Add Entra app-role route authorization for initial ui-staff sections

[rohit-r-kumar]

This pull request introduces the new @apps/ui-staff package, establishing the foundation for the staff-facing UI application. It also updates the monorepo's frontend package structure by replacing @ocom/ui-components with @ocom/ui-shared throughout the documentation and configuration. Additionally, the PR delivers improvements and bug fixes to authentication, Apollo Client context management, and theme persistence logic.

Key changes:

1. New Staff UI Application

• Added the new @apps/ui-staff package, including its initial configuration, dependencies, environment variables, sample OIDC mock, entrypoint, routing, authentication, and test scaffolding. This establishes the staff-facing application with support for authentication, role-based routing, Apollo Client integration, and initial test coverage. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

2. Monorepo Frontend Package Structure Update

• Replaced all references to @ocom/ui-components with @ocom/ui-shared in documentation, planning guides, and TypeScript config files, reflecting the new shared UI package structure. [1] [2] [3] [4] [5]

3. Authentication and Token Handling Improvements

• Enabled the StaffPortal token in the API service config, allowing staff authentication tokens to be recognized.
• Fixed the OIDC config property typo from noonce to nonce and ensured a default scope of 'openid' is set if not provided. [1] [2]

4. Apollo Client Context and Header Management

• Improved the ApolloLinkToAddCustomHeader implementation to avoid mutating the previous context or headers, ensuring immutability and safer context handling. [1] [2]
• Added a dedicated test for the Apollo custom header link to verify correct header merging without mutation.

5. Theme Persistence Robustness

• Enhanced theme context logic in ui-community to handle malformed or missing themeProp values in localStorage, preventing runtime errors and ensuring fallback to defaults. [1] [2]

Summary by Sourcery

Introduce centralized role-based authorization for the staff UI, wire Entra app roles into routing and navigation, and improve shared theme persistence utilities across portals.

New Features:

• Add shared staff-app role definitions and a RequireRole guard component for protecting staff routes by Entra app roles.

Enhancements:

• Filter staff navigation links based on the authenticated user’s roles to only show accessible sections.
• Refactor theme persistence into a shared storage helper and adopt it in both ui-staff and ui-community for more robust theme handling.
• Update ui-staff dev workflow to use the portless CLI and bump the monorepo’s pnpm version.
• Declare routing-related dependencies in the ui-staff-shared package to support the new authorization utilities.

Build:

• Add a Playwright configuration for the ui-staff application to run role-authorization e2e tests.

Tests:

• Add Playwright end-to-end tests that validate route access and navigation visibility for all key staff roles and combinations.
• Add unit tests for the RequireRole component to verify role evaluation and unauthorized redirects.

Chores:

• Normalize JSON formatting in staff route package manifests.