Implement user role checking and notFound function

app/(main)/incoming-tickets/[storeId]/[ticketId]/page.tsx

@@ -1,4 +1,5 @@
 import { createClient } from '@/app/lib/supabase/server-client';
+import { notFound } from 'next/navigation';
 import TicketDetails from '@/app/(main)/components/TicketDetails';
 import Breadcrumbs from '@/app/(main)/components/Breadcrumbs';
 
@@ -10,6 +11,27 @@ export default async function IncomingTicketDetailsPage({
   const { storeId, ticketId } = await params;
   const supabase = await createClient();
 
+  const {
+    data: { user },
+  } = await supabase.auth.getUser();
+
+  if (!user) {
+    return notFound();
+  }
+
+  // Check if user can manage the store
+  const { data: canManage, error: canManageError } = await supabase.rpc(
+    'can_manage_store',
+    { store_to_manage_id: storeId },
+  );
+
+  if (canManageError || !canManage) {
+    if (canManageError) {
+      console.error('Error checking store access:', canManageError);
+    }
+    return notFound();
+  }
+
   const { data: store, error: storeError } = await supabase
     .from('stores')
     .select('name')

app/(main)/manage/[storeId]/[storeItemId]/page.tsx

@@ -1,4 +1,5 @@
 import Image from 'next/image';
+import { notFound } from 'next/navigation';
 import Breadcrumbs from '@/app/(main)/components/Breadcrumbs';
 import DeleteStoreItemButton from '@/app/(main)/manage/[storeId]/[storeItemId]/components/DeleteStoreItemButton';
 import StoreItemForm from '@/app/(main)/manage/[storeId]/[storeItemId]/components/StoreItemForm';
@@ -16,6 +17,30 @@ export default async function ManageStoreItemPage({
   const { storeId, storeItemId } = await params;
 
   const supabase = await createClient();
+
+  const {
+    data: { user },
+  } = await supabase.auth.getUser();
+
+  if (!user) {
+    return notFound();
+  }
+
+  // Check if user can manage the store
+  const { data: canManage, error: canManageError } = await supabase.rpc(
+    'can_manage_store',
+    { store_to_manage_id: storeId },
+  );
+
+  if (canManageError) {
+    console.error('Error checking store access:', canManageError);
+    return notFound();
+  }
+
+  if (!canManage) {
+    return notFound();
+  }
+
   const [{ data: store }, { data: itemData, error: itemError }] =
     await Promise.all([
       supabase.from('stores').select('name').eq('store_id', storeId).single(),

app/(main)/manage/[storeId]/add/page.tsx

@@ -19,6 +19,26 @@ export default async function AddStoreItemsPage({
   const {
     data: { user },
   } = await supabase.auth.getUser();
+
+  if (!user) {
+    return notFound();
+  }
+
+  // Check if user can manage the store
+  const { data: canManage, error: canManageError } = await supabase.rpc(
+    'can_manage_store',
+    { store_to_manage_id: storeId },
+  );
+
+  if (canManageError) {
+    console.error('Error checking store access:', canManageError);
+    return notFound();
+  }
+
+  if (!canManage) {
+    return notFound();
+  }
+
   // extract user id
   const userId = user?.id;
   // fetch user's entry from users table

app/(main)/manage/[storeId]/page.tsx

@@ -1,4 +1,5 @@
 import { createClient } from '@/app/lib/supabase/server-client';
+import { notFound } from 'next/navigation';
 import ItemCard from '@/app/(main)/components/ItemCard';
 import ItemSearch from '@/app/(main)/components/ItemSearch';
 import Link from 'next/link';
@@ -24,6 +25,30 @@ export default async function ManageStorePage({
 
   const supabase = await createClient();
 
+  // Get the current user
+  const {
+    data: { user },
+  } = await supabase.auth.getUser();
+
+  if (!user) {
+    return notFound();
+  }
+
+  // Check if user can manage the store
+  const { data: canManage, error: canManageError } = await supabase.rpc(
+    'can_manage_store',
+    { store_to_manage_id: storeId },
+  );
+
+  if (canManageError) {
+    console.error('Error checking store access:', canManageError);
+    return notFound();
+  }
+
+  if (!canManage) {
+    return notFound();
+  }
+
   const { data: categories } = await supabase
     .from('categories')
     .select('category_id, name')

app/(main)/outgoing-tickets/[ticketId]/page.tsx

@@ -1,12 +1,33 @@
 import TicketDetails from '@/app/(main)/components/TicketDetails';
 import Breadcrumbs from '@/app/(main)/components/Breadcrumbs';
+import { createClient } from '@/app/lib/supabase/server-client';
+import { notFound } from 'next/navigation';
 
 export default async function OutgoingTicketDetailsPage({
   params,
 }: {
   params: Promise<{ ticketId: string }>;
 }) {
   const { ticketId } = await params;
+  const supabase = await createClient();
+
+  const {
+    data: { user },
+  } = await supabase.auth.getUser();
+
+  if (!user) {
+    return notFound();
+  }
+
+  const { data: ticket, error } = await supabase
+    .from('tickets')
+    .select('requestor_user_id')
+    .eq('ticket_id', ticketId)
+    .single();
+
+  if (error || !ticket || ticket.requestor_user_id !== user.id) {
+    return notFound();
+  }
 
   return (
     <div>