Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(badges): open badge review access when no passcode is set

Browse Source 
Badges without person_passcode are now viewable by anyone with the URL —
open access is granted on badge load. Previously this was explicitly
denied. The passcode entry form is only shown when the badge actually
has a passcode configured. Auto-validate effect expanded to cover the
no-passcode case.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-06-06 18:35:47 -04:00
parent c9b0acfa06
commit 7d2b30b7ce
1 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/routes/events/[event_id]/(badges)/badges/[badge_id]/review/+page.svelte
View File

@@ -92,23 +92,29 @@ let passcode_checked = $state(false);
let passcode_valid = $state(false); let passcode_valid = $state(false);
let passcode_error = $state(''); let passcode_error = $state('');
// Auto-validate URL passcode once badge is loaded // Once the badge loads: grant open access if no passcode is set, or auto-validate URL passcode.
$effect(() => { $effect(() => {
if (url_passcode && $lq__event_badge_obj && !passcode_checked) { const badge = $lq__event_badge_obj;
untrack(() => { if (!badge || passcode_checked) return;
untrack(() => {
if (!badge.person_passcode) {
// No passcode on this badge — open access for attendees
passcode_valid = true;
passcode_checked = true;
} else if (url_passcode) {
check_passcode(url_passcode); check_passcode(url_passcode);
}); }
} // else: badge requires a passcode but none in URL — show the entry form
});
}); });
function check_passcode(code: string) { function check_passcode(code: string) {
passcode_checked = true; passcode_checked = true;
const badge_passcode = $lq__event_badge_obj?.person_passcode; const badge_passcode = $lq__event_badge_obj?.person_passcode;
if (!badge_passcode) { if (!badge_passcode) {
// No passcode set on badge — deny access to prevent unintentional open access // No passcode on badge — open access
passcode_valid = false; passcode_valid = true;
passcode_error = passcode_error = '';
'This badge does not have a review link enabled. Please contact event staff.';
} else if (code && code === badge_passcode) { } else if (code && code === badge_passcode) {
passcode_valid = true; passcode_valid = true;
passcode_error = ''; passcode_error = '';
@@ -294,8 +300,8 @@ let can_edit_fields: string[] = $derived.by(() => {
is_staff={has_staff_access} is_staff={has_staff_access}
{log_lvl} /> {log_lvl} />
</div> </div>
{:else if !passcode_checked && !url_passcode} {:else if !passcode_checked && !url_passcode && !!$lq__event_badge_obj?.person_passcode}
<!-- Passcode entry (attendee navigates directly, no URL passcode) --> <!-- Passcode entry (badge requires a passcode, attendee navigated directly without one) -->
<div class="card max-w-sm space-y-4 p-6"> <div class="card max-w-sm space-y-4 p-6">
<h3 class="text-lg font-semibold">Enter Your Passcode</h3> <h3 class="text-lg font-semibold">Enter Your Passcode</h3>
<p class="text-sm text-gray-500"> <p class="text-sm text-gray-500">