diff --git a/backend/benefit/users/api/v1/serializers.py b/backend/benefit/users/api/v1/serializers.py
index 28efb82dee..762a115fb7 100644
--- a/backend/benefit/users/api/v1/serializers.py
+++ b/backend/benefit/users/api/v1/serializers.py
@@ -26,6 +26,7 @@ class Meta:
"terms_of_service_approvals",
"terms_of_service_approval_needed",
"terms_of_service_in_effect",
+ "is_staff",
]
read_only_fields = [
"id",
@@ -34,6 +35,7 @@ class Meta:
"terms_of_service_approvals",
"terms_of_service_approval_needed",
"terms_of_service_in_effect",
+ "is_staff",
]
terms_of_service_in_effect = serializers.SerializerMethodField(
diff --git a/frontend/benefit/handler/src/auth/AuthProvider.tsx b/frontend/benefit/handler/src/auth/AuthProvider.tsx
index 14583505e9..103a2b400b 100644
--- a/frontend/benefit/handler/src/auth/AuthProvider.tsx
+++ b/frontend/benefit/handler/src/auth/AuthProvider.tsx
@@ -5,11 +5,11 @@ import AuthContext from 'shared/auth/AuthContext';
const AuthProvider =
({
children,
}: React.PropsWithChildren
): JSX.Element => {
- const userQuery = useUserQuery((user) => Boolean(user));
+ const userQuery = useUserQuery((user) => user);
return (
(
+const useUserQuery = (
select?: (user: User) => T
-): UseQueryResult => {
+): UseQueryResult => {
const router = useRouter();
const locale = useLocale();
+ const noPermissionLogout = useLogout();
+
// Don't fetch user state if status is logged out
const logout =
- (router.route === '/login' || router.route === `${locale}/login`) &&
+ (router.route === ROUTES.LOGIN ||
+ router.route === `${locale}${ROUTES.LOGIN}`) &&
(router.asPath.includes('logout=true') ||
router.asPath.includes('userStateError=true'));
const { axios, handleResponse } = useBackendAPI();
- const handleError = (error: Error): void => {
+ const handleError = (error: AxiosError): void => {
if (logout) {
- void router.push(`${locale}/login?logout=true`);
+ void router.push(`${locale}${ROUTES.LOGIN}?logout=true`);
} else if (/40[13]/.test(error.message)) {
- void router.push(`${locale}/login`);
+ void router.push(`${locale}${ROUTES.LOGIN}`);
} else if (
!process.env.NEXT_PUBLIC_MOCK_FLAG ||
process.env.NEXT_PUBLIC_MOCK_FLAG === '0'
) {
- void router.push(`${locale}/login?userStateError=true`);
+ void router.push(`${locale}${ROUTES.LOGIN}?userStateError=true`);
+ }
+ };
+
+ const checkForStaffStatus = (user: User): void => {
+ if (user && !user.is_staff) {
+ void noPermissionLogout();
}
};
@@ -41,6 +54,7 @@ const useUserQuery = (
enabled: !logout,
retry: false,
select,
+ onSuccess: checkForStaffStatus,
onError: (error) => handleError(error),
}
);
diff --git a/frontend/shared/src/types/user.d.ts b/frontend/shared/src/types/user.d.ts
index d72931a874..3b331ada1b 100644
--- a/frontend/shared/src/types/user.d.ts
+++ b/frontend/shared/src/types/user.d.ts
@@ -5,5 +5,6 @@ type User = {
family_name: string;
name: string;
organization_name?: string;
+ is_staff?: boolean;
};
export default User;