fix(web): gate staff-only Convex queries to avoid RBAC errors on dashboard and tickets; docs: add desktop agent history and troubleshooting

2025-10-10 01:11:03 -03:00 · 2025-10-10 01:11:03 -03:00 · ab820ddeca
commit ab820ddeca
parent 7685370c05
11 changed files with 144 additions and 33 deletions
--- a/src/components/tickets/new-ticket-dialog.tsx
+++ b/src/components/tickets/new-ticket-dialog.tsx
@ -56,14 +56,15 @@ export function NewTicketDialog() {
    },
    mode: "onTouched",
  })
-  const { convexUserId } = useAuth()
-  const queueArgs = convexUserId
+  const { convexUserId, isStaff } = useAuth()
+  const queuesEnabled = Boolean(isStaff && convexUserId)
+  const queueArgs = queuesEnabled
    ? { tenantId: DEFAULT_TENANT_ID, viewerId: convexUserId as Id<"users"> }
    : "skip"

  useDefaultQueues(DEFAULT_TENANT_ID)
  const queuesRaw = useQuery(
-    convexUserId ? api.queues.summary : "skip",
+    queuesEnabled ? api.queues.summary : "skip",
    queueArgs
  ) as TicketQueueSummary[] | undefined
  const queues = useMemo(() => queuesRaw ?? [], [queuesRaw])
--- a/src/components/tickets/play-next-ticket-card.tsx
+++ b/src/components/tickets/play-next-ticket-card.tsx
@ -30,12 +30,13 @@ const secondaryButtonClass = "inline-flex items-center gap-2 rounded-lg border b

 export function PlayNextTicketCard({ context }: PlayNextTicketCardProps) {
  const router = useRouter()
-  const { convexUserId } = useAuth()
-  const queueArgs = convexUserId
+  const { convexUserId, isStaff } = useAuth()
+  const queuesEnabled = Boolean(isStaff && convexUserId)
+  const queueArgs = queuesEnabled
    ? { tenantId: DEFAULT_TENANT_ID, viewerId: convexUserId as Id<"users"> }
    : "skip"
  const queueSummary = (
-    useQuery(convexUserId ? api.queues.summary : "skip", queueArgs) as TicketQueueSummary[] | undefined
+    useQuery(queuesEnabled ? api.queues.summary : "skip", queueArgs) as TicketQueueSummary[] | undefined
  ) ?? []
  const playNext = useMutation(api.tickets.playNext)
  const [selectedQueueId, setSelectedQueueId] = useState<string | undefined>(undefined)
--- a/src/components/tickets/ticket-queue-summary.tsx
+++ b/src/components/tickets/ticket-queue-summary.tsx
@ -14,11 +14,12 @@ interface TicketQueueSummaryProps {
 }

 export function TicketQueueSummaryCards({ queues }: TicketQueueSummaryProps) {
-  const { convexUserId } = useAuth()
-  const queueArgs = convexUserId
+  const { convexUserId, isStaff } = useAuth()
+  const enabled = Boolean(isStaff && convexUserId)
+  const queueArgs = enabled
    ? { tenantId: DEFAULT_TENANT_ID, viewerId: convexUserId as Id<"users"> }
    : "skip"
-  const fromServer = useQuery(convexUserId ? api.queues.summary : "skip", queueArgs)
+  const fromServer = useQuery(enabled ? api.queues.summary : "skip", queueArgs)
  const data: TicketQueueSummary[] = (queues ?? (fromServer as TicketQueueSummary[] | undefined) ?? [])

  if (!queues && fromServer === undefined) {
--- a/src/components/tickets/ticket-summary-header.tsx
+++ b/src/components/tickets/ticket-summary-header.tsx
@ -88,7 +88,7 @@ function formatDuration(durationMs: number) {
 }

 export function TicketSummaryHeader({ ticket }: TicketHeaderProps) {
-  const { convexUserId, role } = useAuth()
+  const { convexUserId, role, isStaff } = useAuth()
  const isManager = role === "manager"
  useDefaultQueues(ticket.tenantId)
  const changeAssignee = useMutation(api.tickets.changeAssignee)
@ -99,11 +99,12 @@ export function TicketSummaryHeader({ ticket }: TicketHeaderProps) {
  const pauseWork = useMutation(api.tickets.pauseWork)
  const updateCategories = useMutation(api.tickets.updateCategories)
  const agents = (useQuery(api.users.listAgents, { tenantId: ticket.tenantId }) as Doc<"users">[] | undefined) ?? []
-  const queueArgs = convexUserId
+  const queuesEnabled = Boolean(isStaff && convexUserId)
+  const queueArgs = queuesEnabled
    ? { tenantId: ticket.tenantId, viewerId: convexUserId as Id<"users"> }
    : "skip"
  const queues = (
-    useQuery(convexUserId ? api.queues.summary : "skip", queueArgs) as TicketQueueSummary[] | undefined
+    useQuery(queuesEnabled ? api.queues.summary : "skip", queueArgs) as TicketQueueSummary[] | undefined
  ) ?? []
  const { categories, isLoading: categoriesLoading } = useTicketCategories(ticket.tenantId)
  const [status] = useState<TicketStatus>(ticket.status)
--- a/src/components/tickets/tickets-view.tsx
+++ b/src/components/tickets/tickets-view.tsx
@ -14,14 +14,15 @@ import { useDefaultQueues } from "@/hooks/use-default-queues"

 export function TicketsView() {
  const [filters, setFilters] = useState<TicketFiltersState>(defaultTicketFilters)
-  const { session, convexUserId } = useAuth()
+  const { session, convexUserId, isStaff } = useAuth()
  const tenantId = session?.user.tenantId ?? DEFAULT_TENANT_ID

  useDefaultQueues(tenantId)

+  const queuesEnabled = Boolean(isStaff && convexUserId)
  const queues = useQuery(
-    convexUserId ? api.queues.summary : "skip",
-    convexUserId ? { tenantId, viewerId: convexUserId as Id<"users"> } : "skip"
+    queuesEnabled ? api.queues.summary : "skip",
+    queuesEnabled ? { tenantId, viewerId: convexUserId as Id<"users"> } : "skip"
  ) as TicketQueueSummary[] | undefined
  const ticketsRaw = useQuery(
    api.tickets.list,