Merge pull request #40 from fuzziecoder/codex/fix-notification-issue-and-update-admin-management

Add org-code multi-management scoping and fix notification fan-out

Author: fuzziecoder

contexts/AuthContext.tsx

@@ -16,7 +16,7 @@ import { supabase } from "../services/supabase";
 interface AuthContextType {
   user: User | null;
   profile: UserProfile | null;
-  login: (identifier: string, password: string) => Promise<void>;
+  login: (identifier: string, password: string, orgCode?: string) => Promise<void>;
   logout: () => void;
   updateProfile: (updates: Partial<UserProfile>) => Promise<void>;
   loading: boolean;
@@ -54,20 +54,25 @@ export const AuthProvider = ({ children }: { children: ReactNode }) => {
   /* Login */
   /* ------------------------------------------------------------------------ */
 
-  const login = async (identifier: string, password: string) => {
+  const login = async (identifier: string, password: string, orgCode?: string) => {
     setLoading(true);
 
     try {
       // Strip formatting from phone number if it looks like a phone
       const cleanIdentifier = identifier.replace(/\D/g, '').length === 10 ? identifier.replace(/\D/g, '') : identifier;
 
       // First try to get profile from Supabase
-      const { data: profiles, error: profileError } = await supabase
+      let profileQuery = supabase
         .from('profiles')
         .select('*')
         .or(`email.eq.${identifier},phone.eq.${cleanIdentifier},username.eq.${identifier}`)
-        .eq('password', password)
-        .single();
+        .eq('password', password);
+
+      if (orgCode?.trim()) {
+        profileQuery = profileQuery.eq('org_code', orgCode.trim());
+      }
+
+      const { data: profiles, error: profileError } = await profileQuery.single();
 
       if (!profileError && profiles) {
         // Found in Supabase - use UUID from database
@@ -94,7 +99,7 @@ export const AuthProvider = ({ children }: { children: ReactNode }) => {
 
     // Fallback to mockApi for development
     const { user: loggedInUser, profile: userProfile } =
-      await mockApi.login(identifier, password);
+      await mockApi.login(identifier, password, orgCode);
 
     // If using mockApi, try to find the UUID in Supabase
     try {

pages/DrinksPage.tsx

@@ -126,7 +126,7 @@ const DrinksPage: React.FC = () => {
 
     try {
       setPageError(null);
-      const spotData = await spotService.getUpcomingSpot();
+      const spotData = await spotService.getUpcomingSpot(profile?.org_code);
       setSpot(spotData);
 
       if (spotData) {

pages/DrinksPageNew.tsx

@@ -79,7 +79,7 @@ const DrinksPage: React.FC = () => {
     if (!profile) return;
 
     try {
-      const spotData = await spotService.getUpcomingSpot();
+      const spotData = await spotService.getUpcomingSpot(profile?.org_code);
       setSpot(spotData);
 
       if (spotData) {

pages/HomePage.tsx

@@ -73,15 +73,15 @@ const HomePage: React.FC = () => {
       }
     };
     checkSetup();
-  }, []);
+  }, [profile?.org_code]);
 
   /* ----------------------------- FETCH DATA ----------------------------- */
 
   const fetchData = useCallback(async () => {
     setLoading(true);
     setDbSetupError(null);
     try {
-      const spotData = await spotService.getUpcomingSpot();
+      const spotData = await spotService.getUpcomingSpot(profile?.org_code);
       setSpot(spotData);
 
       if (spotData) {
@@ -101,7 +101,7 @@ const HomePage: React.FC = () => {
     } finally {
       setLoading(false);
     }
-  }, []);
+  }, [profile?.org_code]);
 
   useEffect(() => {
     fetchData();
@@ -119,7 +119,8 @@ const HomePage: React.FC = () => {
             // Notify all users in database
             notificationService.createNotificationForAllUsers(
               "New Spot Created!",
-              `A new spot has been created at ${payload.new.location}`
+              `A new spot has been created at ${payload.new.location}`,
+              profile?.org_code
             ).catch(err => console.error('Error notifying all users:', err));
             // Also notify current user locally
             notify("New Spot Created!", `A new spot has been created at ${payload.new.location}`);
@@ -142,7 +143,8 @@ const HomePage: React.FC = () => {
             // Notify all users about RSVP updates
             notificationService.createNotificationForAllUsers(
               "RSVP Updated",
-              `Someone ${statusMessages[payload.new.status] || 'updated their RSVP'}`
+              `Someone ${statusMessages[payload.new.status] || 'updated their RSVP'}`,
+              profile?.org_code
             ).catch(err => console.error('Error notifying all users:', err));
             // Also notify current user locally
             notify("RSVP Updated", `Someone ${statusMessages[payload.new.status] || 'updated their RSVP'}`);
@@ -329,13 +331,20 @@ const HomePage: React.FC = () => {
         created_by: userId,
         latitude: newSpotData.latitude,
         longitude: newSpotData.longitude,
+        org_code: profile.org_code,
       });
 
       // Get all users to create invitations for them
-      const { data: allUsers, error: usersError } = await supabase
+      let usersQuery = supabase
         .from('profiles')
         .select('id');
 
+      if (profile.org_code) {
+        usersQuery = usersQuery.eq('org_code', profile.org_code);
+      }
+
+      const { data: allUsers, error: usersError } = await usersQuery;
+
       if (!usersError && allUsers) {
         // Create invitations for all users (pending status by default)
         const invitationPromises = allUsers.map((user) =>
@@ -359,7 +368,8 @@ const HomePage: React.FC = () => {
       // Notify all users about the new spot
       await notificationService.createNotificationForAllUsers(
         "New Spot Created!",
-        `A new spot has been created at ${newSpotData.location} on ${new Date(newSpotData.date).toLocaleDateString()}`
+        `A new spot has been created at ${newSpotData.location} on ${new Date(newSpotData.date).toLocaleDateString()}`,
+        profile.org_code
       );
       // Also notify current user locally
       notify("New Spot Created!", `A new spot has been created at ${newSpotData.location} on ${new Date(newSpotData.date).toLocaleDateString()}`);
@@ -588,7 +598,7 @@ const HomePage: React.FC = () => {
       setIsEditSpotModalOpen(false);
       setEditingSpot(null);
       await fetchData();
-      await notificationService.createNotificationForAllUsers("Spot Updated", "Spot details have been updated successfully");
+      await notificationService.createNotificationForAllUsers("Spot Updated", "Spot details have been updated successfully", profile?.org_code);
       notify("Spot Updated", "Spot details have been updated successfully");
     } catch (error: any) {
       alert(`Failed to update spot: ${error.message || 'Please try again.'}`);
@@ -600,7 +610,7 @@ const HomePage: React.FC = () => {
     try {
       await spotService.deleteSpot(spotId);
       await fetchData();
-      await notificationService.createNotificationForAllUsers("Spot Deleted", "Spot has been deleted successfully");
+      await notificationService.createNotificationForAllUsers("Spot Deleted", "Spot has been deleted successfully", profile?.org_code);
       notify("Spot Deleted", "Spot has been deleted successfully");
     } catch (error: any) {
       alert(`Failed to delete spot: ${error.message || 'Please try again.'}`);

pages/LoginPage.tsx

@@ -24,6 +24,8 @@ type FormData = {
   mobileNumber: string;
   email: string;
   username: string;
+  orgCode: string;
+  managementName: string;
 };
 
 const formatMobile = (val: string) => {
@@ -53,6 +55,8 @@ const LoginPage: React.FC = () => {
     newPassword: '',
     email: '',
     username: '',
+    orgCode: '',
+    managementName: '',
   });
 
   const [errors, setErrors] = useState<Partial<Record<keyof FormData, string>>>({});
@@ -110,6 +114,13 @@ const LoginPage: React.FC = () => {
       case 'username':
         if (!value.trim()) error = 'Username is required';
         break;
+      case 'orgCode':
+        if (!value.trim()) error = 'Org Code is required';
+        else if (!/^\d{4}$/.test(value.trim())) error = 'Org Code must be 4 digits';
+        break;
+      case 'managementName':
+        if (view === 'mobile-setup' && !value.trim()) error = 'Management name is required';
+        break;
     }
     return error;
   };
@@ -134,7 +145,7 @@ const LoginPage: React.FC = () => {
   const handleLogin = async (e: React.FormEvent) => {
     e.preventDefault();
     clearMessages();
-    const fields = authMethod === 'email' ? ['loginEmail', 'loginPassword'] : ['loginMobile', 'loginPassword'];
+    const fields = authMethod === 'email' ? ['loginEmail', 'loginPassword', 'orgCode'] : ['loginMobile', 'loginPassword', 'orgCode'];
     let isValid = true;
     const newErrors: any = {};
     fields.forEach(f => {
@@ -147,7 +158,7 @@ const LoginPage: React.FC = () => {
     // Strip formatting from phone number for login
     let identifier = authMethod === 'email' ? formData.loginEmail : formData.loginMobile.replace(/\D/g, '');
     try {
-      await login(identifier, formData.loginPassword);
+      await login(identifier, formData.loginPassword, formData.orgCode.trim());
       navigate('/dashboard/home');
     } catch (err: any) {
       setApiError(err.message || 'Login failed.');
@@ -228,7 +239,9 @@ const LoginPage: React.FC = () => {
     const e1 = validateField('email', formData.email);
     const e2 = validateField('username', formData.username);
     const e3 = validateField('newPassword', formData.newPassword);
-    if (e1 || e2 || e3) { setErrors({ email: e1, username: e2, newPassword: e3 }); return; }
+    const e4 = validateField('orgCode', formData.orgCode);
+    const e5 = validateField('managementName', formData.managementName);
+    if (e1 || e2 || e3 || e4 || e5) { setErrors({ email: e1, username: e2, newPassword: e3, orgCode: e4, managementName: e5 }); return; }
 
     // Check username uniqueness
     try {
@@ -255,10 +268,12 @@ const LoginPage: React.FC = () => {
         password: formData.newPassword,
         profile_pic_url: DEFAULT_AVATARS[Math.floor(Math.random() * DEFAULT_AVATARS.length)],
         role: 'user',
+        org_code: formData.orgCode.trim(),
+        management_name: formData.managementName.trim(),
       });
 
       // Auto-login after registration
-      await login(phoneDigits, formData.newPassword);
+      await login(phoneDigits, formData.newPassword, formData.orgCode.trim());
       setSuccess('Account created! Welcome to the squad.');
       setTimeout(() => navigate('/dashboard/home'), 1500);
     } catch (err: any) {
@@ -304,6 +319,7 @@ const LoginPage: React.FC = () => {
                       <div className="absolute right-4 top-10 text-orange-400 flex items-center gap-1"><AlertCircle size={14} /><span className="text-[10px] font-bold">FORMAT?</span></div>
                     )}
                   </div>
+                  <Input name="orgCode" label="Org Code" type="text" value={formData.orgCode} onChange={handleChange} error={errors.orgCode} icon={<User size={16} />} placeholder="4-digit code" />
                   <Input name="loginPassword" label="Password" type={showPassword ? 'text' : 'password'} value={formData.loginPassword} onChange={handleChange} error={errors.loginPassword} icon={<Lock size={16} />} rightIcon={showPassword ? <EyeOff size={16} /> : <Eye size={16} />} onRightIconClick={() => setShowPassword(!showPassword)} />
                   <div className="flex justify-end px-1"><button type="button" onClick={() => setView('forgot')} className="text-[10px] font-black uppercase tracking-widest text-zinc-500 hover:text-white transition-colors">Forgot Password?</button></div>
                   <Button type="submit" className="w-full py-4 uppercase tracking-widest font-black" disabled={loading}>Enter Squad</Button>
@@ -317,6 +333,7 @@ const LoginPage: React.FC = () => {
                 <h1 className="text-3xl font-black text-white tracking-tighter mb-8">MOBILE</h1>
                 <form className="space-y-6" onSubmit={handleLogin} noValidate>
                   <Input name="loginMobile" label="Phone" type="tel" value={formData.loginMobile} onChange={handleChange} error={errors.loginMobile} icon={<Smartphone size={16} />} placeholder="(000) 000-0000" />
+                  <Input name="orgCode" label="Org Code" type="text" value={formData.orgCode} onChange={handleChange} error={errors.orgCode} icon={<User size={16} />} placeholder="4-digit code" />
                   <Input name="loginPassword" label="Password" type={showPassword ? 'text' : 'password'} value={formData.loginPassword} onChange={handleChange} error={errors.loginPassword} icon={<Lock size={16} />} rightIcon={showPassword ? <EyeOff size={16} /> : <Eye size={16} />} onRightIconClick={() => setShowPassword(!showPassword)} />
                   <Button type="submit" className="w-full py-4 uppercase tracking-widest font-black" disabled={loading}>Join Meetup</Button>
                   <div className="text-center"><button type="button" onClick={() => setView('mobile-register')} className="text-[10px] font-black uppercase tracking-widest text-zinc-500 hover:text-white transition-colors">Create Account</button></div>
@@ -366,6 +383,8 @@ const LoginPage: React.FC = () => {
                 <form className="space-y-6" onSubmit={handleMobileSetup} noValidate>
                   <Input name="email" label="Email Address" type="email" value={formData.email} onChange={handleChange} error={errors.email} icon={<Mail size={16} />} placeholder="john@doe.com" />
                   <Input name="username" label="Username" type="text" value={formData.username} onChange={handleChange} error={errors.username} icon={<AtSign size={16} />} placeholder="johndoe" />
+                  <Input name="managementName" label="Management Name" type="text" value={formData.managementName} onChange={handleChange} error={errors.managementName} icon={<User size={16} />} placeholder="Team/Org name" />
+                  <Input name="orgCode" label="Org Code" type="text" value={formData.orgCode} onChange={handleChange} error={errors.orgCode} icon={<User size={16} />} placeholder="4-digit code" />
                   <div className="space-y-3">
                     <Input name="newPassword" label="Password" type="password" value={formData.newPassword} onChange={handleChange} error={errors.newPassword} icon={<Lock size={16} />} />
                     <PasswordStrength password={formData.newPassword} />

pages/PaymentPage.tsx

@@ -37,7 +37,7 @@ const PaymentPage: React.FC = () => {
 
   const fetchData = useCallback(async () => {
     try {
-      const spotData = await spotService.getUpcomingSpot();
+      const spotData = await spotService.getUpcomingSpot(profile?.org_code);
       setSpot(spotData);
 
       if (spotData) {

services/database.ts

@@ -7,17 +7,22 @@ import { Spot, Invitation, Payment, InvitationStatus, PaymentStatus, UserProfile
 
 export const spotService = {
   // Get upcoming spot (date >= today)
-  async getUpcomingSpot(): Promise<Spot | null> {
+  async getUpcomingSpot(orgCode?: string): Promise<Spot | null> {
     const now = new Date();
     const today = now.toISOString().split('T')[0];
 
-    const { data, error } = await supabase
+    let query = supabase
       .from('spots')
       .select('*')
       .gte('date', today)
       .order('date', { ascending: true })
-      .limit(1)
-      .maybeSingle();
+      .limit(1);
+
+    if (orgCode?.trim()) {
+      query = query.eq('org_code', orgCode.trim());
+    }
+
+    const { data, error } = await query.maybeSingle();
 
     if (error) {
       if (error.code === 'PGRST116') {
@@ -35,15 +40,21 @@ export const spotService = {
   },
 
   // Get all upcoming spots
-  async getUpcomingSpots(): Promise<Spot[]> {
+  async getUpcomingSpots(orgCode?: string): Promise<Spot[]> {
     const today = new Date().toISOString().split('T')[0];
 
-    const { data, error } = await supabase
+    let query = supabase
       .from('spots')
       .select('*')
       .gte('date', today)
       .order('date', { ascending: true });
 
+    if (orgCode?.trim()) {
+      query = query.eq('org_code', orgCode.trim());
+    }
+
+    const { data, error } = await query;
+
     if (error) {
       console.error('Error fetching upcoming spots:', error);
       throw error;
@@ -53,15 +64,21 @@ export const spotService = {
   },
 
   // Get past spots (date < today)
-  async getPastSpots(): Promise<Spot[]> {
+  async getPastSpots(orgCode?: string): Promise<Spot[]> {
     const today = new Date().toISOString().split('T')[0];
 
-    const { data, error } = await supabase
+    let query = supabase
       .from('spots')
       .select('*')
       .lt('date', today)
       .order('date', { ascending: false });
 
+    if (orgCode?.trim()) {
+      query = query.eq('org_code', orgCode.trim());
+    }
+
+    const { data, error } = await query;
+
     if (error) {
       if (error.message?.includes('relation') || error.message?.includes('does not exist')) {
         throw new Error('Database tables not found. Please run the SQL migration in Supabase SQL Editor. See supabase_migration.sql file.');
@@ -93,6 +110,7 @@ export const spotService = {
         created_by: spotData.created_by,
         description: spotData.description || '',
         feedback: spotData.feedback || '',
+        org_code: spotData.org_code,
         latitude: spotData.latitude,
         longitude: spotData.longitude,
       })
@@ -464,6 +482,8 @@ export const profileService = {
     password: string;
     profile_pic_url?: string;
     role?: string;
+    org_code?: string;
+    management_name?: string;
   }): Promise<UserProfile> {
     const { data, error } = await supabase
       .from('profiles')
@@ -475,6 +495,8 @@ export const profileService = {
         password: profileData.password,
         profile_pic_url: profileData.profile_pic_url || 'https://api.dicebear.com/7.x/thumbs/svg?seed=default',
         role: profileData.role || 'user',
+        org_code: profileData.org_code,
+        management_name: profileData.management_name,
         location: 'Broville',
         is_verified: true,
       })
@@ -1103,13 +1125,19 @@ export const notificationService = {
   },
 
   // Create notifications for all users
-  async createNotificationForAllUsers(title: string, message: string): Promise<void> {
+  async createNotificationForAllUsers(title: string, message: string, orgCode?: string): Promise<void> {
     try {
       // Get all users
-      const { data: allUsers, error: usersError } = await supabase
+      let usersQuery = supabase
         .from('profiles')
         .select('id');
 
+      if (orgCode?.trim()) {
+        usersQuery = usersQuery.eq('org_code', orgCode.trim());
+      }
+
+      const { data: allUsers, error: usersError } = await usersQuery;
+
       if (usersError || !allUsers || allUsers.length === 0) {
         console.error('Error fetching users for notifications:', usersError);
         return;