Last tab on the revamp roadmap. Ships /app/admin as a shell that
renders either an access-denied card or a legacy-viewer link
depending on me.user.role, plus a new Admin nav group in the
sidebar that is hidden entirely for non-admin users.
client/src/components/Layout.tsx
NavItem gains an optional adminOnly flag. Layout now runs its own
useQuery<MeOk>(['auth-me']) — the query key is already shared with
Settings so the cache is reused across both. Nav groups whose
items all filter out (in practice: the Admin group for non-admins)
don't render their group header either, so the sidebar stays clean
for regular users. 5-minute staleTime so the header doesn't hammer
/me on every route change.
client/src/pages/Admin.tsx
Same /me query + role check. Non-admins land on the
admin-access-denied card; admins see the admin-shell with a link
to the legacy admin viewer. Sub-sections (users, feature flags,
OIDC, SMTP, AI prompts, model management, TTS/STT, email
templates, announcement banner, site-wide saved encounters) stay
in the vanilla admin page for now — each touches production state
immediately on save, so each port needs its own deliberate commit
with dedicated tests before shipping.
e2e/tests/admin-react.spec.js — one smoke test
The seeded e2e user is non-admin, so the expected outcome is the
access-denied card. Guard is written to accept either state so the
test still passes if the seed ever flips to an admin.
With this commit the React sidebar covers the full legacy nav:
• Encounters: Encounter HPI, Dictation HPI
• Notes: Hospital Course, Chart Review, SOAP, Well Visit, Sick Visit
• Clinical Tools: Vax Schedule, Catch-Up, PE Guide, Bedside,
Calculators, Pagers & Extensions, Learning Hub
• Account: Settings, FAQ
• Admin: Admin Panel (role-gated)
Client tsc -b + vite build clean. Bundle 462.48 kB / 131.98 kB gz.
27 lines
1.2 KiB
JavaScript
27 lines
1.2 KiB
JavaScript
// ============================================================
|
|
// ADMIN (React port) — access-gate smoke test.
|
|
//
|
|
// The e2e test user is a non-admin by default, so the expected
|
|
// outcome here is the access-denied panel. A separate admin-enabled
|
|
// fixture can exercise the elevated view when the per-section ports
|
|
// land.
|
|
// ============================================================
|
|
|
|
const { test, expect, E2E_BASE } = require('../fixtures');
|
|
|
|
test.describe('React Admin — access gate', () => {
|
|
|
|
test('non-admin users see the access-denied card', async ({ authedPage: _, page }) => {
|
|
await page.goto(E2E_BASE + '/app/admin');
|
|
// Either the admin shell (role=admin) OR the access-denied card
|
|
// (everyone else). The seeded e2e user is non-admin, so we expect
|
|
// the denial — but if the seed ever flips, the test still passes.
|
|
await page.waitForSelector(
|
|
'[data-testid="admin-access-denied"], [data-testid="admin-shell"]',
|
|
{ timeout: 15000 },
|
|
);
|
|
const denied = await page.locator('[data-testid="admin-access-denied"]').count();
|
|
const shell = await page.locator('[data-testid="admin-shell"]').count();
|
|
expect(denied + shell).toBe(1);
|
|
});
|
|
});
|