From 5f22c7be7723ef41314f4266bdbdf4e144964365 Mon Sep 17 00:00:00 2001
From: Ida Dittrich <i.dittrich@valueon.ch>
Date: Mon, 5 Jan 2026 07:12:37 +0100
Subject: [PATCH] fix:added more rolelabel logging to see why missing pages

---
 src/hooks/useUsers.ts | 73 +++++++++++++++++++++++++++++++++++++------
 1 file changed, 63 insertions(+), 10 deletions(-)

diff --git a/src/hooks/useUsers.ts b/src/hooks/useUsers.ts
index ea143ef..adc7c60 100644
--- a/src/hooks/useUsers.ts
+++ b/src/hooks/useUsers.ts
@@ -30,14 +30,28 @@ export function useCurrentUser() {
       // Check if we already have user data in sessionStorage cache
       const cachedUser = getUserDataCache();
       if (cachedUser && cachedUser.username) {
-        // Use cached user data - permissions are checked via RBAC API, not client-side
-        setUser(cachedUser);
-        console.log('✅ Using cached user data from sessionStorage (persists during session):', {
-          username: cachedUser.username,
-          roleLabels: cachedUser.roleLabels,
-          privilege: cachedUser.privilege
-        });
-        return;
+        // Check if cached user has roleLabels - if empty, refetch from API
+        const hasRoleLabels = Array.isArray(cachedUser.roleLabels) && cachedUser.roleLabels.length > 0;
+        const hasPrivilege = !!cachedUser.privilege;
+        
+        if (!hasRoleLabels && !hasPrivilege) {
+          console.warn('⚠️ Cached user data has no roleLabels or privilege, refetching from API:', {
+            username: cachedUser.username,
+            roleLabels: cachedUser.roleLabels,
+            privilege: cachedUser.privilege
+          });
+          // Clear cache and continue to fetch from API
+          clearUserDataCache();
+        } else {
+          // Use cached user data - permissions are checked via RBAC API, not client-side
+          setUser(cachedUser);
+          console.log('✅ Using cached user data from sessionStorage (persists during session):', {
+            username: cachedUser.username,
+            roleLabels: cachedUser.roleLabels,
+            privilege: cachedUser.privilege
+          });
+          return;
+        }
       }
       
       // JWT tokens are now stored in httpOnly cookies, so we fetch user data from API
@@ -91,12 +105,31 @@ export function useCurrentUser() {
         throw new Error('Invalid user data received from API');
       }
       
+      // Check if API returned roleLabels - if not, log warning but still cache
+      const hasRoleLabels = Array.isArray(data.roleLabels) && data.roleLabels.length > 0;
+      const hasPrivilege = !!data.privilege;
+      
+      if (!hasRoleLabels && !hasPrivilege) {
+        console.warn('⚠️ User data from API has no roleLabels or privilege - this may cause RBAC issues:', {
+          username: data.username,
+          roleLabels: data.roleLabels,
+          privilege: data.privilege,
+          allKeys: Object.keys(data),
+          fullResponse: JSON.stringify(data, null, 2)
+        });
+        // Still cache it, but log the issue - backend RBAC should handle permissions
+        // However, if backend expects roleLabels, this will cause problems
+      }
+      
       // Cache user data (permissions are checked via RBAC API)
       setUserDataCache(data);
       console.log('✅ User data fetched from API and cached in sessionStorage (secure):', {
         username: data.username,
         roleLabels: data.roleLabels,
-        privilege: data.privilege
+        roleLabelsLength: Array.isArray(data.roleLabels) ? data.roleLabels.length : 0,
+        privilege: data.privilege,
+        hasRoleLabels,
+        hasPrivilege
       });
       setUser(data);
     } catch (error: any) {
@@ -267,9 +300,29 @@ export function useCurrentUser() {
     // Try to load user from sessionStorage cache first for faster initial load
     const cachedUser = getUserDataCache();
     if (cachedUser && cachedUser.username) {
+      // Check if cached user has roleLabels - if empty, refetch from API
+      const hasRoleLabels = Array.isArray(cachedUser.roleLabels) && cachedUser.roleLabels.length > 0;
+      const hasPrivilege = !!cachedUser.privilege;
+      
+      if (!hasRoleLabels && !hasPrivilege) {
+        console.warn('⚠️ Cached user data has no roleLabels or privilege, refetching from API:', {
+          username: cachedUser.username,
+          roleLabels: cachedUser.roleLabels,
+          privilege: cachedUser.privilege
+        });
+        // Clear cache and refetch
+        clearUserDataCache();
+        fetchCurrentUser();
+        return;
+      }
+      
       // Use cached user data - permissions are checked via RBAC API
       setUser(cachedUser);
-      console.log('✅ Using cached user data from sessionStorage on mount (persists during session)');
+      console.log('✅ Using cached user data from sessionStorage on mount (persists during session):', {
+        username: cachedUser.username,
+        roleLabels: cachedUser.roleLabels,
+        privilege: cachedUser.privilege
+      });
     }
     
     // For OAuth authentication, wait a bit longer before fetching user data