Since the user's role has been removed from the JWT, the React server must fetch the authenticated user based on their ID every time to get the role.
There were still some portions of the React code that used .role or .userRole after getting the JWT, which invalidated the Advisor and Head Advisor roles because .role or .userRole is undefined and thus such elevated user got set back to the Student role instead of their designated role.
This bug is fixed in this PR. The new getProfile() function of the React code returns either an empty object {} or an object containing only the userId and the role, e.g. {userId: 123456, role: 2}.
Since the user's role has been removed from the JWT, the React server must fetch the authenticated user based on their ID every time to get the role.
There were still some portions of the React code that used
.roleor.userRoleafter getting the JWT, which invalidated the Advisor and Head Advisor roles because.roleor.userRoleisundefinedand thus such elevated user got set back to the Student role instead of their designated role.This bug is fixed in this PR. The new
getProfile()function of the React code returns either an empty object{}or an object containing only theuserIdand therole, e.g.{userId: 123456, role: 2}.