Create an admin only current appointments page

[adamzr]

• User table should have is is_admin column
• User DTO given to front-end should expose isAdmin to the front-end
• Front-end should show an admin menu in the nav bar to admins only
• A page on that menu should be "View appointments"
• The view appointments page should have a date selector defaulted to today's date
• There should be a table of appointments for the selected date
• That data will come from an endpoint accessible only to admin users
• The table will show the date, time, title, first name, last name, phone number, email address, room type, and notes

[miriamstriks]

That data will come from an endpoint accessible only to admin users

How do you envision securing this endpoint? Would you leverage Auth0 roles or require some kind of JWT claim in the request? If so, do we still need an "isAdmin" property for users?

[adamzr]

I originally envisioned using auth0 roles and claims on the JWT. Then maybe making that work with Spring Security or something. But, that's hard to setup. You are welcome to try. I can give you auth0 access.

I would be fine with a simple is_admin thing. It's simple and easy to do, if less cool and technically correct.