To ensure that QuantX is being used properly and safely, it is important to protect certain routes with sensitive data from regular users. There should be an account management system that manages role based access and permissions.
Accepted Criteria:
- When a user logs in for the first time, an account will be created in the database. If the account already exists with the given firebase_uid, then no action occurs
- On account creation, there should be a custom claim added to the user's JWT token, with the field "role." This will allow routes to be protected on the frontend without a database query.
- Admins should be able to edit user's roles and give them roles such as moderator, or demote them to member.
- Owners should be allowed the same permissions as admins, but also allowed to manage admin roles
- If a general member or moderator tries to access a route protected only for admins, then they will get redirected to their dashboard
Technical Details:
API Routes necessary:
POST - /api/accounts/me - requires basic authentication with firebase token
PUT -/api/accounts/[accountId] - requires admin at the very least
Once these API routes are defined, cursor can be fed this context and implement the necessary components on the frontend.
To ensure that QuantX is being used properly and safely, it is important to protect certain routes with sensitive data from regular users. There should be an account management system that manages role based access and permissions.
Accepted Criteria:
Technical Details:
API Routes necessary:
POST - /api/accounts/me - requires basic authentication with firebase token
PUT -/api/accounts/[accountId] - requires admin at the very least
Once these API routes are defined, cursor can be fed this context and implement the necessary components on the frontend.