Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(pres_mgmt): restore POC + Presenter sign-in email and copy link flows

Browse Source 
POC (session) sign-in was silently broken:
- sign_in_out.svelte calls session_sign_in() only when session_id is a query
  param; the URL was missing &session_id=... so the function never fired.
- Fixed in: email_sign_in__event_session URL and poc_sign_in_url derivation
  in session_view.svelte.

Presenter email routed to wrong page:
- email_sign_in__event_presenter built a URL to /presenter/[id] which has no
  sign-in handler. Changed to route to /session/[session_id] (same as the
  existing copy-link on the presenter page), including presenter_id and
  presentation_id params so presenter_sign_in() fires correctly.

Multi-session/multi-presentation person-centric auth:
- poc_is_authed in session_view.svelte now also checks
  auth__person.id === poc_person_id, so a POC signed in via any of their
  session links is automatically auth'd on all sessions where they are the POC.
- presenter_is_authed derived bool added to presenter page; includes person_id
  match so a presenter is recognised on all their presentations after one
  sign-in. All file upload and file list auth gates now use it.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-06-12 16:27:45 -04:00
parent 10f7f04fbc
commit e05602b87b
4 changed files with 35 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/lib/ae_events/ae_events__event_presenter.ts
View File

@@ -597,10 +597,13 @@ export async function email_sign_in__event_presenter({
return null;
}
const subject = `Pres Mgmt Hub Sign In Link for Presenter: ${to_name ?? 'Presenter'}`;
// Routes to the session page (which has the sign-in handler mounted) not /presenter/[id]
// which has no sign-in handler. Includes presenter_id + presentation_id so the handler
// can grant presenter-level auth (not just session read access).
const sign_in_url = encodeURI(
`${base_url}/events/${event_id}/presenter/${event_presenter_id}?person_id=${person_id}&person_pass=${person_passcode}`
`${base_url}/events/${event_id}/session/${event_session_id}?person_id=${person_id}&person_pass=${person_passcode}&presenter_id=${event_presenter_id}&presentation_id=${event_presentation_id}`
);
const body_html = `<div>${to_name},<p>Your sign-in link for ${presentation_name ?? 'Presentation'} (Session: ${session_name ?? 'Session'}): <a href="${sign_in_url}">${sign_in_url}</a></p></div>`;
const body_html = `<div>${to_name},<p>Your sign-in link for ${presentation_name ?? 'Presentation'} (Session: ${session_name ?? 'Session'}): <a href="${sign_in_url}">${sign_in_url}</a></p><p>This link takes you to the session page — your presentation and file upload sections will be available after you sign in.</p></div>`;
return await api.send_email({
api_cfg,
from_email: 'noreply+presmgmt@oneskyit.com',