docs: verify LCI Pres Mgmt restoration items — 2 of 3 already fixed
Checked all three open items in the LCI October restoration list
against current code:
- Presenter email sign-in link routing — FIXED (2026-06-12, e05602b87).
email_sign_in__event_presenter() routes through the session page with
presenter_id/presentation_id params; verified sign_in_out.svelte reads
them and grants presenter-level auth, not just session read access.
- session_page_menu.svelte sign-in prop — VERIFIED CORRECT, no bug found.
event_session_id prop is the real session object field, not a URL
param. The component's separate url_session_id is intentionally a
different thing (POC/Champion link shape only).
- Presenter agreement not enforced before upload — STILL OPEN, confirmed.
presenter_is_authed (the gate used everywhere upload UI shows) has no
dependency on .agree at all; require__presenter_agree only controls
whether the Agreed/Not Agreed button is shown, never blocks anything.
No enforcement found anywhere in the chain, including inside the
upload component itself. Added a concrete fix direction.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
@@ -45,26 +45,34 @@ wrong to users.
|
|||||||
|
|
||||||
### Presenter Sign-In
|
### Presenter Sign-In
|
||||||
|
|
||||||
- [ ] **[Pres Mgmt] Presenter email sign-in link routes to wrong page**
|
- [x] **[Pres Mgmt] Presenter email sign-in link routes to wrong page** (fixed 2026-06-12,
|
||||||
`email_sign_in__event_presenter()` builds a URL to `/presenter/[id]?person_id=...&person_pass=...`.
|
commit `e05602b87`; verified 2026-06-16) `email_sign_in__event_presenter()` now builds a URL
|
||||||
The URL param parser (`sign_in_out.svelte`) is only mounted on the *session* page menu, not the
|
to `/session/[session_id]?...&presenter_id=...&presentation_id=...` instead of `/presenter/[id]`
|
||||||
presenter page. A presenter clicking their email link lands on their page with no auth granted.
|
— confirmed in `ae_events__event_presenter.ts`. Verified `sign_in_out.svelte` (mounted on the
|
||||||
Fix: mount `Sign_in_out` in `presenter_page_menu.svelte` (same way session menu does it), or
|
session page) reads `presenter_id`/`presentation_id` from the URL and grants presenter-level
|
||||||
change the email link to route to the session page (which already has the parser) and include
|
auth via `auth__kv.presenter`/`auth__kv.presentation`, not just session read access.
|
||||||
the presenter/presentation IDs as params — which is how it worked originally.
|
|
||||||
|
|
||||||
- [ ] **[Pres Mgmt] Presenter agreement not enforced before file upload**
|
- [ ] **[Pres Mgmt] Presenter agreement not enforced before file upload** (verified still open,
|
||||||
`require__presenter_agree` is stored and displayed but the upload components are gated on
|
2026-06-16) `presenter_is_authed` in `presenter/[presenter_id]/+page.svelte` — the gate used
|
||||||
`auth__kv.presenter[id]` only, not on `presenter.agree`. A presenter who signs in but has not
|
everywhere the upload UI is shown (`Comp_event_files_upload`, `Element_manage_event_file_li_wrap`)
|
||||||
agreed can still upload. The original blocked the upload section until `agree === true`.
|
— only checks sign-in state (`auth__kv.presenter`/`auth__kv.session`/person match). It has no
|
||||||
|
dependency on `.agree` at all. `require__presenter_agree` (`pres_mgmt_loc.current`) is read in
|
||||||
|
exactly one place (`presenter_page_menu.svelte`) to decide whether to *show* the Agreed/Not
|
||||||
|
Agreed button — it never blocks anything. A presenter who signs in but has not agreed can still
|
||||||
|
see and use the upload section when this setting is on. Confirmed `ae_comp__event_files_upload.svelte`
|
||||||
|
has no internal agreement check either — there is no enforcement anywhere in the chain.
|
||||||
|
Fix: gate the upload sections (and ideally `allow_basic`/`allow_moderator` on the file list too)
|
||||||
|
on `!pres_mgmt_loc.current.require__presenter_agree || $lq__auth__event_presenter_obj?.agree`
|
||||||
|
in addition to `presenter_is_authed`.
|
||||||
|
|
||||||
### Session POC Sign-In
|
### Session POC Sign-In
|
||||||
|
|
||||||
- [ ] **[Pres Mgmt] `session_page_menu.svelte` sign-in prop still wrong**
|
- [x] **[Pres Mgmt] `session_page_menu.svelte` sign-in prop** (verified correct, 2026-06-16)
|
||||||
`event_session_id` prop passed to `Sign_in_out` was just changed from `event_id` to
|
`event_session_id={$lq__event_session_obj?.event_session_id}` — confirmed this is the real
|
||||||
`event_session_id` — verify this is actually `$lq__event_session_obj?.event_session_id`
|
session ID from the loaded session object, not the raw URL param. The sign-in component's
|
||||||
(the real session ID string) not the URL param `url_session_id`. The sign-in component
|
separate `url_session_id` (parsed from a `session_id` query param) is intentionally a different
|
||||||
uses this value to set `auth__kv.session[event_session_id]`.
|
thing — it's only used for the POC/Champion sign-in link shape, not the presenter flow, which
|
||||||
|
relies on the route's own `[session_id]` path param via this prop. No bug found.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user