Skip to content

feat: implement Approval Process with RunAsNonRoot (#437)#603

Merged
RUKAYAT-CODER merged 1 commit into
rinafcode:mainfrom
Praizfotos:feat/approval-process-run-as-non-root
May 30, 2026
Merged

feat: implement Approval Process with RunAsNonRoot (#437)#603
RUKAYAT-CODER merged 1 commit into
rinafcode:mainfrom
Praizfotos:feat/approval-process-run-as-non-root

Conversation

@Praizfotos
Copy link
Copy Markdown
Contributor

@Praizfotos Praizfotos commented May 30, 2026

Summary

Implements the Approval Process with proper RunAsNonRoot semantics — non-privileged users (instructors) can submit content for review without requiring admin/root access. Admins hold the CONTENT_APPROVE permission and manage submissions via a dedicated queue.

Changes

Permissions & Types (src/types/api.ts)

  • Added CONTENT_APPROVE to the Permission enum (granted to ADMIN only via Object.values)
  • Added domain types: ApprovalItem, ApprovalStatus, SubmitApprovalRequest, ReviewApprovalRequest

API Route (src/app/api/approvals/route.ts)

  • GET /api/approvals — list submissions, filterable by status
  • POST /api/approvals — submit content for approval (RunAsNonRoot: no elevated privilege required)
  • PATCH /api/approvals — review a submission (approve/reject, admin action)
  • Uses withRateLimit, validateBody/validateQuery (Zod), and logAuditMutation

ApprovalQueue Component (src/components/admin/ApprovalQueue.tsx)

  • Admin-only UI gated by CONTENT_APPROVE via PermissionGate
  • Filter by status (Pending / Approved / Rejected / All)
  • Approve/Reject actions with optional review note
  • Accessible: aria-label, aria-pressed, role=alert

SubmitForApproval Component (src/components/approvals/SubmitForApproval.tsx)

  • Instructor-only submit button (requires CONTENT_UPLOAD, not CONTENT_APPROVE)
  • Automatically hidden for admins — they use ApprovalQueue instead
  • Success/error states with accessible feedback

Tests (src/app/api/approvals/__tests__/approvals.test.tsx)

  • 22 unit tests: ACL permission assignment, API route (fetch mock), component rendering and interactions
  • All 22 tests pass ✅

Acceptance Criteria

  • Approval Process properly implements RunAsNonRoot
  • All related tests pass (22/22)
  • No regression in existing functionality
  • Code follows project coding standards (Tailwind, lucide-react, PermissionGate, existing API patterns)
  • Accessibility guidelines followed (aria attributes, role=alert, aria-pressed)
  • Security: permission-gated at UI and API level, rate-limited, audit-logged

Closes #437

@Praizfotos
feat: implement Approval Process with RunAsNonRoot
94baa20 
- Add CONTENT_APPROVE permission to Permission enum
- Add ApprovalItem, ApprovalStatus, SubmitApprovalRequest,
  ReviewApprovalRequest types to types/api.ts
- Create /api/approvals route (GET list, POST submit, PATCH review)
  with rate limiting, Zod validation, and audit logging
- Add ApprovalQueue component (admin-only, gated by CONTENT_APPROVE)
  with status filtering, approve/reject actions, and review notes
- Add SubmitForApproval component (instructor-only, RunAsNonRoot)
  hidden from admins who use ApprovalQueue instead
- Add 22 unit tests covering ACL, API, and both components

Closes rinafcode#437
@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented May 30, 2026

@Praizfotos Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@RUKAYAT-CODER RUKAYAT-CODER merged commit b174e7d into rinafcode:main May 30, 2026
1 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

performance Approval Process : RunAsNonRoot

2 participants

@Praizfotos @RUKAYAT-CODER