/* Google sign-in gate for the SPIF Tracker. * * wraps the app. Behavior: * - No Firebase Auth available (offline / SDK blocked) → renders children * so local-only use still works. * - Not signed in → shows the sign-in screen. * - Signed in but NOT an @partsbase.com account → access-denied screen. * - Signed in with an allowed account → renders children and exposes * { user, signOut } via useAuth(), surfaced in the header by . * * Server-side enforcement lives in the Realtime Database rules; this is the * UI half. Both must be in place to truly lock the data. */ const ALLOWED_DOMAIN = "partsbase.com"; /* People allowed to see the Manager SPIF. Everyone else (any other signed-in * @partsbase.com account) sees every program EXCEPT the Manager SPIF — both * the card on the landing page and the program page itself are blocked. */ const MANAGER_SPIFF_VIEWERS = [ "crahe@partsbase.com", "ekoknar@partsbase.com", "smikov@partsbase.com", "ecicero@partsbase.com", "reffendy@partsbase.com", "kkoo@partsbase.com", "wchee@partsbase.com", ]; /* True if this user may see the Manager SPIF. When no auth layer is configured * at all (local/offline dev) nothing is gated, so the tracker stays usable. */ function canSeeManagerSpiff(user) { if (!window.FIREBASE_AUTH) return true; const email = ((user && user.email) || "").toLowerCase().trim(); return MANAGER_SPIFF_VIEWERS.includes(email); } const AuthContext = React.createContext(null); function useAuth() { return React.useContext(AuthContext); } function AuthGate({ children }) { const auth = window.FIREBASE_AUTH || null; // "open" when there's no auth layer at all (keeps local dev usable) const [status, setStatus] = React.useState(auth ? "loading" : "open"); const [user, setUser] = React.useState(null); const [error, setError] = React.useState(null); const [busy, setBusy] = React.useState(false); React.useEffect(() => { if (!auth) return; const unsub = auth.onAuthStateChanged((u) => { if (!u) { setUser(null); setStatus("out"); return; } const email = (u.email || "").toLowerCase(); if (ALLOWED_DOMAIN && !email.endsWith("@" + ALLOWED_DOMAIN)) { setError(`${u.email} isn't a @${ALLOWED_DOMAIN} account. Use your PartsBase Google account.`); auth.signOut(); setStatus("out"); return; } setUser(u); setStatus("in"); }); return unsub; }, [auth]); const signIn = () => { setError(null); setBusy(true); const provider = new firebase.auth.GoogleAuthProvider(); provider.setCustomParameters({ hd: ALLOWED_DOMAIN, prompt: "select_account" }); auth.signInWithPopup(provider) .catch((e) => { const code = e && e.code; if (code === "auth/operation-not-allowed") setError("Google sign-in isn't switched on for this project yet. Enable the Google provider in Firebase → Authentication, then try again."); else if (code === "auth/popup-blocked") setError("Your browser blocked the sign-in popup. Allow popups for this site and try again."); else if (code === "auth/popup-closed-by-user" || code === "auth/cancelled-popup-request") setError(null); else setError(e && e.message ? e.message : "Sign-in failed. Please try again."); }) .finally(() => setBusy(false)); }; if (status === "open" || status === "in") { return ( auth && auth.signOut() }}> {children} ); } // Loading + signed-out both render the sign-in shell (loading shows a spinner). return ; } function SignInScreen({ onSignIn, loading, busy, error }) { return (
PartsBase

SPIF Tracker

Sign in with your PartsBase Google account to view and update sales incentive programs.

{loading ? (
Checking your session…
) : ( )} {error && (
{error}
)}
Access is limited to @{ALLOWED_DOMAIN} accounts.
); } function GoogleG() { return ( ); } function Spinner() { return ( ); } /* Header account menu — avatar + popover with email and Sign out. */ function AuthMenu() { const ctx = (typeof useAuth === "function") ? useAuth() : null; const [open, setOpen] = React.useState(false); const user = ctx && ctx.user; // No auth layer / not signed in → static placeholder avatar. if (!user) { return (
SO
); } const name = user.displayName || user.email || "User"; const initials = name.split(" ").map(w => w[0]).slice(0, 2).join("").toUpperCase(); return (
{open && ( <>
setOpen(false)} style={{ position: "fixed", inset: 0, zIndex: 40 }} />
{name}
{user.email}
)}
); } /* Hard-block screen for a program the signed-in user isn't permitted to see. */ function AccessDenied({ title, message }) { const ctx = (typeof useAuth === "function") ? useAuth() : null; const user = ctx && ctx.user; return (

{title || "Access restricted"}

{message || "This program isn't available to your account. If you think this is a mistake, contact your SPIF administrator."}

Go to all programs {user && (
Signed in as {user.email}
)}
); } Object.assign(window, { AuthGate, AuthMenu, useAuth, canSeeManagerSpiff, AccessDenied });