admin page updates

internal/rbac/cache_middleware.go

@@ -14,7 +14,7 @@ import (
 )
 
 // LoadPermissionsMiddleware loads user permissions into context after authentication
-// MUST run AFTER auth.Authenticate() middleware
+// MUST run AFTER auth.Authenticate() middleware and LoadPreviewRoleMiddleware
 func (c *Checker) LoadPermissionsMiddleware() hws.Middleware {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -34,17 +34,38 @@ func (c *Checker) LoadPermissionsMiddleware() hws.Middleware {
 				return
 			}
 
+			// Check if we're in preview mode
+			previewRole := contexts.GetPreviewRole(r.Context())
+
 			var roles_ []*db.Role
 			var perms []*db.Permission
 			if err := db.WithTxFailSilently(r.Context(), c.conn, func(ctx context.Context, tx bun.Tx) error {
 				var err error
-				roles_, err = user.GetRoles(ctx, tx)
-				if err != nil {
-					return errors.Wrap(err, "user.GetRoles")
-				}
-				perms, err = user.GetPermissions(ctx, tx)
-				if err != nil {
-					return errors.Wrap(err, "user.GetPermissions")
+
+				if previewRole != nil {
+					// In preview mode: use the preview role instead of user's roles
+					role, err := db.GetRoleWithPermissions(ctx, tx, previewRole.ID)
+					if err != nil {
+						return errors.Wrap(err, "db.GetRoleWithPermissions")
+					}
+					if role != nil {
+						roles_ = []*db.Role{role}
+						// Convert []Permission to []*Permission
+						perms = make([]*db.Permission, len(role.Permissions))
+						for i := range role.Permissions {
+							perms[i] = &role.Permissions[i]
+						}
+					}
+				} else {
+					// Normal mode: use user's actual roles and permissions
+					roles_, err = user.GetRoles(ctx, tx)
+					if err != nil {
+						return errors.Wrap(err, "user.GetRoles")
+					}
+					perms, err = user.GetPermissions(ctx, tx)
+					if err != nil {
+						return errors.Wrap(err, "user.GetPermissions")
+					}
 				}
 				return nil
 			}); err != nil {