Skip to content

fix: Combine portals + role-based sidebar navigation#34

Open
devin-ai-integration[bot] wants to merge 1 commit into
devin/1779022021-round6-auditfrom
devin/1779027957-combine-portals-rbac
Open

fix: Combine portals + role-based sidebar navigation#34
devin-ai-integration[bot] wants to merge 1 commit into
devin/1779022021-round6-auditfrom
devin/1779027957-combine-portals-rbac

Conversation

@devin-ai-integration
Copy link
Copy Markdown

@devin-ai-integration devin-ai-integration Bot commented May 17, 2026

Summary

Two changes:

  1. Removes the standalone pwa-products-showcase/ — a 674-line static HTML page that duplicated features already integrated into customer-portal-full. This was created in an earlier session as a temporary showcase and is now redundant.

  2. Fixes role-based sidebar permissions on 10 menu items that were incorrectly visible to roles that shouldn't see them. Previously, operational/admin tools like "Claims Adjudication", "USSD Gateway", "Bank Integrations", and "Renewal Automation" were visible to customers because they used overly permissive permission keys (canViewClaims, canViewDashboard, canViewPolicies, canViewPayments).

Menu Item Old Permission New Permission Who lost access
USSD Gateway canViewDashboard canViewUserManagement user, agent, underwriter
NMID Integration canViewPolicies canViewUserManagement user, agent, underwriter
Insurance Technology canViewPolicies canViewAnalytics user
Embedded Distribution canViewPolicies canViewCommission user, underwriter
NIIRA 2025 canViewPolicies canViewAuditLogs user, agent
Claims Adjudication canViewClaims canViewPolicyApproval user, agent
Renewal Automation canViewPolicies canViewUserManagement user, agent, underwriter
Multi-Currency canViewPayments canViewUserManagement user, agent
Bank Integrations canViewPayments canViewUserManagement user, agent
Smart Claim Routing canViewClaims canViewPolicyApproval user, agent

Resulting visibility per role:

  • Customer: 52 items (products, policies, claims, payments, profile, customer-facing AI)
  • Agent: 77 items (+ analytics, distribution, commissions, agent management)
  • Underwriter: 79 items (+ risk, fraud, compliance, actuarial, claims adjudication)
  • Admin: 107 items (everything)

Review & Testing Checklist for Human

  • Verify permission assignments match business intent — The mapping of menu items to permission keys is the core change. For each of the 10 items in the table above, confirm the new permission key reflects the correct business access policy. Pay special attention to whether agents should see "Claims Adjudication" and "Smart Claim Routing" (currently hidden from agents).
  • Note: sidebar hiding is NOT route-level protection — These changes only control sidebar visibility. A user who knows the URL (e.g. /claims-adjudication) can still navigate there directly. If route-level access control is needed, that requires additional work.
  • Test role switching in the UI — Use the "Switch Role (Demo)" dropdown in the sidebar footer. Switch between Customer, Agent, Underwriter, and Admin. Verify that the sidebar sections appear/disappear correctly for each role — specifically that Customers no longer see Operations, Nigerian Market, Regulatory Compliance, or Administration sections.

Notes

  • Zero 404 errors were found: all 103 sidebar paths have matching Route definitions in App.tsx, and all return HTTP 200 from the dev server.
  • The role permission matrix itself (in RoleContext.tsx) was not modified — only the permission field on individual menu items in UnifiedLayout.tsx was updated.

Link to Devin session: https://app.devin.ai/sessions/0475192a778b45cea30202f85ad52b63

@devin-ai-integration @munisp
fix: combine portals + role-based sidebar navigation
76b0153 
- Remove redundant pwa-products-showcase (standalone PWA) — all features already in customer-portal-full
- Fix role-based permissions on 10 menu items that were incorrectly accessible to all roles:
  * USSD Gateway: canViewDashboard → canViewUserManagement (admin only)
  * NMID Integration: canViewPolicies → canViewUserManagement (admin only)
  * Insurance Technology: canViewPolicies → canViewAnalytics (admin/agent/underwriter)
  * Embedded Distribution: canViewPolicies → canViewCommission (admin/agent)
  * NIIRA 2025 Compulsory Insurance: canViewPolicies → canViewAuditLogs (admin/underwriter)
  * Claims Adjudication: canViewClaims → canViewPolicyApproval (admin/underwriter)
  * Renewal Automation: canViewPolicies → canViewUserManagement (admin only)
  * Multi-Currency: canViewPayments → canViewUserManagement (admin only)
  * Bank Integrations: canViewPayments → canViewUserManagement (admin only)
  * Smart Claim Routing: canViewClaims → canViewPolicyApproval (admin/underwriter)

Role visibility:
- Customer: 52 items (products, policies, claims, payments, profile)
- Agent: 77 items (+ analytics, distribution, commissions)
- Underwriter: 79 items (+ risk, fraud, compliance, actuarial)
- Admin: 107 items (everything)

Co-Authored-By: Patrick Munis <pmunis@gmail.com>
@devin-ai-integration
Copy link
Copy Markdown
Author

devin-ai-integration Bot commented May 17, 2026

Original prompt from Patrick

https://drive.google.com/file/d/17FqTB6666Z-CYrffikjqdPh1-qWXxQXf/view?usp=sharing
Extract the entire archive, analyze and search for orphan, partially and generic scaffolded features across the platform - fully implement them end to end -generic CRUD-only patterns , modules with no domain logic, disconnected features, and incomplete implementations.

@devin-ai-integration
Copy link
Copy Markdown
Author

devin-ai-integration Bot commented May 17, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@devin-ai-integration
Copy link
Copy Markdown
Author

devin-ai-integration Bot commented May 17, 2026

E2E Test Results: Role-Based Sidebar Navigation

5/5 tests passed — tested locally on http://localhost:5000

Role Switching Tests (4/4 passed)
Role Visible Groups Key Sections Result
Customer ~12 Products, Policies, Claims, Payments, AI Services PASSED — no admin/ops sections
Agent ~18 + Distribution, Agent Management, Commission, Operations PASSED
Underwriter ~19 + Risk & Underwriting, Regulatory Compliance, Claims Adjudication PASSED
Admin 22 Everything including Nigerian Market, Administration PASSED

Customer role — no Operations, Administration, Nigerian Market, Regulatory Compliance:
Customer

Agent role — Distribution Channels, Agent Management, Operations visible:
Agent

Underwriter role — Risk & Underwriting, Regulatory Compliance, Claims Adjudication:
Underwriter

Admin role — all 22 groups including Administration, Nigerian Market:
Admin

Page Navigation Test (1/1 passed)

All 5 previously-restricted pages return HTTP 200:

Page URL Evidence
USSD Gateway /ussd-gateway Browser + curl
Claims Adjudication /claims-adjudication Browser + curl
Bank Integrations /bank-integrations Browser + curl
NIIRA 2025 /niira-compulsory-insurance curl (HTTP 200)
Renewal Automation /policy-renewal-automation curl (HTTP 200)

USSD Gateway
Claims Adjudication
Bank Integrations

Known pre-existing issue: React hooks error ("Invalid hook call") intermittently appears after server restart due to Vite dep optimization creating duplicate React copies. Not caused by this PR.

Devin session

@devin-ai-integration devin-ai-integration Bot mentioned this pull request May 17, 2026
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants