From 0c06ca18bff43bc7e6989f75db1f778411b1c574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Salazar?= <73718835+joshrs23@users.noreply.github.com> Date: Fri, 30 Jan 2026 09:08:44 -0500 Subject: [PATCH] validation user role --- .../src/data/repositories_impl/auth_repository_impl.dart | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart b/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart index 3c7d387a..c6831eee 100644 --- a/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart +++ b/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart @@ -39,10 +39,9 @@ class AuthRepositoryImpl implements AuthRepositoryInterface { return _getUserProfile( firebaseUserId: firebaseUser.uid, fallbackEmail: firebaseUser.email ?? email, + requireBusinessRole: true, ); - //TO-DO: validate that user is business role and has business account - } on firebase.FirebaseAuthException catch (e) { if (e.code == 'invalid-credential' || e.code == 'wrong-password') { throw Exception('Incorrect email or password.'); @@ -138,12 +137,18 @@ class AuthRepositoryImpl implements AuthRepositoryInterface { Future _getUserProfile({ required String firebaseUserId, required String? fallbackEmail, + bool requireBusinessRole = false, }) async { final QueryResult response = await _dataConnect.getUserById(id: firebaseUserId).execute(); final dc.GetUserByIdUser? user = response.data?.user; if (user == null) { throw Exception('Authenticated user profile not found in database.'); } + if (requireBusinessRole && user.userRole != 'BUSINESS') { + await _firebaseAuth.signOut(); + dc.ClientSessionStore.instance.clear(); + throw Exception('User is not authorized for this app.'); + } final String? email = user.email ?? fallbackEmail; if (email == null || email.isEmpty) {