Conversation
Implements user profile viewing and editing functionality: - Add UserProfile, UserProfileSettings, and ProfileUpdateRequest types - Create GET/PATCH /api/profile endpoints for profile management - Create GET/PATCH /api/profile/settings for admin configuration - Add /profile page with editable fields (name, phone, timezone, language) - Support view-only mode when editing is disabled by admin - Display SSO provider info when user is authenticated via Azure AD Closes #9
There was a problem hiding this comment.
Pull request overview
This PR implements user profile self-service functionality, allowing users to view and edit their profile information based on admin-configured settings. The implementation includes type definitions, API endpoints for profile and settings management, and a user-facing profile page with form controls.
Key Changes:
- Added TypeScript type definitions for UserProfile, UserProfileSettings, and ProfileUpdateRequest
- Created GET/PATCH API endpoints at /api/profile for user profile management and /api/profile/settings for admin configuration
- Built a responsive profile page with editable fields (display name, phone, timezone, language) that respects admin permissions
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 22 comments.
| File | Description |
|---|---|
| src/types/index.ts | Defines TypeScript interfaces for user profiles, profile settings, and update requests |
| src/app/profile/page.tsx | Implements the user-facing profile page with form controls, validation, and view-only mode support |
| src/app/api/profile/route.ts | Provides GET/PATCH endpoints for retrieving and updating user profile data |
| src/app/api/profile/settings/route.ts | Provides GET/PATCH endpoints for admin management of profile feature settings |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| export async function GET() { | ||
| try { | ||
| const session = await getServerSession(authOptions); | ||
|
|
||
| if (!session?.user?.email) { | ||
| return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); | ||
| } | ||
|
|
||
| return NextResponse.json({ | ||
| settings: profileSettings, | ||
| success: true, | ||
| }); | ||
| } catch (error) { | ||
| console.error('Error fetching profile settings:', error); | ||
| return NextResponse.json({ error: 'Failed to fetch settings' }, { status: 500 }); | ||
| } | ||
| } |
There was a problem hiding this comment.
The GET endpoint returns settings to all authenticated users without checking the isAdmin function. While this may be intentional to allow users to see what settings are enabled, it's inconsistent with the PATCH endpoint which requires admin access. Consider whether settings should be publicly readable or if this endpoint should also check admin permissions.
There was a problem hiding this comment.
This is intentional by design. Added JSDoc comment to clarify: The frontend needs to know which fields are editable to render the UI correctly. Users reading settings is harmless - only PATCH requires admin access to modify them.
- Create shared profile-settings module to ensure settings are synchronized between /api/profile and /api/profile/settings endpoints - Add JSDoc comment explaining that GET settings endpoint is intentionally accessible to all users (for UI display purposes) - Add displayName validation (required, 1-50 chars) on both frontend and backend - Add API tests for profile and profile settings endpoints
3 participants
Implements user profile viewing and editing functionality:
Closes #9