Skip to content

feat: add route-level role guard to prevent wrong-role page access #52

Description

@johneliud

Problem

A freelancer can navigate directly to /client/projects/new or /client/listings/new and the page renders normally. There is no middleware or component-level guard redirecting based on role. The contract will correctly reject unauthorized transactions, but the UX is confusing — a freelancer sees a form, fills it out, and only fails at the signing step.

Proposed Solution

Since wallet address = identity (no fixed role per wallet), the guard should be contextual rather than hard:

Short-term (recommended for demo):

  • Add a URL-based notice: if a wallet has no client listings/projects, the client dashboard nudges them to create one. If no projects as freelancer, nudge to browse listings. No hard block.

Medium-term:

  • Add a useRouteGuard hook that checks wallet connectivity before rendering action pages
  • Pages like /client/listings/new should redirect to wallet connect screen if !isConnected (currently shows a wallet prompt inline — redirect is cleaner)

Long-term:

  • Allow users to declare a primary role on first connect (stored off-chain in Supabase) and use that to personalize navigation

Acceptance Criteria

  • Disconnected users are redirected to a connect prompt instead of seeing inline forms
  • Client-only pages display an "unauthorized" state if the connected wallet has no client activity (soft guard, not hard block)

Priority

Low — not a correctness issue (contract enforces auth), but degrades UX.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions