[feature][admin-v2] Applicant blacklist scan#114
Open
jasperjjhe wants to merge 1 commit into
Open
Conversation
…pplicants - add blacklist models and service for Firestore subscription + case-insensitive email matching - render a collapsible Blacklisted section in Applicant List with count, details, and focus-on-click - keep matched applicants visible in main list but greyed out and non-interactive - wire blacklist subscription into evaluator provider and derive matches at runtime without mutating applicant docs - handle blacklist fetch/subscription failures as non-fatal to keep evaluator usable - add accordion UI dependency updates (radix-ui) and lockfile changes
Author
|
Checks seem to be failing benignly. Some naming normalization bug within the check itself. |
geoff-jiang
reviewed
Jul 6, 2026
| ? "bg-theme/10 hover:bg-theme/15 active:bg-theme/15" | ||
| : "hover:bg-theme/5 active:bg-theme/15", | ||
| "h-full w-full flex-row justify-between gap-0 rounded-none", | ||
| disabled |
Contributor
There was a problem hiding this comment.
It might be slightly confusing for others seeing just a greyed-out row. Could you add a 'blacklist' chip to these entries as well so its clear?
eg. next to Applicant X label
Contributor
|
@jasperjjhe looks great overall - love the clean design 🐐. Could you try running the biome scripts locally again (lint, format) because I'm seeing a few unordered CSS class and import warnings. To address your questions in the ticket:
Once this is merged, you can proceed with mirroring the dev firestore setup in prod. Please add the rule for admin-only reads and writes! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a client-side blacklist auto-scan flow to Evaluator. Applicants are matched against a global Firestore blacklist in real time, surfaced in a dedicated sidebar section, and disabled in the main applicant list without mutating applicant records.
Scope Implemented
toLowerCase().trim()).Firestore Data Model
The implemented read path is:
Hackathons/blacklist/entriesHackthons/blacklistis a document path shape so we must add a sub-collectionEach entry document supports:
email(required for matching)firstNamelastNamenotes(optional)Note: Since Firestore is schemaless, we cannot inherently enforce fixed columns or required fields. We could add Firestore security rules for this. It's usually done on app-side but since this is expected to be a manual thing within Firestore we can consider adding a security rule.
Behaviour Details
entriesupdated.entriesthefirstNameandlastNameare never used. Should this be intended?Files Updated
types.tsblacklist.tsblacklist-section.tsxapplicant-entry.tsxapplicant-list.tsxevaluator-provider.tsxaccordion.tsxpackage.jsonpnpm-lock.yamlFirestore Rules / Environment Changes
Hackathons/blacklistthenentriessub-collection; needs to be applied to Prod Firestore before rollout./Hackathons/blacklist/entries/{entryId}Missing or insufficient permissions.Testing / Verification