**
* Define all subjects (resources) in the system
*/
export type Subjects =
| InferSubjects<typeof User | typeof VIP | typeof Driver | typeof ScheduleEvent | typeof Flight | typeof Vehicle>
| 'User'
| 'VIP'
| 'Driver'
| 'ScheduleEvent'
| 'Flight'
| 'Vehicle'
| 'all';
/**
* Define the AppAbility type
*/
export type AppAbility = PureAbility<[Action, Subjects]>;
@Injectable()
export class AbilityFactory {
/**
* Define abilities for a user based on their role
*/
defineAbilitiesFor(user: User): AppAbility {
const { can, cannot, build } = new AbilityBuilder<AppAbility>(
PureAbility as AbilityClass<AppAbility>,
);
// Define permissions based on role
if (user.role === Role.ADMINISTRATOR) {
// Administrators can do everything
can(Action.Manage, 'all');
} else if (user.role === Role.COORDINATOR) {
// Coordinators have full access except user management
can(Action.Read, 'all');
can(Action.Create, ['VIP', 'Driver', 'ScheduleEvent', 'Flight', 'Vehicle']);
can(Action.Update, ['VIP', 'Driver', 'ScheduleEvent', 'Flight', 'Vehicle']);
can(Action.Delete, ['VIP', 'Driver', 'ScheduleEvent', 'Flight', 'Vehicle']);
// Cannot manage users
cannot(Action.Create, 'User');
cannot(Action.Update, 'User');
cannot(Action.Delete, 'User');
cannot(Action.Approve, 'User');
} else if (user.role === Role.DRIVER) {
// Drivers can only read most resources
can(Action.Read, ['VIP', 'Driver', 'ScheduleEvent', 'Vehicle']);
// Drivers can update status of their own events
can(Action.UpdateStatus, 'ScheduleEvent', { driverId: user.driver?.id });
// Cannot access flights
cannot(Action.Read, 'Flight');
// Cannot access users
cannot(Action.Read, 'User');
}
return build({
// Detect subject type from object
detectSubjectType: (item) =>
item.constructor as ExtractSubjectType<Subjects>,
});
}
/**
* Check if user can perform action on subject
*/
canUserPerform(user: User, action: Action, subject: Subjects): boolean {
const ability = this.defineAbilitiesFor(user);
return ability.can(action, subject);
}
}