Skip to content

[dev] [Marfuen] mariano/fix-portal-active-org-sync#2468

Merged
Marfuen merged 1 commit intomainfrom
mariano/fix-portal-active-org-sync
Apr 7, 2026
Merged

[dev] [Marfuen] mariano/fix-portal-active-org-sync#2468
Marfuen merged 1 commit intomainfrom
mariano/fix-portal-active-org-sync

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot commented Apr 7, 2026

This is an automated pull request to merge mariano/fix-portal-active-org-sync into dev.
It was created by the [Auto Pull Request] action.

@Marfuen @claude
fix(portal): sync activeOrganizationId when navigating between orgs
5e9db82 
Multi-org users hitting the portal would get 403s on training completion
and other API calls because HybridAuthGuard resolves memberId from the
session's activeOrganizationId — which was never updated when the user
navigated to a different org in the portal.

Adds setActiveOrganization to the portal auth module and a [orgId] layout
that syncs the session before any child page renders, matching the pattern
already used in the main app.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
comp-framework-editor Ready Ready Preview, Comment Apr 7, 2026 1:45pm
portal Ready Ready Preview, Comment Apr 7, 2026 1:45pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
app Skipped Skipped Apr 7, 2026 1:45pm

Request Review

@cursor
Copy link
Copy Markdown

cursor bot commented Apr 7, 2026
edited
Loading

PR Summary

Medium Risk
Changes server-side auth/session behavior by mutating activeOrganizationId based on the URL, which could affect multi-org navigation and relies on the new API call succeeding.

Overview
Ensures org-scoped pages keep the session’s activeOrganizationId in sync with the [orgId] route to avoid authorization mismatches for multi-org users.

Adds a new server-side auth.api.setActiveOrganization helper that POSTs to /api/auth/organization/set-active, and calls it from the new [orgId]/layout.tsx when the session’s active org differs from the URL (redirecting to /auth if no session).

Reviewed by Cursor Bugbot for commit 5e9db82. Bugbot is set up for automated code reviews on this repo. Configure here.

@Marfuen Marfuen merged commit e1b29a5 into main Apr 7, 2026
10 checks passed
@Marfuen Marfuen deleted the mariano/fix-portal-active-org-sync branch April 7, 2026 15:41
claudfuen pushed a commit that referenced this pull request Apr 7, 2026
@semantic-release-bot
chore(release): 3.17.0 [skip ci]
a5b93ce 
# [3.17.0](v3.16.2...v3.17.0) (2026-04-07)

### Bug Fixes

* **ci:** pin bun version in trigger workflows and regenerate lockfile ([4650bd9](4650bd9))
* **ci:** pin bun version in trigger workflows and regenerate lockfile ([#2478](#2478)) ([3574357](3574357))
* **documents:** allow CSV and Excel file uploads for evidence forms ([52bb3f6](52bb3f6))
* **documents:** fix RBAC schema, matrix validation, and step 3 MIME mapper ([c440317](c440317))
* **documents:** fix TS strict index access on matrix row ([77d71bd](77d71bd))
* **documents:** use lenient row schema so file upload bypasses row validation ([f06febb](f06febb))
* **documents:** use original row index for validation error paths ([7ded778](7ded778))
* **google-workspace:** clarify that email filter variables apply to checks too, not just sync ([cb0e6af](cb0e6af))
* **notifications:** dont send task reminders to employees ([5a90324](5a90324))
* **portal:** sync activeOrganizationId when navigating between orgs ([#2468](#2468)) ([e1b29a5](e1b29a5))

### Features

* **trigger:** add org tags to all trigger job runs ([#2476](#2476)) ([b3d26e7](b3d26e7))
@claudfuen
Copy link
Copy Markdown
Contributor

claudfuen commented Apr 7, 2026

🎉 This PR is included in version 3.17.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automated-pr released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@claudfuen @Marfuen