shad0w/pelagia-portal
1
0
Fork 0
Code Issues 11 Pull requests 2 Projects Releases 2 Packages Wiki Activity Actions
pelagia-portal/App/.env.example
Hardik da2d856b73
All checks were successful
PR checks / checks (pull_request) Successful in 34s
Details
PR checks / integration (pull_request) Successful in 26s
Details
feat(po): submitter view-all of POs + History + export (feature-flagged) 
Gated behind NEXT_PUBLIC_SUBMITTER_VIEW_ALL_ENABLED (opt-in, "true").
When on, submitter roles (TECHNICAL/MANNING) get read-only access to every
PO: the History page + report export, any other user's PO detail page, and
the per-PO Export PDF/XLSX buttons. No approval/payment/edit rights are added.

- lib/feature-flags.ts: SUBMITTER_VIEW_ALL_ENABLED flag
- lib/permissions.ts: isSubmitterRole / submitterCanViewAll / canViewAllPos
- po/[id] page + export route: gate via canViewAllPos
- history page + reports/export route: OR submitterCanViewAll into export_reports
- sidebar: show History to submitters when flag on
- tests: permission helpers, both flag states
- docs: .env.example, CLAUDE.md (wiki updated separately)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 04:57:11 +05:30

68 lines
3.6 KiB
Text
Raw Blame History

# =============================================================
# Pelagia Portal — Environment Variables
# Copy this file to .env.local and fill in your values
#
# DEVELOPMENT (NODE_ENV=development, i.e. `pnpm dev`):
# - File uploads are stored locally in .dev-uploads/ — no R2 needed
# - Emails are logged to the terminal — no Resend key needed
# - Only AUTH + DATABASE vars are required to run the app locally
#
# PRODUCTION (NODE_ENV=production, i.e. `pnpm build && pnpm start`):
# - All sections below must be filled in
# =============================================================
# ── Auth ─────────────────────────────────────────────────────
NEXTAUTH_SECRET=your-32-char-secret-here-generate-with-openssl
NEXTAUTH_URL=http://localhost:3000
# ── Microsoft Entra ID (Azure AD) SSO ────────────────────────
# Register an app at https://entra.microsoft.com
# Required redirect URI: {NEXTAUTH_URL}/api/auth/callback/microsoft-entra-id
# Grant: openid, profile, email (Microsoft Graph delegated permissions)
AZURE_AD_CLIENT_ID=your-azure-app-client-id
AZURE_AD_CLIENT_SECRET=your-azure-app-client-secret
AZURE_AD_TENANT_ID=your-azure-tenant-id
# ── Database ──────────────────────────────────────────────────
# Local PostgreSQL or Supabase
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/pelagia_portal"
# Supabase connection pooling URL (use for serverless deployments)
# DATABASE_POOL_URL=
# ── Cloudflare R2 Storage (production only) ──────────────────
# Not required in development — files are stored in .dev-uploads/
R2_ACCOUNT_ID=your-cloudflare-account-id
R2_ACCESS_KEY_ID=your-r2-access-key-id
R2_SECRET_ACCESS_KEY=your-r2-secret-access-key
R2_BUCKET_NAME=pelagia-portal
R2_PUBLIC_URL=https://your-bucket.your-account.r2.cloudflarestorage.com
# ── Email / Resend (production only) ─────────────────────────
# Not required in development — emails are printed to the terminal
RESEND_API_KEY=re_xxxxxxxxxxxxxxxxxxxx
EMAIL_FROM=noreply@pelagiaportal.com
EMAIL_FROM_NAME="Pelagia Portal"
# ── GST Lookup microservice ───────────────────────────────────
# Run the GstService/ microservice alongside the app.
# Development default (localhost:3002) is used if this is unset.
# Start the service with: cd GstService && npm run dev
GST_SERVICE_URL=http://localhost:3003
# ── Forgejo issue reporting (Report Issue button) ─────────────
# Token needs write:issue scope on the repo below.
FORGEJO_URL=https://git.pelagiamarine.com
FORGEJO_REPO=shad0w/pelagia-portal
FORGEJO_TOKEN=
# ── Feature flags (NEXT_PUBLIC_, available to client + server) ─
# Inventory tracking (site stock / consumption). On unless explicitly "false".
# NEXT_PUBLIC_INVENTORY_ENABLED=false
# Let submitters (TECHNICAL/MANNING) read & export every PO and open the History
# page (read-only). Opt-in — on only when exactly "true".
# NEXT_PUBLIC_SUBMITTER_VIEW_ALL_ENABLED=true
# ── Non-production banner ─────────────────────────────────────
# When set, a fixed "internal dev / staging" banner is shown (EnvBanner).
# Leave UNSET in production. Staging sets this automatically.
# NEXT_PUBLIC_ENV_LABEL="INTERNAL DEV / STAGING - NOT PRODUCTION"
Reference in a new issue View git blame Copy permalink