Add access control features with AccessClient and AccessGate models#459
Open
RodriSanchez1 wants to merge 184 commits into
Open
Add access control features with AccessClient and AccessGate models#459RodriSanchez1 wants to merge 184 commits into
RodriSanchez1 wants to merge 184 commits into
Conversation
Add accessCode field to Board model schema
…Id inclusion and optimize board count retrieval
…ng, updating, and statistics retrieval
… public boards listing
…ons and usage workflow
The nested field was named client inside the AccessClient model, making references like client.client.name awkward to read. Renaming to contact removes the duplication. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The create endpoint accepted an accessGate field whose value was a code string, making it easy to confuse with the full AccessGate object returned in the response. Renaming the input field to accessGateCode makes the distinction explicit. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
QR code generator script
…after root change
…definition for clarity
…try block Co-authored-by: Copilot <copilot@github.com>
… for consistency; update Swagger definitions and tests accordingly
…pdate Swagger definition accordingly
…ensuring non-blocking responses and consistent timestamps
…nalytics tracking and error handling
There was a problem hiding this comment.
Pull request overview
This PR adds the “Cboard Access” feature set to the API, introducing institution-backed clients and shareable access gates (code → board tree) with public endpoints for end-user access, admin CRUD endpoints protected by Bearer+admin scope, supporting test coverage, and an offline QR code generator script.
Changes:
- Added
AccessClient/AccessGatemodels and anaccessGateCodefield + partial index onBoard. - Implemented new public and admin access-control endpoints and documented them in Swagger.
- Added integration tests plus Postman assets and a standalone QR PNG generator (vendored QR lib).
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
api/controllers/access.js |
Implements public access flow + admin CRUD/stats and board discovery/marking logic. |
api/controllers/board.js |
Updates public-board listing to exclude boards associated with an access gate code. |
api/models/AccessClient.js |
Adds the institution/subscription model. |
api/models/AccessGate.js |
Adds the access gate model (code, root board, linked boards, analytics counters). |
api/models/Board.js |
Adds accessGateCode field and a partial index for lookup efficiency. |
api/swagger/swagger.yaml |
Documents new endpoints and new schemas for Access clients/gates and accessGateCode. |
test/controllers/access.js |
New integration tests covering admin endpoints + public access flow/analytics. |
test/controllers/board.js |
Adds tests for accessGateCode normalization and public listing exclusion behavior. |
test/helper.js |
Extends helpers to return email and allow board creation with a specific email. |
test/postman/CboardAccess.README.md |
Adds usage documentation for a new Postman collection. |
test/postman/CboardAccess.collection.json |
Adds Postman collection for public/admin endpoint testing. |
scripts/qr-generator/generate-qr.js |
Adds offline QR generator (PNG output) for access URLs. |
scripts/qr-generator/qrcodegen-v1.8.0-es6.js |
Vendors QR library source used by the generator script. |
.circleci/config.yml |
Adds a new qa-image job/workflow path for building/pushing a QA image. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This reverts commit cea19c5.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces a full access control system for "Cboard Access" — a subscription-based feature that lets institutions (clients) share AAC boards with end users via a shareable QR code / URL. The main additions are: