fix: Improve settings persistence and auth handling
The changes address several issues related to data persistence and security within the Condopay application. **Settings Persistence:** - **Condo Creation:** Corrected the logic for creating new condos. The system now correctly handles passing an empty string for the `id` when creating a new condo, allowing the backend service to generate the ID, rather than attempting to create a new ID on the frontend. - **Family Quota Parsing:** Enhanced the parsing of `customMonthlyQuota` for families to safely handle empty or whitespace-only input, preventing potential errors during data submission. **Authentication and Authorization:** - **Admin Role Enforcement:** Ensured that the default admin user created during database initialization always has the 'admin' role, even if it was previously changed or created incorrectly. - **Token Verification Error Handling:** Modified the JWT token verification to return a `401 Unauthorized` status for all token-related errors (e.g., expired, invalid). This will prompt the frontend to log out the user more effectively. - **Admin Access Logging:** Added console warnings when non-admin users attempt to access admin-only routes, providing better visibility into potential access control issues. **Infrastructure:** - **Docker Cleanup:** Removed unused and outdated Dockerfiles and `.dockerignore` content, streamlining the build process and removing potential confusion. These improvements enhance the reliability of data management for condos and families, strengthen security by ensuring proper role enforcement and error handling, and clean up the development infrastructure.
This commit is contained in:
@@ -224,7 +224,7 @@ export const SettingsPage: React.FC = () => {
|
||||
const handleCondoSubmit = async (e: React.FormEvent) => {
|
||||
e.preventDefault();
|
||||
try {
|
||||
// FIX: Do not generate ID for new condo, let backend/service handle it (POST vs PUT check)
|
||||
// If editingCondo exists, use its ID. If not, empty string tells service to create new.
|
||||
const payload: Condo = {
|
||||
id: editingCondo ? editingCondo.id : '',
|
||||
name: condoForm.name,
|
||||
@@ -247,7 +247,10 @@ export const SettingsPage: React.FC = () => {
|
||||
|
||||
setShowCondoModal(false);
|
||||
window.dispatchEvent(new Event('condo-updated'));
|
||||
} catch (e) { console.error(e); alert("Errore nel salvataggio del condominio"); }
|
||||
} catch (e) {
|
||||
console.error(e);
|
||||
alert("Errore nel salvataggio del condominio. Assicurati di essere amministratore.");
|
||||
}
|
||||
};
|
||||
|
||||
const handleDeleteCondo = async (id: string) => {
|
||||
@@ -288,7 +291,10 @@ export const SettingsPage: React.FC = () => {
|
||||
const handleFamilySubmit = async (e: React.FormEvent) => {
|
||||
e.preventDefault();
|
||||
try {
|
||||
const quota = familyForm.customMonthlyQuota ? parseFloat(familyForm.customMonthlyQuota) : undefined;
|
||||
// Handle parsing safely
|
||||
const quota = familyForm.customMonthlyQuota && familyForm.customMonthlyQuota.trim() !== ''
|
||||
? parseFloat(familyForm.customMonthlyQuota)
|
||||
: undefined;
|
||||
|
||||
if (editingFamily) {
|
||||
const updatedFamily = {
|
||||
@@ -312,7 +318,7 @@ export const SettingsPage: React.FC = () => {
|
||||
setShowFamilyModal(false);
|
||||
} catch (e: any) {
|
||||
console.error(e);
|
||||
alert(`Errore: ${e.message || "Impossibile salvare la famiglia"}`);
|
||||
alert(`Errore: ${e.message || "Impossibile salvare la famiglia. Controlla i permessi."}`);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -345,7 +351,7 @@ export const SettingsPage: React.FC = () => {
|
||||
}
|
||||
setUsers(await CondoService.getUsers());
|
||||
setShowUserModal(false);
|
||||
} catch (e) { alert("Errore"); }
|
||||
} catch (e) { alert("Errore nel salvataggio utente"); }
|
||||
};
|
||||
const handleDeleteUser = async (id: string) => {
|
||||
if(!window.confirm("Eliminare utente?")) return;
|
||||
|
||||
Reference in New Issue
Block a user