From 05508cc76c2e8ec98f828decf02dc116dadf1f61 Mon Sep 17 00:00:00 2001
From: Ida Dittrich <i.dittrich@valueon.ch>
Date: Mon, 5 Jan 2026 06:49:39 +0100
Subject: [PATCH] fix:priviledge caching led to no pages showing

---
 src/hooks/useUsers.ts  | 69 +++++++++++++++++++++++++++++++++---------
 src/utils/userCache.ts |  8 +++++
 2 files changed, 63 insertions(+), 14 deletions(-)

diff --git a/src/hooks/useUsers.ts b/src/hooks/useUsers.ts
index db5e14f..7169390 100644
--- a/src/hooks/useUsers.ts
+++ b/src/hooks/useUsers.ts
@@ -30,12 +30,22 @@ export function useCurrentUser() {
       // Check if we already have user data in sessionStorage cache
       const cachedUser = getUserDataCache();
       if (cachedUser) {
-        setUser(cachedUser);
-        console.log('✅ Using cached user data from sessionStorage (persists during session):', {
-          username: cachedUser.username,
-          privilege: cachedUser.privilege
-        });
-        return;
+        // Validate cached user data - if privilege is missing, refetch from API
+        if (cachedUser.privilege === undefined || cachedUser.privilege === null) {
+          console.warn('⚠️ Cached user data missing privilege, refetching from API...', {
+            username: cachedUser.username,
+            privilege: cachedUser.privilege
+          });
+          // Clear incomplete cache and continue to fetch from API
+          clearUserDataCache();
+        } else {
+          setUser(cachedUser);
+          console.log('✅ Using cached user data from sessionStorage (persists during session):', {
+            username: cachedUser.username,
+            privilege: cachedUser.privilege
+          });
+          return;
+        }
       }
       
       // JWT tokens are now stored in httpOnly cookies, so we fetch user data from API
@@ -64,13 +74,37 @@ export function useCurrentUser() {
       }
       
       const data = await fetchCurrentUserApi(request, authAuthority || undefined);
-      setUser(data);
-      // Cache user data in sessionStorage (cleared on tab close - more secure than localStorage)
-      setUserDataCache(data);
-      console.log('✅ User data fetched from API and cached in sessionStorage (secure):', {
-        username: data.username,
-        privilege: data.privilege
+      
+      // Log full response for debugging
+      console.log('📦 User data received from API:', {
+        username: data?.username,
+        privilege: data?.privilege,
+        hasPrivilege: !!data?.privilege,
+        allKeys: data ? Object.keys(data) : [],
+        fullData: data
       });
+      
+      // Validate user data before caching - ensure privilege is present
+      if (!data || !data.privilege) {
+        console.error('❌ User data from API missing privilege field - this may cause permission issues:', {
+          username: data?.username,
+          privilege: data?.privilege,
+          dataKeys: data ? Object.keys(data) : [],
+          fullResponse: data
+        });
+        // Don't cache incomplete data - it will cause permission issues on next load
+        // But still set user so the app can function (permissions are checked via RBAC API)
+        setUser(data);
+        console.warn('⚠️ User data set but not cached due to missing privilege - will refetch on next load');
+      } else {
+        // Only cache if privilege is present
+        setUserDataCache(data);
+        console.log('✅ User data fetched from API and cached in sessionStorage (secure):', {
+          username: data.username,
+          privilege: data.privilege
+        });
+        setUser(data);
+      }
     } catch (error: any) {
       console.error('❌ Failed to fetch user data:', error);
       
@@ -239,8 +273,15 @@ export function useCurrentUser() {
     // Try to load user from sessionStorage cache first for faster initial load
     const cachedUser = getUserDataCache();
     if (cachedUser) {
-      setUser(cachedUser);
-      console.log('✅ Using cached user data from sessionStorage on mount (persists during session)');
+      // Validate cached user data - if privilege is missing, don't use cache
+      if (cachedUser.privilege === undefined || cachedUser.privilege === null) {
+        console.warn('⚠️ Cached user data missing privilege on mount, will refetch from API');
+        clearUserDataCache();
+        // Don't set user - let fetchCurrentUser handle it
+      } else {
+        setUser(cachedUser);
+        console.log('✅ Using cached user data from sessionStorage on mount (persists during session)');
+      }
     }
     
     // For OAuth authentication, wait a bit longer before fetching user data
diff --git a/src/utils/userCache.ts b/src/utils/userCache.ts
index 6022ffc..e746f1c 100644
--- a/src/utils/userCache.ts
+++ b/src/utils/userCache.ts
@@ -30,6 +30,14 @@ export interface CachedUserData {
  */
 export const setUserDataCache = (userData: CachedUserData): void => {
     if (userData) {
+        // Validate that privilege is present before caching
+        if (!userData.privilege) {
+            console.warn('⚠️ Attempted to cache user data without privilege, skipping cache:', {
+                username: userData.username,
+                hasPrivilege: !!userData.privilege
+            });
+            return;
+        }
         try {
             sessionStorage.setItem(USER_CACHE_KEY, JSON.stringify(userData));
         } catch (error) {