From 929f81a540beac5bf068b829bda2a50a056cb6a2 Mon Sep 17 00:00:00 2001
From: Rufat <rufat.niftaliyev2007@gmail.com>
Date: Sun, 28 Sep 2025 18:43:03 -0500
Subject: [PATCH 01/10] Fixed navbar color

---
 apps/web/src/app/globals.css |   5 +-
 pnpm-lock.yaml               | 313 +----------------------------------
 2 files changed, 4 insertions(+), 314 deletions(-)

diff --git a/apps/web/src/app/globals.css b/apps/web/src/app/globals.css
index 8675b928..a35dbcef 100644
--- a/apps/web/src/app/globals.css
+++ b/apps/web/src/app/globals.css
@@ -48,7 +48,7 @@
 		--background: 240 10% 3.9%;
 		--foreground: 0 0% 98%;
 
-		--nav: 0, 0, 0;
+		--nav: 240 10% 3.9%;
 
 		--muted: 240 3.7% 15.9%;
 		--muted-foreground: 240 5% 64.9%;
@@ -139,6 +139,7 @@
 }
 
 @keyframes pulseDot {
+
 	0%,
 	100% {
 		transform: scale(1);
@@ -147,4 +148,4 @@
 	50% {
 		transform: scale(1.1);
 	}
-}
+}
\ No newline at end of file
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 26111d2c..c8cf0adf 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -27,31 +27,6 @@ importers:
         specifier: ^2.0.9
         version: 2.0.9
 
-  apps/backup:
-    dependencies:
-      '@aws-sdk/client-s3':
-        specifier: ^3.616.0
-        version: 3.616.0
-      '@hono/node-server':
-        specifier: ^1.12.0
-        version: 1.12.0
-      cron:
-        specifier: ^3.1.7
-        version: 3.1.7
-      envsafe:
-        specifier: ^2.0.3
-        version: 2.0.3
-      hono:
-        specifier: ^4.5.0
-        version: 4.5.0
-      typescript:
-        specifier: 5.5.3
-        version: 5.5.3
-    devDependencies:
-      '@types/node':
-        specifier: 20.14.11
-        version: 20.14.11
-
   apps/backups:
     dependencies:
       '@aws-sdk/client-s3':
@@ -537,72 +512,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@aws-sdk/client-s3@3.616.0:
-    resolution: {integrity: sha512-6gyZnBlAgOU8cwNqPhFO9s6maGI4/iHV3cmqvQgUn3uqhi1EgTSZSsTMuRzKEgBpTGgC+9Bm6djKqOderMqjdA==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@aws-crypto/sha1-browser': 5.2.0
-      '@aws-crypto/sha256-browser': 5.2.0
-      '@aws-crypto/sha256-js': 5.2.0
-      '@aws-sdk/client-sso-oidc': 3.616.0(@aws-sdk/client-sts@3.616.0)
-      '@aws-sdk/client-sts': 3.616.0
-      '@aws-sdk/core': 3.616.0
-      '@aws-sdk/credential-provider-node': 3.616.0(@aws-sdk/client-sso-oidc@3.616.0)(@aws-sdk/client-sts@3.616.0)
-      '@aws-sdk/middleware-bucket-endpoint': 3.616.0
-      '@aws-sdk/middleware-expect-continue': 3.616.0
-      '@aws-sdk/middleware-flexible-checksums': 3.616.0
-      '@aws-sdk/middleware-host-header': 3.616.0
-      '@aws-sdk/middleware-location-constraint': 3.609.0
-      '@aws-sdk/middleware-logger': 3.609.0
-      '@aws-sdk/middleware-recursion-detection': 3.616.0
-      '@aws-sdk/middleware-sdk-s3': 3.616.0
-      '@aws-sdk/middleware-signing': 3.616.0
-      '@aws-sdk/middleware-ssec': 3.609.0
-      '@aws-sdk/middleware-user-agent': 3.616.0
-      '@aws-sdk/region-config-resolver': 3.614.0
-      '@aws-sdk/signature-v4-multi-region': 3.616.0
-      '@aws-sdk/types': 3.609.0
-      '@aws-sdk/util-endpoints': 3.614.0
-      '@aws-sdk/util-user-agent-browser': 3.609.0
-      '@aws-sdk/util-user-agent-node': 3.614.0
-      '@aws-sdk/xml-builder': 3.609.0
-      '@smithy/config-resolver': 3.0.5
-      '@smithy/core': 2.2.8
-      '@smithy/eventstream-serde-browser': 3.0.5
-      '@smithy/eventstream-serde-config-resolver': 3.0.3
-      '@smithy/eventstream-serde-node': 3.0.4
-      '@smithy/fetch-http-handler': 3.2.2
-      '@smithy/hash-blob-browser': 3.1.2
-      '@smithy/hash-node': 3.0.3
-      '@smithy/hash-stream-node': 3.1.2
-      '@smithy/invalid-dependency': 3.0.3
-      '@smithy/md5-js': 3.0.3
-      '@smithy/middleware-content-length': 3.0.4
-      '@smithy/middleware-endpoint': 3.0.5
-      '@smithy/middleware-retry': 3.0.11
-      '@smithy/middleware-serde': 3.0.3
-      '@smithy/middleware-stack': 3.0.3
-      '@smithy/node-config-provider': 3.1.4
-      '@smithy/node-http-handler': 3.1.3
-      '@smithy/protocol-http': 4.0.4
-      '@smithy/smithy-client': 3.1.9
-      '@smithy/types': 3.3.0
-      '@smithy/url-parser': 3.0.3
-      '@smithy/util-base64': 3.0.0
-      '@smithy/util-body-length-browser': 3.0.0
-      '@smithy/util-body-length-node': 3.0.0
-      '@smithy/util-defaults-mode-browser': 3.0.11
-      '@smithy/util-defaults-mode-node': 3.0.11
-      '@smithy/util-endpoints': 2.0.5
-      '@smithy/util-retry': 3.0.3
-      '@smithy/util-stream': 3.1.1
-      '@smithy/util-utf8': 3.0.0
-      '@smithy/util-waiter': 3.1.2
-      tslib: 2.6.3
-    transitivePeerDependencies:
-      - aws-crt
-    dev: false
-
   /@aws-sdk/client-s3@3.750.0:
     resolution: {integrity: sha512-S9G9noCeBxchoMVkHYrRi1A1xW/VOTP2W7X34lP+Y7Wpl32yMA7IJo0fAGAuTc0q1Nu6/pXDm+oDG7rhTCA1tg==}
     engines: {node: '>=18.0.0'}
@@ -1637,19 +1546,6 @@ packages:
       - aws-crt
     dev: false
 
-  /@aws-sdk/middleware-bucket-endpoint@3.616.0:
-    resolution: {integrity: sha512-KZv78s8UE7+s3qZCfG3pE9U9XV5WTP478aNWis5gDXmsb5LF7QWzEeR8kve5dnjNlK6qVQ33v+mUZa6lR5PwMw==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@aws-sdk/types': 3.609.0
-      '@aws-sdk/util-arn-parser': 3.568.0
-      '@smithy/node-config-provider': 3.1.4
-      '@smithy/protocol-http': 4.0.4
-      '@smithy/types': 3.3.0
-      '@smithy/util-config-provider': 3.0.0
-      tslib: 2.8.1
-    dev: false
-
   /@aws-sdk/middleware-bucket-endpoint@3.734.0:
     resolution: {integrity: sha512-etC7G18aF7KdZguW27GE/wpbrNmYLVT755EsFc8kXpZj8D6AFKxc7OuveinJmiy0bYXAMspJUWsF6CrGpOw6CQ==}
     engines: {node: '>=18.0.0'}
@@ -1676,16 +1572,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@aws-sdk/middleware-expect-continue@3.616.0:
-    resolution: {integrity: sha512-IM1pfJPm7pDUXa55js9bnGjS8o3ldzDwf95mL9ZAYdEsm10q6i0ZxZbbro2gTq25Ap5ykdeeS34lOSzIqPiW1A==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@aws-sdk/types': 3.609.0
-      '@smithy/protocol-http': 4.0.4
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@aws-sdk/middleware-expect-continue@3.734.0:
     resolution: {integrity: sha512-P38/v1l6HjuB2aFUewt7ueAW5IvKkFcv5dalPtbMGRhLeyivBOHwbCyuRKgVs7z7ClTpu9EaViEGki2jEQqEsQ==}
     engines: {node: '>=18.0.0'}
@@ -1706,20 +1592,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@aws-sdk/middleware-flexible-checksums@3.616.0:
-    resolution: {integrity: sha512-Mrco/dURoTXVqwcnYRcyrFaPTIg36ifg2PK0kUYfSVTGEOClZOQXlVG5zYCZoo3yEMgy/gLT907FjUQxwoifIw==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@aws-crypto/crc32': 5.2.0
-      '@aws-crypto/crc32c': 5.2.0
-      '@aws-sdk/types': 3.609.0
-      '@smithy/is-array-buffer': 3.0.0
-      '@smithy/protocol-http': 4.0.4
-      '@smithy/types': 3.3.0
-      '@smithy/util-utf8': 3.0.0
-      tslib: 2.8.1
-    dev: false
-
   /@aws-sdk/middleware-flexible-checksums@3.750.0:
     resolution: {integrity: sha512-ach0d2buDnX2TUausUbiXXFWFo3IegLnCrA+Rw8I9AYVpLN9lTaRwAYJwYC6zEuW9Golff8MwkYsp/OaC5tKMw==}
     engines: {node: '>=18.0.0'}
@@ -1807,15 +1679,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@aws-sdk/middleware-location-constraint@3.609.0:
-    resolution: {integrity: sha512-xzsdoTkszGVqGVPjUmgoP7TORiByLueMHieI1fhQL888WPdqctwAx3ES6d/bA9Q/i8jnc6hs+Fjhy8UvBTkE9A==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@aws-sdk/types': 3.609.0
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@aws-sdk/middleware-location-constraint@3.734.0:
     resolution: {integrity: sha512-EJEIXwCQhto/cBfHdm3ZOeLxd2NlJD+X2F+ZTOxzokuhBtY0IONfC/91hOo5tWQweerojwshSMHRCKzRv1tlwg==}
     engines: {node: '>=18.0.0'}
@@ -1891,23 +1754,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@aws-sdk/middleware-sdk-s3@3.616.0:
-    resolution: {integrity: sha512-heq9pzn0NRX6VL/oMlmwZdgcCh5eJUDscvwMl/oGev0tNdTpB2oGU+wPaNMka7IrW3eBPn7APmY9fdS1kBaBoQ==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@aws-sdk/types': 3.609.0
-      '@aws-sdk/util-arn-parser': 3.568.0
-      '@smithy/node-config-provider': 3.1.4
-      '@smithy/protocol-http': 4.0.4
-      '@smithy/signature-v4': 4.0.0
-      '@smithy/smithy-client': 3.1.9
-      '@smithy/types': 3.3.0
-      '@smithy/util-config-provider': 3.0.0
-      '@smithy/util-stream': 3.1.1
-      '@smithy/util-utf8': 3.0.0
-      tslib: 2.8.1
-    dev: false
-
   /@aws-sdk/middleware-sdk-s3@3.750.0:
     resolution: {integrity: sha512-3H6Z46cmAQCHQ0z8mm7/cftY5ifiLfCjbObrbyyp2fhQs9zk6gCKzIX8Zjhw0RMd93FZi3ebRuKJWmMglf4Itw==}
     engines: {node: '>=18.0.0'}
@@ -1968,28 +1814,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@aws-sdk/middleware-signing@3.616.0:
-    resolution: {integrity: sha512-wwzZFlXyURwo40oz1NmufreQa5DqwnCF8hR8tIP5+oKCyhbkmlmv8xG4Wn51bzY2WEbQhvFebgZSFTEvelCoCg==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@aws-sdk/types': 3.609.0
-      '@smithy/property-provider': 3.1.3
-      '@smithy/protocol-http': 4.0.4
-      '@smithy/signature-v4': 4.0.0
-      '@smithy/types': 3.3.0
-      '@smithy/util-middleware': 3.0.3
-      tslib: 2.8.1
-    dev: false
-
-  /@aws-sdk/middleware-ssec@3.609.0:
-    resolution: {integrity: sha512-GZSD1s7+JswWOTamVap79QiDaIV7byJFssBW68GYjyRS5EBjNfwA/8s+6uE6g39R3ojyTbYOmvcANoZEhSULXg==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@aws-sdk/types': 3.609.0
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@aws-sdk/middleware-ssec@3.734.0:
     resolution: {integrity: sha512-d4yd1RrPW/sspEXizq2NSOUivnheac6LPeLSLnaeTbBG9g1KqIqvCzP1TfXEqv2CrWfHEsWtJpX7oyjySSPvDQ==}
     engines: {node: '>=18.0.0'}
@@ -2246,18 +2070,6 @@ packages:
       tslib: 2.6.3
     dev: false
 
-  /@aws-sdk/signature-v4-multi-region@3.616.0:
-    resolution: {integrity: sha512-WQn43cfnwbG6jnPjh/SyujDQVqbRjGFY9tGI/tqtUvvGwoDhI343TSDCA7fvs0FEC6Za6vgOBq1CwPv3CFyfhA==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@aws-sdk/middleware-sdk-s3': 3.616.0
-      '@aws-sdk/types': 3.609.0
-      '@smithy/protocol-http': 4.0.4
-      '@smithy/signature-v4': 4.0.0
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@aws-sdk/signature-v4-multi-region@3.750.0:
     resolution: {integrity: sha512-RA9hv1Irro/CrdPcOEXKwJ0DJYJwYCsauGEdRXihrRfy8MNSR9E+mD5/Fr5Rxjaq5AHM05DYnN3mg/DU6VwzSw==}
     engines: {node: '>=18.0.0'}
@@ -2375,13 +2187,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@aws-sdk/util-arn-parser@3.568.0:
-    resolution: {integrity: sha512-XUKJWWo+KOB7fbnPP0+g/o5Ulku/X53t7i/h+sPHr5xxYTJJ9CYnbToo95mzxe7xWvkLrsNtJ8L+MnNn9INs2w==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      tslib: 2.8.1
-    dev: false
-
   /@aws-sdk/util-arn-parser@3.723.0:
     resolution: {integrity: sha512-ZhEfvUwNliOQROcAk34WJWVYTlTa4694kSVhDSjW6lE1bMataPnIN8A0ycukEzBXmd8ZSoBcQLn6lKGl7XIJ5w==}
     engines: {node: '>=18.0.0'}
@@ -2533,14 +2338,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@aws-sdk/xml-builder@3.609.0:
-    resolution: {integrity: sha512-l9XxNcA4HX98rwCC2/KoiWcmEiRfZe4G+mYwDbCFT87JIMj6GBhLDkAzr/W8KAaA2IDr8Vc6J8fZPgVulxxfMA==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@aws-sdk/xml-builder@3.734.0:
     resolution: {integrity: sha512-Zrjxi5qwGEcUsJ0ru7fRtW74WcTS0rbLcehoFB+rN1GRi2hbLcFaYs4PwVA5diLeAJH0gszv3x4Hr/S87MfbKQ==}
     engines: {node: '>=18.0.0'}
@@ -4455,11 +4252,6 @@ packages:
       react: 18.3.1
     dev: false
 
-  /@hono/node-server@1.12.0:
-    resolution: {integrity: sha512-e6oHjNiErRxsZRZBmc2KucuvY3btlO/XPncIpP2X75bRdTilF9GLjm3NHvKKunpJbbJJj31/FoPTksTf8djAVw==}
-    engines: {node: '>=18.14.1'}
-    dev: false
-
   /@hookform/resolvers@3.9.0(react-hook-form@7.52.1):
     resolution: {integrity: sha512-bU0Gr4EepJ/EQsH/IwEzYLsT/PEj5C0ynLQ4m+GSHS+xKH4TfSelhluTgOaoc4kA5s7eCsQbM4wvZLzELmWzUg==}
     peerDependencies:
@@ -8378,13 +8170,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/chunked-blob-reader-native@3.0.0:
-    resolution: {integrity: sha512-VDkpCYW+peSuM4zJip5WDfqvg2Mo/e8yxOv3VF1m11y7B8KKMKVFtmZWDe36Fvk8rGuWrPZHHXZ7rR7uM5yWyg==}
-    dependencies:
-      '@smithy/util-base64': 3.0.0
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/chunked-blob-reader-native@4.0.0:
     resolution: {integrity: sha512-R9wM2yPmfEMsUmlMlIgSzOyICs0x9uu7UTHoccMyt7BWw8shcGM8HqB355+BZCPBcySvbTYMs62EgEQkNxz2ig==}
     engines: {node: '>=18.0.0'}
@@ -8393,12 +8178,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/chunked-blob-reader@3.0.0:
-    resolution: {integrity: sha512-sbnURCwjF0gSToGlsBiAmd1lRCmSn72nu9axfJu5lIx6RUEgHu6GwTMbqCdhQSi0Pumcm5vFxsi9XWXb2mTaoA==}
-    dependencies:
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/chunked-blob-reader@5.0.0:
     resolution: {integrity: sha512-+sKqDBQqb036hh4NPaUiEkYFkTUGYzRsn3EuFhyfQfMy6oGHEUJDurLP9Ufb5dasr/XiAmPNMr6wa9afjQB+Gw==}
     engines: {node: '>=18.0.0'}
@@ -8515,15 +8294,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/eventstream-codec@3.1.2:
-    resolution: {integrity: sha512-0mBcu49JWt4MXhrhRAlxASNy0IjDRFU+aWNDRal9OtUJvJNiwDuyKMUONSOjLjSCeGwZaE0wOErdqULer8r7yw==}
-    dependencies:
-      '@aws-crypto/crc32': 5.2.0
-      '@smithy/types': 3.3.0
-      '@smithy/util-hex-encoding': 3.0.0
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/eventstream-codec@4.0.4:
     resolution: {integrity: sha512-7XoWfZqWb/QoR/rAU4VSi0mWnO2vu9/ltS6JZ5ZSZv0eovLVfDfu0/AX4ub33RsJTOth3TiFWSHS5YdztvFnig==}
     engines: {node: '>=18.0.0'}
@@ -8534,15 +8304,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/eventstream-serde-browser@3.0.5:
-    resolution: {integrity: sha512-dEyiUYL/ekDfk+2Ra4GxV+xNnFoCmk1nuIXg+fMChFTrM2uI/1r9AdiTYzPqgb72yIv/NtAj6C3dG//1wwgakQ==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@smithy/eventstream-serde-universal': 3.0.4
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/eventstream-serde-browser@4.0.1:
     resolution: {integrity: sha512-HbIybmz5rhNg+zxKiyVAnvdM3vkzjE6ccrJ620iPL8IXcJEntd3hnBl+ktMwIy12Te/kyrSbUb8UCdnUT4QEdA==}
     engines: {node: '>=18.0.0'}
@@ -8561,14 +8322,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/eventstream-serde-config-resolver@3.0.3:
-    resolution: {integrity: sha512-NVTYjOuYpGfrN/VbRQgn31x73KDLfCXCsFdad8DiIc3IcdxL+dYA9zEQPyOP7Fy2QL8CPy2WE4WCUD+ZsLNfaQ==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/eventstream-serde-config-resolver@4.0.1:
     resolution: {integrity: sha512-lSipaiq3rmHguHa3QFF4YcCM3VJOrY9oq2sow3qlhFY+nBSTF/nrO82MUQRPrxHQXA58J5G1UnU2WuJfi465BA==}
     engines: {node: '>=18.0.0'}
@@ -8585,15 +8338,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/eventstream-serde-node@3.0.4:
-    resolution: {integrity: sha512-mjlG0OzGAYuUpdUpflfb9zyLrBGgmQmrobNT8b42ZTsGv/J03+t24uhhtVEKG/b2jFtPIHF74Bq+VUtbzEKOKg==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@smithy/eventstream-serde-universal': 3.0.4
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/eventstream-serde-node@4.0.1:
     resolution: {integrity: sha512-o4CoOI6oYGYJ4zXo34U8X9szDe3oGjmHgsMGiZM0j4vtNoT+h80TLnkUcrLZR3+E6HIxqW+G+9WHAVfl0GXK0Q==}
     engines: {node: '>=18.0.0'}
@@ -8612,15 +8356,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/eventstream-serde-universal@3.0.4:
-    resolution: {integrity: sha512-Od9dv8zh3PgOD7Vj4T3HSuox16n0VG8jJIM2gvKASL6aCtcS8CfHZDWe1Ik3ZXW6xBouU+45Q5wgoliWDZiJ0A==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@smithy/eventstream-codec': 3.1.2
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/eventstream-serde-universal@4.0.1:
     resolution: {integrity: sha512-Z94uZp0tGJuxds3iEAZBqGU2QiaBHP4YytLUjwZWx+oUeohCsLyUm33yp4MMBmhkuPqSbQCXq5hDet6JGUgHWA==}
     engines: {node: '>=18.0.0'}
@@ -8671,15 +8406,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/hash-blob-browser@3.1.2:
-    resolution: {integrity: sha512-hAbfqN2UbISltakCC2TP0kx4LqXBttEv2MqSPE98gVuDFMf05lU+TpC41QtqGP3Ff5A3GwZMPfKnEy0VmEUpmg==}
-    dependencies:
-      '@smithy/chunked-blob-reader': 3.0.0
-      '@smithy/chunked-blob-reader-native': 3.0.0
-      '@smithy/types': 3.3.0
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/hash-blob-browser@4.0.1:
     resolution: {integrity: sha512-rkFIrQOKZGS6i1D3gKJ8skJ0RlXqDvb1IyAphksaFOMzkn3v3I1eJ8m7OkLj0jf1McP63rcCEoLlkAn/HjcTRw==}
     engines: {node: '>=18.0.0'}
@@ -8730,15 +8456,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/hash-stream-node@3.1.2:
-    resolution: {integrity: sha512-PBgDMeEdDzi6JxKwbfBtwQG9eT9cVwsf0dZzLXoJF4sHKHs5HEo/3lJWpn6jibfJwT34I1EBXpBnZE8AxAft6g==}
-    engines: {node: '>=16.0.0'}
-    dependencies:
-      '@smithy/types': 3.3.0
-      '@smithy/util-utf8': 3.0.0
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/hash-stream-node@4.0.1:
     resolution: {integrity: sha512-U1rAE1fxmReCIr6D2o/4ROqAQX+GffZpyMt3d7njtGDr2pUNmAKRWa49gsNVhCh2vVAuf3wXzWwNr2YN8PAXIw==}
     engines: {node: '>=18.0.0'}
@@ -8801,14 +8518,6 @@ packages:
       tslib: 2.8.1
     dev: false
 
-  /@smithy/md5-js@3.0.3:
-    resolution: {integrity: sha512-O/SAkGVwpWmelpj/8yDtsaVe6sINHLB1q8YE/+ZQbDxIw3SRLbTZuRaI10K12sVoENdnHqzPp5i3/H+BcZ3m3Q==}
-    dependencies:
-      '@smithy/types': 3.3.0
-      '@smithy/util-utf8': 3.0.0
-      tslib: 2.8.1
-    dev: false
-
   /@smithy/md5-js@4.0.1:
     resolution: {integrity: sha512-HLZ647L27APi6zXkZlzSFZIjpo8po45YiyjMGJZM3gyDY8n7dPGdmxIIljLm4gPt/7rRvutLTTkYJpZVfG5r+A==}
     engines: {node: '>=18.0.0'}
@@ -10175,10 +9884,6 @@ packages:
   /@types/json-schema@7.0.15:
     resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==}
 
-  /@types/luxon@3.4.2:
-    resolution: {integrity: sha512-TifLZlFudklWlMBfhubvgqTXRzLDI5pCbGa4P8a3wPyUQSW+1xQ5eDsreP9DWHX3tjq1ke96uYG/nwundroWcA==}
-    dev: false
-
   /@types/minimatch@5.1.2:
     resolution: {integrity: sha512-K0VQKziLUWkVKiRVrx4a40iPaxTUefQmjtkQofBkYRcoaaL/8rhwDWww9qWbrgicNOgnpIsMxyNIUM4+n6dUIA==}
     dev: true
@@ -11469,13 +11174,6 @@ packages:
     resolution: {integrity: sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==}
     dev: true
 
-  /cron@3.1.7:
-    resolution: {integrity: sha512-tlBg7ARsAMQLzgwqVxy8AZl/qlTc5nibqYwtNGoCrd+cV+ugI+tvZC1oT/8dFH8W455YrywGykx/KMmAqOr7Jw==}
-    dependencies:
-      '@types/luxon': 3.4.2
-      luxon: 3.4.4
-    dev: false
-
   /cross-spawn@7.0.3:
     resolution: {integrity: sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==}
     engines: {node: '>= 8'}
@@ -12178,11 +11876,6 @@ packages:
     engines: {node: '>=0.12'}
     dev: false
 
-  /envsafe@2.0.3:
-    resolution: {integrity: sha512-51lek8h5btjXhXUDW//Pno7HPydM1WQzltOb1/ONRKdwB2QkfAURnN4Qn0cJ5LzGvX2Km1ReR2O3K3Bqq9sBMg==}
-    engines: {node: '>=10'}
-    dev: false
-
   /es-module-lexer@1.4.1:
     resolution: {integrity: sha512-cXLGjP0c4T3flZJKQSuziYoq7MlT+rnvfZjfp7h+I7K9BNX54kP9nyWvdbwjQ4u1iWbOL4u96fgeZLToQlZC7w==}
     dev: true
@@ -14269,11 +13962,6 @@ packages:
       react: 18.3.1
     dev: false
 
-  /luxon@3.4.4:
-    resolution: {integrity: sha512-zobTr7akeGHnv7eBOXcRgMeCP6+uyYsczwmeRCauvpvaAltgNyTbLH/+VaEAPUeWBT+1GuNmz4wC/6jtQzbbVA==}
-    engines: {node: '>=12'}
-    dev: false
-
   /magic-bytes.js@1.10.0:
     resolution: {integrity: sha512-/k20Lg2q8LE5xiaaSkMXk4sfvI+9EGEykFS4b0CHHGWqDYU0bGUFSwchNOMA56D7TCs9GwVTkqe9als1/ns8UQ==}
     dev: false
@@ -14997,6 +14685,7 @@ packages:
 
   /path-match@1.2.4:
     resolution: {integrity: sha512-UWlehEdqu36jmh4h5CWJ7tARp1OEVKGHKm6+dg9qMq5RKUTV5WJrGgaZ3dN2m7WFAXDbjlHzvJvL/IUpy84Ktw==}
+    deprecated: This package is archived and no longer maintained. For support, visit https://github.com/expressjs/express/discussions
     dependencies:
       http-errors: 1.4.0
       path-to-regexp: 1.9.0

From b14325f88e13fa4fac87fa1c843ddcb09332508d Mon Sep 17 00:00:00 2001
From: Rufat <rufat.niftaliyev2007@gmail.com>
Date: Thu, 2 Oct 2025 13:59:02 -0500
Subject: [PATCH 02/10] Added ability to ban users

---
 apps/web/src/actions/admin/user-actions.ts    | 42 +++++++++-
 apps/web/src/app/admin/users/[slug]/page.tsx  | 30 +++++++
 apps/web/src/app/globals.css                  |  3 +-
 apps/web/src/app/suspended/page.tsx           | 42 ++++++++++
 .../components/admin/users/BanUserDialog.tsx  | 79 +++++++++++++++++++
 .../admin/users/RemoveUserBanDialog.tsx       | 67 ++++++++++++++++
 apps/web/src/middleware.ts                    | 12 ++-
 .../drizzle/0001_smooth_squadron_supreme.sql  | 21 +++++
 packages/db/drizzle/meta/_journal.json        |  7 ++
 packages/db/schema.ts                         | 18 +++++
 10 files changed, 317 insertions(+), 4 deletions(-)
 create mode 100644 apps/web/src/app/suspended/page.tsx
 create mode 100644 apps/web/src/components/admin/users/BanUserDialog.tsx
 create mode 100644 apps/web/src/components/admin/users/RemoveUserBanDialog.tsx
 create mode 100644 packages/db/drizzle/0001_smooth_squadron_supreme.sql

diff --git a/apps/web/src/actions/admin/user-actions.ts b/apps/web/src/actions/admin/user-actions.ts
index 919a9320..78e769d0 100644
--- a/apps/web/src/actions/admin/user-actions.ts
+++ b/apps/web/src/actions/admin/user-actions.ts
@@ -4,7 +4,7 @@ import { adminAction } from "@/lib/safe-action";
 import { returnValidationErrors } from "next-safe-action";
 import { z } from "zod";
 import { perms } from "config";
-import { userCommonData } from "db/schema";
+import { userCommonData, bannedUsers } from "db/schema";
 import { db } from "db";
 import { eq } from "db/drizzle";
 import { revalidatePath } from "next/cache";
@@ -60,3 +60,43 @@ export const setUserApproval = adminAction
 			return { success: true };
 		},
 	);
+
+export const banUser = adminAction
+	.schema(
+		z.object({
+			userIDToUpdate: z.string(),
+			reason: z.string(),
+		}),
+	)
+	.action(
+		async ({
+			parsedInput: { userIDToUpdate, reason },
+			ctx: { user, userId },
+		}) => {
+			//TODO: Validate Permission
+
+			await db.insert(bannedUsers).values({
+				userID: userIDToUpdate,
+				reason: reason,
+				bannedByID: user.clerkID,
+			});
+			revalidatePath(`/admin/users/${userIDToUpdate}`);
+			return { success: true };
+		},
+	);
+
+export const removeUserBan = adminAction
+	.schema(
+		z.object({
+			userIDToUpdate: z.string(),
+		}),
+	)
+	.action(async ({ parsedInput: { userIDToUpdate }, ctx: { user } }) => {
+		//TODO: Validate Permission
+
+		await db
+			.delete(bannedUsers)
+			.where(eq(bannedUsers.userID, userIDToUpdate));
+		revalidatePath(`/admin/users/${userIDToUpdate}`);
+		return { success: true };
+	});
diff --git a/apps/web/src/app/admin/users/[slug]/page.tsx b/apps/web/src/app/admin/users/[slug]/page.tsx
index a3a64ef4..58c263a8 100644
--- a/apps/web/src/app/admin/users/[slug]/page.tsx
+++ b/apps/web/src/app/admin/users/[slug]/page.tsx
@@ -15,6 +15,10 @@ import { isUserAdmin } from "@/lib/utils/server/admin";
 import ApproveUserButton from "@/components/admin/users/ApproveUserButton";
 import c from "config";
 import { getHacker, getUser } from "db/functions";
+import BanUserDialog from "@/components/admin/users/BanUserDialog";
+import { db, eq } from "db";
+import { bannedUsers } from "db/schema";
+import RemoveUserBanDialog from "@/components/admin/users/RemoveUserBanDialog";
 
 export default async function Page({ params }: { params: { slug: string } }) {
 	const { userId } = await auth();
@@ -30,8 +34,20 @@ export default async function Page({ params }: { params: { slug: string } }) {
 		return <p className="text-center font-bold">User Not Found</p>;
 	}
 
+	const banInstance = await db.query.bannedUsers.findFirst({
+		where: eq(bannedUsers.userID, user.clerkID),
+	});
+
 	return (
 		<main className="mx-auto max-w-5xl pt-44">
+			{!!banInstance && (
+				<div className="absolute left-0 top-28 w-screen bg-destructive p-2 text-center">
+					<strong>
+						This user has been suspended, reason for suspenssion:{" "}
+					</strong>
+					{banInstance.reason}
+				</div>
+			)}
 			<div className="mb-5 grid w-full grid-cols-3">
 				<div className="flex items-center">
 					<div>
@@ -57,6 +73,20 @@ export default async function Page({ params }: { params: { slug: string } }) {
 						currPermision={user.role}
 						userID={user.clerkID}
 					/>
+
+					{!!banInstance ? (
+						<RemoveUserBanDialog
+							name={`${user.firstName} ${user.lastName}`}
+							reason={banInstance.reason!}
+							userID={user.clerkID}
+						/>
+					) : (
+						<BanUserDialog
+							name={`${user.firstName} ${user.lastName}`}
+							userID={user.clerkID}
+						/>
+					)}
+
 					{(c.featureFlags.core.requireUsersApproval as boolean) && (
 						<ApproveUserButton
 							userIDToUpdate={user.clerkID}
diff --git a/apps/web/src/app/globals.css b/apps/web/src/app/globals.css
index a35dbcef..8494cab5 100644
--- a/apps/web/src/app/globals.css
+++ b/apps/web/src/app/globals.css
@@ -139,7 +139,6 @@
 }
 
 @keyframes pulseDot {
-
 	0%,
 	100% {
 		transform: scale(1);
@@ -148,4 +147,4 @@
 	50% {
 		transform: scale(1.1);
 	}
-}
\ No newline at end of file
+}
diff --git a/apps/web/src/app/suspended/page.tsx b/apps/web/src/app/suspended/page.tsx
new file mode 100644
index 00000000..fe918f16
--- /dev/null
+++ b/apps/web/src/app/suspended/page.tsx
@@ -0,0 +1,42 @@
+import { auth } from "@clerk/nextjs/server";
+import { db, eq } from "db";
+import { getUser } from "db/functions";
+import { bannedUsers } from "db/schema";
+
+export default async function Page() {
+	const { userId } = await auth();
+	if (!userId) return null;
+	const user = await getUser(userId);
+	if (!user) return null;
+
+	const banInstance = await db.query.bannedUsers.findFirst({
+		where: eq(bannedUsers.userID, userId),
+	});
+	if (!banInstance) return null;
+
+	return (
+		<div className="flex h-screen w-screen justify-center pt-16">
+			<div className="h-fit max-w-md border-2 border-accent p-6">
+				<h1 className="text-center text-2xl font-bold text-destructive">
+					Account Suspended
+				</h1>
+				<h1 className="pt-2 text-center text-lg font-medium">
+					Dear {user.firstName} {user.lastName},
+				</h1>
+				<h3 className="w-full text-center opacity-90">
+					{" "}
+					Your account was suspended
+				</h3>
+				<p className="w-full py-3 opacity-85">
+					<strong>Reason: </strong>
+					{banInstance.reason}
+				</p>
+				<footer className="border-t-2 border-accent pt-1 opacity-75">
+					Contact administration for further assistance.
+				</footer>
+			</div>
+		</div>
+	);
+}
+
+export const runtime = "edge";
diff --git a/apps/web/src/components/admin/users/BanUserDialog.tsx b/apps/web/src/components/admin/users/BanUserDialog.tsx
new file mode 100644
index 00000000..bf986f98
--- /dev/null
+++ b/apps/web/src/components/admin/users/BanUserDialog.tsx
@@ -0,0 +1,79 @@
+"use client";
+import {
+	Dialog,
+	DialogContent,
+	DialogDescription,
+	DialogFooter,
+	DialogHeader,
+	DialogTitle,
+	DialogTrigger,
+} from "@/components/shadcn/ui/dialog";
+import { Button } from "@/components/shadcn/ui/button";
+import { toast } from "sonner";
+import { useAction } from "next-safe-action/hooks";
+import { banUser } from "@/actions/admin/user-actions";
+import { useState } from "react";
+import { Textarea } from "@/components/shadcn/ui/textarea";
+
+interface BanUserDialogProps {
+	userID: string;
+	name: string;
+}
+
+export default function BanUserDialog({ userID, name }: BanUserDialogProps) {
+	const [reason, setReason] = useState("");
+	const [open, setOpen] = useState(false);
+
+	const { execute } = useAction(banUser, {
+		async onSuccess() {
+			toast.dismiss();
+			toast.success("Successfully Banned!");
+		},
+		async onError(e) {
+			toast.dismiss();
+			toast.error("An error occurred while banning this user.");
+			console.error(e);
+		},
+	});
+
+	return (
+		<Dialog open={open} onOpenChange={setOpen}>
+			<DialogTrigger asChild>
+				<Button variant={"destructive"}>Ban</Button>
+			</DialogTrigger>
+			<DialogContent className="sm:max-w-[425px]">
+				<DialogHeader>
+					<DialogTitle>Ban {name}.</DialogTitle>
+					<DialogDescription>
+						Ban this user (not permament action).
+					</DialogDescription>
+				</DialogHeader>
+				<div className="grid gap-4 py-4">
+					<div className="flex">
+						<Textarea
+							placeholder="Reason"
+							rows={3}
+							onChange={(event) => setReason(event.target.value)}
+						/>
+					</div>
+				</div>
+				<DialogFooter>
+					<Button
+						onClick={() => {
+							toast.loading("Banning User...", { duration: 0 });
+							execute({
+								userIDToUpdate: userID,
+								reason: reason,
+							});
+							setOpen(false);
+						}}
+						type="submit"
+						variant={"destructive"}
+					>
+						<span className="text-nowrap">Ban</span>
+					</Button>
+				</DialogFooter>
+			</DialogContent>
+		</Dialog>
+	);
+}
diff --git a/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx b/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx
new file mode 100644
index 00000000..5b8778fd
--- /dev/null
+++ b/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx
@@ -0,0 +1,67 @@
+"use client";
+import {
+	Dialog,
+	DialogContent,
+	DialogTrigger,
+} from "@/components/shadcn/ui/dialog";
+import { Button } from "@/components/shadcn/ui/button";
+import { toast } from "sonner";
+import { useAction } from "next-safe-action/hooks";
+import { removeUserBan } from "@/actions/admin/user-actions";
+import { useState } from "react";
+
+interface BanUserDialogProps {
+	userID: string;
+	name: string;
+	reason: string;
+}
+
+export default function RemoveUserBanDialog({
+	userID,
+	reason,
+	name,
+}: BanUserDialogProps) {
+	const [open, setOpen] = useState(false);
+
+	const { execute } = useAction(removeUserBan, {
+		async onSuccess() {
+			toast.dismiss();
+			toast.success("Suspension successfuly removed!");
+		},
+		async onError(e) {
+			toast.dismiss();
+			toast.error("An error occurred while removing suspenssion.");
+			console.error(e);
+		},
+	});
+
+	return (
+		<Dialog open={open} onOpenChange={setOpen}>
+			<DialogTrigger asChild>
+				<Button variant={"destructive"}>Unban</Button>
+			</DialogTrigger>
+			<DialogContent>
+				<div className="font-bold">
+					Are you sure you want to unban {name}?
+				</div>
+				<div className="pt-2">
+					<strong className="font-medium">Reason for ban:</strong>{" "}
+					{reason}
+				</div>
+				<Button
+					onClick={() => {
+						toast.loading("Unbanning User...", { duration: 0 });
+						execute({
+							userIDToUpdate: userID,
+						});
+						setOpen(false);
+					}}
+					type="submit"
+					variant={"destructive"}
+				>
+					<span className="text-nowrap">Unban</span>
+				</Button>
+			</DialogContent>
+		</Dialog>
+	);
+}
diff --git a/apps/web/src/middleware.ts b/apps/web/src/middleware.ts
index 0884dde4..7e739264 100644
--- a/apps/web/src/middleware.ts
+++ b/apps/web/src/middleware.ts
@@ -1,7 +1,9 @@
 import { clerkMiddleware, createRouteMatcher } from "@clerk/nextjs/server";
 import { NextResponse } from "next/server";
-import type { NextRequest } from "next/server";
 import { publicRoutes } from "config";
+import { bannedUsers } from "db/schema";
+import { db } from "db";
+import { eq } from "db/drizzle";
 
 const isPublicRoute = createRouteMatcher(publicRoutes);
 
@@ -19,6 +21,14 @@ export default clerkMiddleware(async (auth, req) => {
 
 	if (!isPublicRoute(req)) {
 		await auth.protect();
+
+		const isBanned = !!(await db.query.bannedUsers.findFirst({
+			where: eq(bannedUsers.userID, (await auth()).userId!),
+		}));
+
+		if (isBanned) {
+			return NextResponse.rewrite(new URL("/suspended", req.url));
+		}
 	}
 
 	return NextResponse.next();
diff --git a/packages/db/drizzle/0001_smooth_squadron_supreme.sql b/packages/db/drizzle/0001_smooth_squadron_supreme.sql
new file mode 100644
index 00000000..90410431
--- /dev/null
+++ b/packages/db/drizzle/0001_smooth_squadron_supreme.sql
@@ -0,0 +1,21 @@
+-- Drop old stuff (safe if they don't exist)
+DROP TABLE IF EXISTS `invites`;
+DROP TABLE IF EXISTS `teams`;
+
+-- Remove the old column from user_hacker_data (SQLite ≥ 3.35 supports DROP COLUMN)
+ALTER TABLE `user_hacker_data` DROP COLUMN `team_id`;
+
+-- Create the final banned_users table in its desired shape
+CREATE TABLE `banned_users` (
+  `id`          INTEGER PRIMARY KEY NOT NULL,
+  `user_id`     TEXT(255) NOT NULL,
+  `reason`      TEXT,
+  `created_at`  INTEGER DEFAULT (current_timestamp) NOT NULL,
+  `banned_by_id` TEXT(255) NOT NULL,
+  FOREIGN KEY (`user_id`)
+    REFERENCES `user_common_data`(`clerk_id`)
+    ON UPDATE NO ACTION ON DELETE CASCADE,
+  FOREIGN KEY (`banned_by_id`)
+    REFERENCES `user_common_data`(`clerk_id`)
+    ON UPDATE NO ACTION ON DELETE CASCADE
+);
\ No newline at end of file
diff --git a/packages/db/drizzle/meta/_journal.json b/packages/db/drizzle/meta/_journal.json
index 2a20f144..2b20f80a 100644
--- a/packages/db/drizzle/meta/_journal.json
+++ b/packages/db/drizzle/meta/_journal.json
@@ -8,6 +8,13 @@
       "when": 1740069435681,
       "tag": "0000_chilly_lady_mastermind",
       "breakpoints": true
+    },
+    {
+      "idx": 1,
+      "version": "6",
+      "when": 1759264799447,
+      "tag": "0001_smooth_squadron_supreme",
+      "breakpoints": true
     }
   ]
 }
\ No newline at end of file
diff --git a/packages/db/schema.ts b/packages/db/schema.ts
index 607a71ca..7542ae75 100644
--- a/packages/db/schema.ts
+++ b/packages/db/schema.ts
@@ -174,6 +174,10 @@ export const userCommonRelations = relations(
 		tickets: many(ticketsToUsers),
 		chats: many(chatsToUsers),
 		messages: many(chatMessages),
+		banInstance: one(bannedUsers, {
+			fields: [userCommonData.clerkID],
+			references: [bannedUsers.userID],
+		}),
 	}),
 );
 
@@ -221,6 +225,20 @@ export const userHackerRelations = relations(
 	}),
 );
 
+export const bannedUsers = sqliteTable("banned_users", {
+	id: integer("id", { mode: "number" }).notNull().primaryKey(),
+	userID: text("user_id", { length: 255 })
+		.notNull()
+		.references(() => userCommonData.clerkID, { onDelete: "cascade" }),
+	reason: text("reason"),
+	createdAt: integer("created_at", { mode: "timestamp_ms" })
+		.notNull()
+		.default(sql`(current_timestamp)`),
+	bannedByID: text("banned_by_id", { length: 255 })
+		.notNull()
+		.references(() => userCommonData.clerkID, { onDelete: "cascade" }),
+});
+
 export const events = sqliteTable("events", {
 	id: integer("id", { mode: "number" }).notNull().primaryKey(),
 	title: text("name", { length: 255 }).notNull(),

From f4eb3be2ed4e56f478a1a47cc9850f17aa42b613 Mon Sep 17 00:00:00 2001
From: Rufat <rufat.niftaliyev2007@gmail.com>
Date: Wed, 29 Oct 2025 23:58:50 -0500
Subject: [PATCH 03/10] Permissions and Roles Refactored

---
 .gitignore                                    |    2 +-
 apps/web/package.json                         |    1 -
 apps/web/src/actions/admin/event-actions.ts   |   35 +-
 apps/web/src/actions/admin/role-actions.ts    |  139 +++
 .../actions/admin/scanner-admin-actions.ts    |   12 +-
 apps/web/src/actions/admin/user-actions.ts    |   67 +-
 apps/web/src/app/admin/check-in/page.tsx      |   10 +-
 .../src/app/admin/events/edit/[slug]/page.tsx |    8 +
 apps/web/src/app/admin/events/new/page.tsx    |   10 +-
 apps/web/src/app/admin/events/page.tsx        |   28 +-
 apps/web/src/app/admin/layout.tsx             |   51 +-
 apps/web/src/app/admin/page.tsx               |   18 +-
 apps/web/src/app/admin/roles/page.tsx         |   25 +
 apps/web/src/app/admin/scanner/[id]/page.tsx  |   16 +-
 apps/web/src/app/admin/users/[slug]/page.tsx  |   95 +-
 apps/web/src/app/admin/users/page.tsx         |   15 +-
 .../src/app/api/admin/events/create/route.ts  |   56 -
 apps/web/src/app/dash/layout.tsx              |    3 +-
 apps/web/src/app/dash/page.tsx                |    8 +-
 apps/web/src/app/discord-verify/page.tsx      |    3 +-
 apps/web/src/app/rsvp/page.tsx                |    3 +-
 apps/web/src/app/suspended/page.tsx           |    8 +-
 apps/web/src/components/Restricted.tsx        |   38 +
 .../admin/roles/CreateRoleDialog.tsx          |  177 +++
 .../admin/roles/DeleteRoleDialog.tsx          |   72 ++
 .../src/components/admin/roles/RoleCard.tsx   |  217 ++++
 .../components/admin/roles/RolesManager.tsx   |  127 ++
 .../components/admin/scanner/PassScanner.tsx  |    2 +-
 .../components/admin/users/ServerSections.tsx |    2 +-
 .../admin/users/UpdateRoleDialog.tsx          |   70 +-
 .../src/components/dash/shared/RoleBadge.tsx  |   41 +-
 .../emails/RegistrationSuccessEmail.tsx       |  114 ++
 .../components/events/admin/NewEventForm.tsx  |   64 +-
 .../src/components/shadcn/ui/accordion.tsx    |    8 +-
 apps/web/src/components/shadcn/ui/button.tsx  |    2 +-
 .../web/src/components/shared/ClientToast.tsx |   16 +-
 .../src/components/shared/ProfileButton.tsx   |   10 +-
 apps/web/src/lib/constants/permission.ts      |   25 +
 apps/web/src/lib/safe-action.ts               |   13 +-
 apps/web/src/lib/utils/server/admin.ts        |   38 +-
 apps/web/src/lib/utils/server/user.ts         |   18 +
 apps/web/src/lib/utils/shared/permission.ts   |   35 +
 apps/web/src/lib/utils/shared/string.ts       |   12 +
 apps/web/src/validators/event.ts              |    2 +
 packages/config/hackkit.config.ts             |   18 +-
 packages/db/drizzle/0002_slimy_talos.sql      |   46 +
 packages/db/drizzle/meta/0002_snapshot.json   | 1093 +++++++++++++++++
 packages/db/drizzle/meta/_journal.json        |    7 +
 packages/db/functions/hacker.ts               |    8 +-
 packages/db/functions/user.ts                 |   19 +-
 packages/db/schema.ts                         |   34 +-
 packages/db/types.ts                          |    7 +-
 52 files changed, 2602 insertions(+), 346 deletions(-)
 create mode 100644 apps/web/src/actions/admin/role-actions.ts
 create mode 100644 apps/web/src/app/admin/roles/page.tsx
 delete mode 100644 apps/web/src/app/api/admin/events/create/route.ts
 create mode 100644 apps/web/src/components/Restricted.tsx
 create mode 100644 apps/web/src/components/admin/roles/CreateRoleDialog.tsx
 create mode 100644 apps/web/src/components/admin/roles/DeleteRoleDialog.tsx
 create mode 100644 apps/web/src/components/admin/roles/RoleCard.tsx
 create mode 100644 apps/web/src/components/admin/roles/RolesManager.tsx
 create mode 100644 apps/web/src/components/emails/RegistrationSuccessEmail.tsx
 create mode 100644 apps/web/src/lib/constants/permission.ts
 create mode 100644 apps/web/src/lib/utils/shared/permission.ts
 create mode 100644 apps/web/src/lib/utils/shared/string.ts
 create mode 100644 packages/db/drizzle/0002_slimy_talos.sql
 create mode 100644 packages/db/drizzle/meta/0002_snapshot.json

diff --git a/.gitignore b/.gitignore
index adc80bcb..333247bf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,7 +2,7 @@
 
 # dependencies
 node_modules
-.pnp
+.pnp*
 .pnp.js
 
 # testing
diff --git a/apps/web/package.json b/apps/web/package.json
index e087cd7c..00f634f2 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -94,7 +94,6 @@
     "tailwind-merge": "^2.4.0",
     "tailwindcss": "3.4.6",
     "tailwindcss-animate": "^1.0.7",
-    "title-case": "^4.3.1",
     "typescript": "5.5.3",
     "use-debounce": "^10.0.1",
     "usehooks-ts": "^3.1.0",
diff --git a/apps/web/src/actions/admin/event-actions.ts b/apps/web/src/actions/admin/event-actions.ts
index 24ee4b71..722c8dfb 100644
--- a/apps/web/src/actions/admin/event-actions.ts
+++ b/apps/web/src/actions/admin/event-actions.ts
@@ -1,21 +1,25 @@
 "use server";
 
+import { PermissionType } from "@/lib/constants/permission";
 import { adminAction } from "@/lib/safe-action";
-import { newEventFormSchema as editEventFormSchema } from "@/validators/event";
-import { editEvent as modifyEvent } from "db/functions";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { newEventFormSchema, editEventFormSchema } from "@/validators/event";
+import { createNewEvent, editEvent as modifyEvent } from "db/functions";
 import { deleteEvent as removeEvent } from "db/functions";
 import { revalidatePath } from "next/cache";
 import { z } from "zod";
 
 export const editEvent = adminAction
 	.schema(editEventFormSchema)
-	.action(async ({ parsedInput }) => {
-		const { id, ...options } = parsedInput;
-
+	.action(async ({ parsedInput: { id, ...options }, ctx: { user } }) => {
 		if (id === undefined) {
 			throw new Error("The event's ID is not defined");
 		}
 
+		if (!userHasPermission(user, PermissionType.EDIT_EVENTS)) {
+			throw new Error("You do not have permission to edit events.");
+		}
+
 		try {
 			await modifyEvent(id, options);
 			revalidatePath("/admin/events");
@@ -29,9 +33,28 @@ export const editEvent = adminAction
 		}
 	});
 
+export const createEvent = adminAction
+	.schema(newEventFormSchema)
+	.action(async ({ parsedInput, ctx: { user } }) => {
+		if (!userHasPermission(user, PermissionType.CREATE_EVENTS)) {
+			throw new Error("You do not have permission to create events.");
+		}
+
+		const res = await createNewEvent(parsedInput);
+		return {
+			success: true,
+			message: "Event created successfully.",
+			redirect: `/schedule/${res[0].eventID}`,
+		};
+	});
+
 export const deleteEventAction = adminAction
 	.schema(z.object({ eventID: z.number().positive().int() }))
-	.action(async ({ parsedInput }) => {
+	.action(async ({ parsedInput, ctx: { user } }) => {
+		if (!userHasPermission(user, PermissionType.DELETE_EVENTS)) {
+			throw new Error("You do not have permission to delete events.");
+		}
+
 		await removeEvent(parsedInput.eventID);
 		revalidatePath("/admin/events");
 		return { success: true };
diff --git a/apps/web/src/actions/admin/role-actions.ts b/apps/web/src/actions/admin/role-actions.ts
new file mode 100644
index 00000000..2c842670
--- /dev/null
+++ b/apps/web/src/actions/admin/role-actions.ts
@@ -0,0 +1,139 @@
+"use server";
+
+import { z } from "zod";
+import { adminAction } from "@/lib/safe-action";
+import { db } from "db";
+import { roles, userCommonData } from "db/schema";
+import { eq } from "db/drizzle";
+import { revalidatePath } from "next/cache";
+import { PermissionType } from "@/lib/constants/permission";
+import {
+	userHasPermission,
+	compareUserPosition,
+} from "@/lib/utils/server/admin";
+
+const createRoleSchema = z.object({
+	name: z.string().min(1).max(50),
+	position: z.number().int().nonnegative(),
+	permissions: z.number().nonnegative(),
+	color: z.string().optional(),
+});
+
+const editRoleSchema = z.object({
+	roleId: z.number().int().positive(),
+	name: z.string().min(1).max(50).optional(),
+	position: z.number().int().nonnegative().optional(),
+	permissions: z.number().optional(),
+	color: z.string().optional(),
+});
+
+const deleteRoleSchema = z.object({
+	roleId: z.number().int().positive(),
+});
+
+export const createRole = adminAction
+	.schema(createRoleSchema)
+	.action(
+		async ({
+			parsedInput: { name, position, permissions, color },
+			ctx: { user },
+		}) => {
+			if (!userHasPermission(user, PermissionType.CREATE_ROLES)) {
+				if (!compareUserPosition(user, position, "higher")) {
+					/* This prevents creation of roles higher-or-equal to the current user's position */
+
+					throw new Error(
+						"You do not have permission to create a role at this position.",
+					);
+				}
+			}
+
+			const existing = await db.query.roles.findFirst({
+				where: eq(roles.name, name),
+			});
+			if (existing)
+				throw new Error("Role with that name already exists.");
+
+			await db
+				.insert(roles)
+				.values({ name, position, permissions, color });
+			revalidatePath("/admin/roles");
+			return { success: true };
+		},
+	);
+
+export const editRole = adminAction
+	.schema(editRoleSchema)
+	.action(
+		async ({
+			parsedInput: { roleId, name, position, permissions, color },
+			ctx: { user },
+		}) => {
+			const role = await db.query.roles.findFirst({
+				where: eq(roles.id, roleId),
+			});
+			if (!role) throw new Error("Role not found");
+
+			if (!userHasPermission(user, PermissionType.EDIT_ROLES)) {
+				if (!compareUserPosition(user, role.position, "higher")) {
+					/* This prevents edition of roles higher-or-equal to the current user's position */
+
+					throw new Error(
+						"You do not have permission to edit this role.",
+					);
+				}
+				if (
+					position !== undefined &&
+					!compareUserPosition(user, position, "higher")
+				) {
+					throw new Error(
+						"You do not have permission to move a role to that position.",
+					);
+				}
+			}
+
+			await db
+				.update(roles)
+				.set({
+					name: name ?? role.name,
+					position: position ?? role.position,
+					permissions: permissions ?? role.permissions,
+					color: color ?? role.color,
+				})
+				.where(eq(roles.id, roleId));
+
+			revalidatePath("/admin/roles");
+			return { success: true };
+		},
+	);
+
+export const deleteRole = adminAction
+	.schema(deleteRoleSchema)
+	.action(async ({ parsedInput: { roleId }, ctx: { user } }) => {
+		const role = await db.query.roles.findFirst({
+			where: eq(roles.id, roleId),
+		});
+		if (!role) throw new Error("Role not found");
+
+		const userCount = await db.query.userCommonData.findMany({
+			where: eq(userCommonData.role_id, roleId),
+		});
+
+		if (userCount.length > 0) {
+			throw new Error("Cannot delete a role that is assigned to users.");
+		}
+
+		if (!userHasPermission(user, PermissionType.DELETE_ROLES)) {
+			if (!compareUserPosition(user, role.position, "higher")) {
+				/* This prevents deletion of roles higher-or-equal to the current user's position */
+
+				throw new Error(
+					"You do not have permission to delete this role.",
+				);
+			}
+		}
+
+		await db.delete(roles).where(eq(roles.id, roleId));
+		revalidatePath("/admin/roles");
+		return { success: true };
+	});
diff --git a/apps/web/src/actions/admin/scanner-admin-actions.ts b/apps/web/src/actions/admin/scanner-admin-actions.ts
index 3447db0d..2267e479 100644
--- a/apps/web/src/actions/admin/scanner-admin-actions.ts
+++ b/apps/web/src/actions/admin/scanner-admin-actions.ts
@@ -5,6 +5,8 @@ import { z } from "zod";
 import { db, sql } from "db";
 import { scans, userCommonData } from "db/schema";
 import { eq, and } from "db/drizzle";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
 
 export const createScan = volunteerAction
 	.schema(
@@ -56,6 +58,10 @@ export const getScan = volunteerAction
 			parsedInput: { eventID, userID },
 			ctx: { user, userId: adminUserID },
 		}) => {
+			if (!userHasPermission(user, PermissionType.CHECK_IN)) {
+				throw new Error("You do not have permission to view scans.");
+			}
+
 			const scan = await db.query.scans.findFirst({
 				where: and(
 					eq(scans.eventID, eventID),
@@ -79,7 +85,11 @@ const checkInUserSchema = z.object({
 
 export const checkInUserToHackathon = volunteerAction
 	.schema(checkInUserSchema)
-	.action(async ({ parsedInput: { userID } }) => {
+	.action(async ({ parsedInput: { userID }, ctx: { user } }) => {
+		if (!userHasPermission(user, PermissionType.CHECK_IN)) {
+			throw new Error("You do not have permission to check in users.");
+		}
+
 		// Set checkinTimestamp
 		await db
 			.update(userCommonData)
diff --git a/apps/web/src/actions/admin/user-actions.ts b/apps/web/src/actions/admin/user-actions.ts
index 78e769d0..a4ca340b 100644
--- a/apps/web/src/actions/admin/user-actions.ts
+++ b/apps/web/src/actions/admin/user-actions.ts
@@ -4,36 +4,59 @@ import { adminAction } from "@/lib/safe-action";
 import { returnValidationErrors } from "next-safe-action";
 import { z } from "zod";
 import { perms } from "config";
-import { userCommonData, bannedUsers } from "db/schema";
+import { userCommonData, bannedUsers, roles } from "db/schema";
 import { db } from "db";
 import { eq } from "db/drizzle";
 import { revalidatePath } from "next/cache";
+import {
+	compareUserPosition,
+	userHasPermission,
+} from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getUser } from "db/functions";
 
 export const updateRole = adminAction
 	.schema(
 		z.object({
 			userIDToUpdate: z.string(),
-			roleToSet: z.enum(perms),
+			roleIdToSet: z.number().positive().int(),
 		}),
 	)
 	.action(
 		async ({
-			parsedInput: { userIDToUpdate, roleToSet },
+			parsedInput: { userIDToUpdate, roleIdToSet },
 			ctx: { user, userId },
 		}) => {
-			if (
-				user.role !== "super_admin" &&
-				(roleToSet === "super_admin" ||
-					roleToSet === "admin" ||
-					roleToSet === "volunteer")
-			) {
-				returnValidationErrors(z.null(), {
-					_errors: ["You are not allowed to do this!"],
-				});
+			const userToUpdate = await getUser(userIDToUpdate);
+			const roleToSet = await db.query.roles.findFirst({
+				where: eq(roles.id, roleIdToSet),
+			});
+
+			if (!roleToSet) {
+				throw new Error("Role does not exist");
+			}
+
+			if (!userToUpdate) {
+				throw new Error("User to update not found.");
+			}
+
+			if (!userHasPermission(user, PermissionType.CHANGE_USER_ROLES)) {
+				if (
+					!compareUserPosition(
+						user,
+						userToUpdate.role.position,
+						"higher",
+					) ||
+					!compareUserPosition(user, roleToSet.position, "higher")
+				) {
+					throw new Error(
+						"You do not have permission to set this role.",
+					);
+				}
 			}
 			await db
 				.update(userCommonData)
-				.set({ role: roleToSet })
+				.set({ role_id: roleIdToSet })
 				.where(eq(userCommonData.clerkID, userIDToUpdate));
 			revalidatePath(`/admin/users/${userIDToUpdate}`);
 			return { success: true };
@@ -73,7 +96,14 @@ export const banUser = adminAction
 			parsedInput: { userIDToUpdate, reason },
 			ctx: { user, userId },
 		}) => {
-			//TODO: Validate Permission
+			const userToBan = await getUser(userIDToUpdate);
+
+			if (
+				!userHasPermission(user, PermissionType.BAN_USERS) ||
+				!compareUserPosition(user, userToBan!.role.position, "higher")
+			) {
+				throw new Error("You do not have permission to ban users.");
+			}
 
 			await db.insert(bannedUsers).values({
 				userID: userIDToUpdate,
@@ -92,7 +122,14 @@ export const removeUserBan = adminAction
 		}),
 	)
 	.action(async ({ parsedInput: { userIDToUpdate }, ctx: { user } }) => {
-		//TODO: Validate Permission
+		const userToBan = await getUser(userIDToUpdate);
+
+		if (
+			!userHasPermission(user, PermissionType.BAN_USERS) ||
+			!compareUserPosition(user, userToBan!.role.position, "higher")
+		) {
+			throw new Error("You do not have permission to ban users.");
+		}
 
 		await db
 			.delete(bannedUsers)
diff --git a/apps/web/src/app/admin/check-in/page.tsx b/apps/web/src/app/admin/check-in/page.tsx
index af117b82..2d35a8ed 100644
--- a/apps/web/src/app/admin/check-in/page.tsx
+++ b/apps/web/src/app/admin/check-in/page.tsx
@@ -1,11 +1,20 @@
 import CheckinScanner from "@/components/admin/scanner/CheckinScanner";
 import { getUser } from "db/functions";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { notFound } from "next/navigation";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page({
 	searchParams,
 }: {
 	searchParams: { [key: string]: string | undefined };
 }) {
+	const user = await getCurrentUser();
+	if (!userHasPermission(user, PermissionType.CHECK_IN)) {
+		return notFound();
+	}
+
 	if (!searchParams.user)
 		return (
 			<div>
@@ -19,7 +28,6 @@ export default async function Page({
 		);
 
 	const scanUser = await getUser(searchParams.user);
-	console.log(scanUser);
 	if (!scanUser) {
 		return (
 			<div>
diff --git a/apps/web/src/app/admin/events/edit/[slug]/page.tsx b/apps/web/src/app/admin/events/edit/[slug]/page.tsx
index f49cbaaf..aa2c4346 100644
--- a/apps/web/src/app/admin/events/edit/[slug]/page.tsx
+++ b/apps/web/src/app/admin/events/edit/[slug]/page.tsx
@@ -1,12 +1,20 @@
 import { getEventById } from "db/functions";
 import { notFound } from "next/navigation";
 import EditEventForm from "@/components/events/admin/EditEventForm";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function EditEventPage({
 	params,
 }: {
 	params: { slug: string };
 }) {
+	const user = await getCurrentUser();
+	if (!userHasPermission(user, PermissionType.EDIT_EVENTS)) {
+		return notFound();
+	}
+
 	const eventId = parseInt(params.slug);
 
 	if (!eventId) {
diff --git a/apps/web/src/app/admin/events/new/page.tsx b/apps/web/src/app/admin/events/new/page.tsx
index 0050480d..817c5a34 100644
--- a/apps/web/src/app/admin/events/new/page.tsx
+++ b/apps/web/src/app/admin/events/new/page.tsx
@@ -1,6 +1,14 @@
 import NewEventForm from "@/components/events/admin/NewEventForm";
+import { PermissionType } from "@/lib/constants/permission";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { getCurrentUser } from "@/lib/utils/server/user";
+import { notFound } from "next/dist/client/components/navigation";
 
-export default function Page() {
+export default async function Page() {
+	const user = await getCurrentUser();
+	if (!userHasPermission(user, PermissionType.CREATE_EVENTS)) {
+		return notFound();
+	}
 	const defaultDate = new Date();
 
 	return (
diff --git a/apps/web/src/app/admin/events/page.tsx b/apps/web/src/app/admin/events/page.tsx
index d43e3b4d..1120e5cc 100644
--- a/apps/web/src/app/admin/events/page.tsx
+++ b/apps/web/src/app/admin/events/page.tsx
@@ -5,29 +5,25 @@ import { columns } from "@/components/events/shared/EventColumns";
 import { Button } from "@/components/shadcn/ui/button";
 import { PlusCircle } from "lucide-react";
 import Link from "next/link";
-import { getAllEvents, getUser } from "db/functions";
-import { auth } from "@clerk/nextjs/server";
+import { getAllEvents } from "db/functions";
 import FullScreenMessage from "@/components/shared/FullScreenMessage";
-import { isUserAdmin } from "@/lib/utils/server/admin";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { notFound } from "next/navigation";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page() {
-	const { userId, redirectToSignIn } = await auth();
-	if (!userId) {
-		return redirectToSignIn();
-	}
+	const user = await getCurrentUser();
 
-	const userData = await getUser(userId);
-	if (!userData) {
-		return (
-			<FullScreenMessage
-				title="Access Denied"
-				message="You are not an admin. If you belive this is a mistake, please contact a administrator."
-			/>
-		);
+	if (!userHasPermission(user, PermissionType.VIEW_EVENTS)) {
+		return notFound();
 	}
 
 	const events = await getAllEvents();
-	const isUserAuthorized = isUserAdmin(userData);
+	const isUserAuthorized = userHasPermission(
+		user,
+		PermissionType.CREATE_EVENTS,
+	);
 	return (
 		<div className="mx-auto max-w-7xl px-5 pt-44">
 			<div className="mb-5 grid w-full grid-cols-2">
diff --git a/apps/web/src/app/admin/layout.tsx b/apps/web/src/app/admin/layout.tsx
index 47cd9a1f..dc04ad24 100644
--- a/apps/web/src/app/admin/layout.tsx
+++ b/apps/web/src/app/admin/layout.tsx
@@ -1,35 +1,24 @@
 import c from "config";
 import Image from "next/image";
-import { auth } from "@clerk/nextjs/server";
 import Link from "next/link";
 import { Button } from "@/components/shadcn/ui/button";
 import DashNavItem from "@/components/dash/shared/DashNavItem";
 import FullScreenMessage from "@/components/shared/FullScreenMessage";
 import ProfileButton from "@/components/shared/ProfileButton";
-import { Suspense } from "react";
+import React, { Suspense } from "react";
 import ClientToast from "@/components/shared/ClientToast";
-import { redirect } from "next/navigation";
-import { getUser } from "db/functions";
+import { isUserAdmin, userHasPermission } from "../../lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 interface AdminLayoutProps {
 	children: React.ReactNode;
 }
 
 export default async function AdminLayout({ children }: AdminLayoutProps) {
-	const { userId } = await auth();
+	const user = await getCurrentUser();
 
-	if (!userId) {
-		return redirect("/sign-in");
-	}
-
-	const user = await getUser(userId);
-
-	if (
-		!user ||
-		(user.role !== "admin" &&
-			user.role !== "super_admin" &&
-			user.role !== "volunteer")
-	) {
+	if (!isUserAdmin(user)) {
 		console.log("Denying admin access to user", user);
 		return (
 			<FullScreenMessage
@@ -41,7 +30,7 @@ export default async function AdminLayout({ children }: AdminLayoutProps) {
 
 	return (
 		<>
-			<ClientToast />
+			<ClientToast duration={2500} position="top-right" />
 			<div className="fixed z-20 grid h-16 w-full grid-cols-2 bg-nav px-5">
 				<div className="flex items-center gap-x-4">
 					<Link href={"/"} className="mr-5 flex items-center gap-x-2">
@@ -85,12 +74,26 @@ export default async function AdminLayout({ children }: AdminLayoutProps) {
 				<div className="flex items-center justify-end gap-x-4 md:hidden"></div>
 			</div>
 			<div className="fixed z-20 mt-16 flex h-12 w-full border-b border-b-border bg-nav px-5">
-				{Object.entries(c.dashPaths.admin).map(([name, path]) =>
-					["Users", "Toggles"].includes(name) &&
-					user.role === "volunteer" ? null : (
-						<DashNavItem key={name} name={name} path={path} />
-					),
-				)}
+				{Object.entries(c.dashPaths.admin).map(([name, path]) => {
+					// Gate specific admin nav items by permission
+					if (
+						name === "Users" &&
+						!userHasPermission(user, PermissionType.VIEW_USERS)
+					)
+						return null;
+					if (
+						name === "Events" &&
+						!userHasPermission(user, PermissionType.VIEW_EVENTS)
+					)
+						return null;
+					if (
+						name === "Roles" &&
+						!userHasPermission(user, PermissionType.VIEW_ROLES)
+					)
+						return null;
+					// Keep other configured admin paths visible by default
+					return <DashNavItem key={name} name={name} path={path} />;
+				})}
 			</div>
 			<Suspense fallback={<p>Loading...</p>}>{children}</Suspense>
 		</>
diff --git a/apps/web/src/app/admin/page.tsx b/apps/web/src/app/admin/page.tsx
index 39fb7b45..acc4feb8 100644
--- a/apps/web/src/app/admin/page.tsx
+++ b/apps/web/src/app/admin/page.tsx
@@ -8,28 +8,20 @@ import {
 } from "@/components/shadcn/ui/card";
 import { Users, UserCheck, User2, TimerReset, MailCheck } from "lucide-react";
 import type { User } from "db/types";
-import { auth } from "@clerk/nextjs/server";
 import { notFound } from "next/navigation";
-import { getAllUsers, getUser } from "db/functions";
+import { getAllUsers } from "db/functions";
 import Link from "next/link";
 import { getRequestContext } from "@cloudflare/next-on-pages";
 import { formatInTimeZone } from "date-fns-tz";
 import { getClientTimeZone } from "@/lib/utils/client/shared";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page() {
-	const { userId } = await auth();
-	if (!userId) return notFound();
-
-	const adminUser = await getUser(userId);
-	if (
-		!adminUser ||
-		(adminUser.role !== "admin" &&
-			adminUser.role !== "super_admin" &&
-			adminUser.role !== "volunteer")
-	) {
+	const adminUser = await getCurrentUser();
+
+	if (!adminUser) {
 		return notFound();
 	}
-
 	const allUsers = (await getAllUsers()) ?? [];
 
 	const {
diff --git a/apps/web/src/app/admin/roles/page.tsx b/apps/web/src/app/admin/roles/page.tsx
new file mode 100644
index 00000000..56ec08d9
--- /dev/null
+++ b/apps/web/src/app/admin/roles/page.tsx
@@ -0,0 +1,25 @@
+import { db } from "db";
+import RolesManager from "@/components/admin/roles/RolesManager";
+import { notFound } from "next/navigation";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getCurrentUser } from "@/lib/utils/server/user";
+import { Suspense } from "react";
+
+export default async function Page() {
+	// server-side fetch roles and current user
+	const resRoles = await db.query.roles.findMany();
+	const user = await getCurrentUser();
+
+	if (!userHasPermission(user, PermissionType.VIEW_ROLES)) return notFound();
+
+	// pass serializable data to client
+	return (
+		<div className="mx-auto max-w-7xl px-5 pt-40">
+			<h1 className="mb-4 text-2xl font-bold">Roles</h1>
+			<Suspense fallback={<div className="text-center py-8">Loading roles...</div>}>
+				<RolesManager roles={resRoles} currentUser={user} />
+			</Suspense>
+		</div>
+	);
+}
diff --git a/apps/web/src/app/admin/scanner/[id]/page.tsx b/apps/web/src/app/admin/scanner/[id]/page.tsx
index 473be983..10378306 100644
--- a/apps/web/src/app/admin/scanner/[id]/page.tsx
+++ b/apps/web/src/app/admin/scanner/[id]/page.tsx
@@ -3,7 +3,11 @@ import FullScreenMessage from "@/components/shared/FullScreenMessage";
 import { db } from "db";
 import { eq, and } from "db/drizzle";
 import { getHacker } from "db/functions";
-import { events, userCommonData, scans } from "db/schema";
+import { events, scans } from "db/schema";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { notFound } from "next/dist/client/components/navigation";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page({
 	params,
@@ -14,6 +18,12 @@ export default async function Page({
 }) {
 	// TODO: maybe move event existant check into a layout so it holds state?
 
+	const user = await getCurrentUser();
+
+	if (!userHasPermission(user, PermissionType.CREATE_SCANS)) {
+		return notFound();
+	}
+
 	if (!params || !params.id || isNaN(parseInt(params.id))) {
 		return (
 			<FullScreenMessage
@@ -49,7 +59,9 @@ export default async function Page({
 		);
 	}
 
-	const scanUser = await getHacker(searchParams.user);
+	const scanUser = searchParams.user
+		? await getHacker(searchParams.user)
+		: null;
 
 	const scan = !scanUser
 		? null
diff --git a/apps/web/src/app/admin/users/[slug]/page.tsx b/apps/web/src/app/admin/users/[slug]/page.tsx
index 58c263a8..fd9539d7 100644
--- a/apps/web/src/app/admin/users/[slug]/page.tsx
+++ b/apps/web/src/app/admin/users/[slug]/page.tsx
@@ -9,9 +9,8 @@ import {
 	PersonalInfo,
 	ProfileInfo,
 } from "@/components/admin/users/ServerSections";
-import { auth } from "@clerk/nextjs/server";
 import { notFound } from "next/navigation";
-import { isUserAdmin } from "@/lib/utils/server/admin";
+import { userHasPermission } from "@/lib/utils/server/admin";
 import ApproveUserButton from "@/components/admin/users/ApproveUserButton";
 import c from "config";
 import { getHacker, getUser } from "db/functions";
@@ -19,23 +18,22 @@ import BanUserDialog from "@/components/admin/users/BanUserDialog";
 import { db, eq } from "db";
 import { bannedUsers } from "db/schema";
 import RemoveUserBanDialog from "@/components/admin/users/RemoveUserBanDialog";
+import { PermissionType } from "@/lib/constants/permission";
+import Restricted from "@/components/Restricted";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page({ params }: { params: { slug: string } }) {
-	const { userId } = await auth();
+	const admin = await getCurrentUser();
+	if (!userHasPermission(admin, PermissionType.VIEW_USERS)) return notFound();
 
-	if (!userId) return notFound();
+	const subject = await getHacker(params.slug);
 
-	const admin = await getUser(userId);
-	if (!admin || !isUserAdmin(admin)) return notFound();
-
-	const user = await getHacker(params.slug);
-
-	if (!user) {
+	if (!subject) {
 		return <p className="text-center font-bold">User Not Found</p>;
 	}
 
 	const banInstance = await db.query.bannedUsers.findFirst({
-		where: eq(bannedUsers.userID, user.clerkID),
+		where: eq(bannedUsers.userID, subject.clerkID),
 	});
 
 	return (
@@ -59,38 +57,51 @@ export default async function Page({ params }: { params: { slug: string } }) {
 					</div>
 				</div>
 				<div className="col-span-2 flex items-center justify-end gap-2">
-					<Link href={`/@${user.hackerTag}`} target="_blank">
+					<Link href={`/@${subject.hackerTag}`} target="_blank">
 						<Button variant={"outline"}>Hacker Profile</Button>
 					</Link>
 
-					<Link href={`mailto:${user.email}`}>
+					<Link href={`mailto:${subject.email}`}>
 						<Button variant={"outline"}>Email Hacker</Button>
 					</Link>
 
-					<UpdateRoleDialog
-						name={`${user.firstName} ${user.lastName}`}
-						canMakeAdmins={admin.role === "super_admin"}
-						currPermision={user.role}
-						userID={user.clerkID}
-					/>
-
-					{!!banInstance ? (
-						<RemoveUserBanDialog
-							name={`${user.firstName} ${user.lastName}`}
-							reason={banInstance.reason!}
-							userID={user.clerkID}
-						/>
-					) : (
-						<BanUserDialog
-							name={`${user.firstName} ${user.lastName}`}
-							userID={user.clerkID}
+					<Restricted
+						user={admin}
+						permissions={PermissionType.CHANGE_USER_ROLES}
+						targetRolePosition={subject.role.position}
+						position="higher"
+					>
+						<UpdateRoleDialog
+							name={`${subject.firstName} ${subject.lastName}`}
+							currentRoleId={subject.role_id}
+							userID={subject.clerkID}
 						/>
-					)}
+					</Restricted>
+
+					<Restricted
+						user={admin}
+						permissions={PermissionType.BAN_USERS}
+						targetRolePosition={subject.role.position}
+						position="higher"
+					>
+						{!!banInstance ? (
+							<RemoveUserBanDialog
+								name={`${subject.firstName} ${subject.lastName}`}
+								reason={banInstance.reason!}
+								userID={subject.clerkID}
+							/>
+						) : (
+							<BanUserDialog
+								name={`${subject.firstName} ${subject.lastName}`}
+								userID={subject.clerkID}
+							/>
+						)}
+					</Restricted>
 
 					{(c.featureFlags.core.requireUsersApproval as boolean) && (
 						<ApproveUserButton
-							userIDToUpdate={user.clerkID}
-							currentApproval={user.isApproved}
+							userIDToUpdate={subject.clerkID}
+							currentApproval={subject.isApproved}
 						/>
 					)}
 				</div>
@@ -101,27 +112,27 @@ export default async function Page({ params }: { params: { slug: string } }) {
 						<Image
 							className="object-cover object-center"
 							fill
-							src={user.profilePhoto}
-							alt={`Profile Photo for ${user.firstName} ${user.lastName}`}
+							src={subject.profilePhoto}
+							alt={`Profile Photo for ${subject.firstName} ${subject.lastName}`}
 						/>
 					</div>
 					<h1 className="mt-4 text-3xl font-semibold">
-						{user.firstName} {user.lastName}
+						{subject.firstName} {subject.lastName}
 					</h1>
 					<h2 className="font-mono text-muted-foreground">
-						@{user.hackerTag}
+						@{subject.hackerTag}
 					</h2>
 					{/* <p className="mt-5 text-sm">{team.bio}</p> */}
 					<div className="mt-5 flex gap-x-2">
 						<Badge className="no-select">
 							Joined{" "}
-							{user.signupTime
+							{subject.signupTime
 								.toDateString()
 								.split(" ")
 								.slice(1)
 								.join(" ")}
 						</Badge>
-						{user.isRSVPed && (
+						{subject.isRSVPed && (
 							<Badge className="no-select bg-gradient-to-r from-teal-400 to-blue-500 bg-clip-padding text-center hover:from-teal-500 hover:to-blue-600">
 								<CalendarCheck className="mr-1 h-3 w-3" />
 								RSVP
@@ -130,9 +141,9 @@ export default async function Page({ params }: { params: { slug: string } }) {
 					</div>
 				</div>
 				<div className="col-span-2 overflow-x-hidden">
-					<PersonalInfo user={user} />
-					<ProfileInfo user={user} />
-					<AccountInfo user={user} />
+					<PersonalInfo user={subject} />
+					<ProfileInfo user={subject} />
+					<AccountInfo user={subject} />
 				</div>
 			</div>
 		</main>
diff --git a/apps/web/src/app/admin/users/page.tsx b/apps/web/src/app/admin/users/page.tsx
index 6e762102..fedcb66d 100644
--- a/apps/web/src/app/admin/users/page.tsx
+++ b/apps/web/src/app/admin/users/page.tsx
@@ -4,20 +4,15 @@ import { columns } from "@/components/admin/users/UserColumns";
 import { Button } from "@/components/shadcn/ui/button";
 import { FolderInput } from "lucide-react";
 import { getAllUsers } from "db/functions";
-import { userCommonData } from "db/schema";
-import { getUser } from "db/functions";
-import { auth } from "@clerk/nextjs/server";
 import { notFound } from "next/navigation";
-import { isUserAdmin } from "@/lib/utils/server/admin";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 // This begs a question where we might want to have an option later on to sort by the role as we might want different things
 export default async function Page() {
-	const { userId } = await auth();
-
-	if (!userId) return notFound();
-
-	const admin = await getUser(userId);
-	if (!admin || !isUserAdmin(admin)) return notFound();
+	const user = await getCurrentUser();
+	if (!userHasPermission(user, PermissionType.VIEW_USERS)) return notFound();
 
 	const userData = await getAllUsers();
 
diff --git a/apps/web/src/app/api/admin/events/create/route.ts b/apps/web/src/app/api/admin/events/create/route.ts
deleted file mode 100644
index 6606ef35..00000000
--- a/apps/web/src/app/api/admin/events/create/route.ts
+++ /dev/null
@@ -1,56 +0,0 @@
-import { auth } from "@clerk/nextjs/server";
-import { db } from "db";
-import { events } from "db/schema";
-import { newEventFormSchema } from "@/validators/event";
-import { BasicRedirValidator } from "@/validators/shared/basicRedir";
-import { NextResponse } from "next/server";
-import { z } from "zod";
-import superjson from "superjson";
-import c from "config";
-import { getUser } from "db/functions";
-
-// Make this a server action
-export async function POST(req: Request) {
-	const { userId } = await auth();
-
-	if (!userId) return new Response("Unauthorized", { status: 401 });
-
-	const reqUserRecord = await getUser(userId);
-	if (
-		!reqUserRecord ||
-		(reqUserRecord.role !== "super_admin" && reqUserRecord.role !== "admin")
-	) {
-		return new Response("Unauthorized", { status: 401 });
-	}
-
-	const body = superjson.parse(await req.text());
-	const parsedBody = newEventFormSchema.safeParse(body);
-
-	if (!parsedBody.success) {
-		return new Response("Malformed request body.", { status: 400 });
-	}
-
-	const res = await db
-		.insert(events)
-		.values({
-			title: parsedBody.data.title,
-			description: parsedBody.data.description,
-			startTime: parsedBody.data.startTime,
-			endTime: parsedBody.data.endTime,
-			location: parsedBody.data.location,
-			type: parsedBody.data.type,
-			host:
-				parsedBody.data.host && parsedBody.data.host.length > 0
-					? parsedBody.data.host
-					: `${c.hackathonName}`,
-		})
-		.returning();
-
-	return NextResponse.json<z.infer<typeof BasicRedirValidator>>({
-		success: true,
-		message: "Event created successfully.",
-		redirect: `/schedule/${res[0].id}`,
-	});
-}
-
-export const runtime = "edge";
diff --git a/apps/web/src/app/dash/layout.tsx b/apps/web/src/app/dash/layout.tsx
index 0c118199..5e85035c 100644
--- a/apps/web/src/app/dash/layout.tsx
+++ b/apps/web/src/app/dash/layout.tsx
@@ -28,8 +28,7 @@ export default async function DashLayout({ children }: DashLayoutProps) {
 
 	if (
 		(c.featureFlags.core.requireUsersApproval as boolean) === true &&
-		user.isApproved === false &&
-		user.role === "hacker"
+		user.isApproved === false
 	) {
 		return redirect("/i/approval");
 	}
diff --git a/apps/web/src/app/dash/page.tsx b/apps/web/src/app/dash/page.tsx
index 1438131e..0706c249 100644
--- a/apps/web/src/app/dash/page.tsx
+++ b/apps/web/src/app/dash/page.tsx
@@ -11,15 +11,13 @@ import {
 	QuickQR,
 } from "@/components/dash/overview/ServerBubbles";
 import { getUser } from "db/functions";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page() {
-	const { userId } = await auth();
-	if (!userId) return null;
-	const user = await getUser(userId);
-	if (!user) return null;
+	const user = await getCurrentUser();
 
 	const qrPayload = createQRpayload({
-		userID: userId,
+		userID: user.clerkID,
 		createdAt: new Date(),
 	});
 
diff --git a/apps/web/src/app/discord-verify/page.tsx b/apps/web/src/app/discord-verify/page.tsx
index ef55b7e7..10c00a00 100644
--- a/apps/web/src/app/discord-verify/page.tsx
+++ b/apps/web/src/app/discord-verify/page.tsx
@@ -44,8 +44,7 @@ export default async function Page({
 
 	if (
 		(c.featureFlags.core.requireUsersApproval as boolean) === true &&
-		user.isApproved === false &&
-		user.role === "hacker"
+		user.isApproved === false
 	) {
 		return redirect("/i/approval");
 	}
diff --git a/apps/web/src/app/rsvp/page.tsx b/apps/web/src/app/rsvp/page.tsx
index 162b77ec..1c531a35 100644
--- a/apps/web/src/app/rsvp/page.tsx
+++ b/apps/web/src/app/rsvp/page.tsx
@@ -37,8 +37,7 @@ export default async function RsvpPage({
 
 	if (
 		(c.featureFlags.core.requireUsersApproval as boolean) === true &&
-		user.isApproved === false &&
-		user.role === "hacker"
+		user.isApproved === false
 	) {
 		return redirect("/i/approval");
 	}
diff --git a/apps/web/src/app/suspended/page.tsx b/apps/web/src/app/suspended/page.tsx
index fe918f16..ee9e6110 100644
--- a/apps/web/src/app/suspended/page.tsx
+++ b/apps/web/src/app/suspended/page.tsx
@@ -1,16 +1,14 @@
+import { getCurrentUser } from "@/lib/utils/server/user";
 import { auth } from "@clerk/nextjs/server";
 import { db, eq } from "db";
 import { getUser } from "db/functions";
 import { bannedUsers } from "db/schema";
 
 export default async function Page() {
-	const { userId } = await auth();
-	if (!userId) return null;
-	const user = await getUser(userId);
-	if (!user) return null;
+	const user = await getCurrentUser();
 
 	const banInstance = await db.query.bannedUsers.findFirst({
-		where: eq(bannedUsers.userID, userId),
+		where: eq(bannedUsers.userID, user.clerkID),
 	});
 	if (!banInstance) return null;
 
diff --git a/apps/web/src/components/Restricted.tsx b/apps/web/src/components/Restricted.tsx
new file mode 100644
index 00000000..30dd1301
--- /dev/null
+++ b/apps/web/src/components/Restricted.tsx
@@ -0,0 +1,38 @@
+import {
+	compareUserPosition,
+	userHasPermission,
+} from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { UserWithRole } from "db/types";
+import { ReactNode } from "react";
+
+function Restricted({
+	user,
+	permissions,
+	children,
+	position = "higher",
+	targetRolePosition = undefined,
+}: {
+	user: UserWithRole;
+	permissions: PermissionType | [PermissionType];
+	children: ReactNode;
+	position?: "higher" | "lower" | "equal";
+	targetRolePosition?: number;
+}) {
+	if (!userHasPermission(user, permissions)) {
+		return <></>;
+	}
+	if (targetRolePosition !== undefined) {
+		console.log(
+			user.role?.name + ":" + user.role?.position,
+			targetRolePosition,
+			compareUserPosition(user, targetRolePosition, position),
+		);
+		if (!compareUserPosition(user, targetRolePosition, position)) {
+			return <></>;
+		}
+	}
+	return <>{children}</>;
+}
+
+export default Restricted;
diff --git a/apps/web/src/components/admin/roles/CreateRoleDialog.tsx b/apps/web/src/components/admin/roles/CreateRoleDialog.tsx
new file mode 100644
index 00000000..2a7cc8ea
--- /dev/null
+++ b/apps/web/src/components/admin/roles/CreateRoleDialog.tsx
@@ -0,0 +1,177 @@
+"use client";
+
+import { useState } from "react";
+import {
+	Dialog,
+	DialogContent,
+	DialogHeader,
+	DialogTitle,
+	DialogTrigger,
+} from "@/components/shadcn/ui/dialog";
+import { Button } from "@/components/shadcn/ui/button";
+import { Input } from "@/components/shadcn/ui/input";
+import { Label } from "@/components/shadcn/ui/label";
+import { PermissionType } from "@/lib/constants/permission";
+import { PermissionMask } from "@/lib/utils/shared/permission";
+import { useAction } from "next-safe-action/hooks";
+import { createRole } from "@/actions/admin/role-actions";
+import { toast } from "sonner";
+import Restricted from "@/components/Restricted";
+import { UserWithRole } from "db/types";
+import { userHasPermission } from "@/lib/utils/server/admin";
+
+export default function CreateRoleDialog({
+	currentUser,
+	nextPosition,
+}: {
+	currentUser: UserWithRole;
+	nextPosition: number;
+}) {
+	const [open, setOpen] = useState(false);
+	const [name, setName] = useState("");
+	const [permissionsMask, setPermissionsMask] = useState(0);
+	const [color, setColor] = useState("#000000");
+	const { execute: doCreate } = useAction(createRole, {
+		onError: ({ error }) => {
+			toast.error(
+				"Failed to create role: " +
+					(error.serverError || "Unknown error"),
+			);
+		},
+		onSuccess: () => {
+			toast.success("Role created");
+			setOpen(false);
+			setName("");
+			setPermissionsMask(0);
+			setColor("#000000");
+		},
+	});
+
+	const permissionEntries = Object.keys(PermissionType)
+		.filter((k) => isNaN(Number(k)))
+		.map((k) => ({
+			name: k.replaceAll("_", " "),
+			value: (PermissionType as any)[k] as number,
+		}));
+
+	const hasPermLocal = (perm: PermissionType) => {
+		const mask = new PermissionMask(permissionsMask);
+		return mask.has(perm);
+	};
+
+	// Check if user can assign this permission (they must have it themselves)
+	const canAssignPermission = (perm: PermissionType) => {
+		return userHasPermission(currentUser, perm);
+	};
+
+	const togglePerm = (perm: PermissionType) => {
+		if (!canAssignPermission(perm)) return;
+		setPermissionsMask(new PermissionMask(permissionsMask).toggle(perm));
+	};
+
+	const handleCreate = () => {
+		if (!name.trim()) {
+			toast.error("Role name is required");
+			return;
+		}
+		doCreate({
+			name: name.trim(),
+			position: nextPosition,
+			permissions: permissionsMask,
+			color: color || undefined,
+		});
+	};
+	return (
+		<Restricted
+			user={currentUser}
+			permissions={PermissionType.CREATE_ROLES}
+		>
+			<Dialog open={open} onOpenChange={setOpen}>
+				<DialogTrigger asChild>
+					<Button>Create New Role</Button>
+				</DialogTrigger>
+				<DialogContent className="max-w-2xl">
+					<DialogHeader>
+						<DialogTitle>Create New Role</DialogTitle>
+					</DialogHeader>
+					<div className="grid grid-cols-2 gap-12">
+						<div>
+							<div className="mb-4">
+								<Label htmlFor="name">Role Name</Label>
+								<Input
+									id="name"
+									value={name}
+									onChange={(e) => setName(e.target.value)}
+									placeholder="Enter role name"
+								/>
+							</div>
+							<h4 className="mb-2 font-semibold">Permissions</h4>
+							<div className="space-y-2">
+								{permissionEntries.map((p) => (
+									<div
+										key={p.name}
+										className="flex items-center justify-between"
+									>
+										<div className="flex items-center gap-x-2">
+											<input
+												type="checkbox"
+												checked={hasPermLocal(p.value)}
+												disabled={
+													!canAssignPermission(
+														p.value,
+													)
+												}
+												onChange={() =>
+													togglePerm(p.value)
+												}
+											/>
+											<span
+												className={
+													!canAssignPermission(
+														p.value,
+													)
+														? "text-muted-foreground"
+														: ""
+												}
+											>
+												{p.name}
+											</span>
+										</div>
+										<div className="text-sm text-muted-foreground">
+											{hasPermLocal(p.value)
+												? "Enabled"
+												: "Disabled"}
+											{!canAssignPermission(p.value) &&
+												" (You can't assign this permission)"}
+										</div>
+									</div>
+								))}
+							</div>
+						</div>
+						<div>
+							<h4 className="mb-2 font-semibold">Appearance</h4>
+							<div className="flex items-center gap-x-2">
+								<Label htmlFor="color">Color</Label>
+								<input
+									id="color"
+									type="color"
+									value={color}
+									onChange={(e) => setColor(e.target.value)}
+								/>
+							</div>
+						</div>
+					</div>
+					<div className="mt-4 flex justify-end gap-2">
+						<Button
+							variant="outline"
+							onClick={() => setOpen(false)}
+						>
+							Cancel
+						</Button>
+						<Button onClick={handleCreate}>Create Role</Button>
+					</div>
+				</DialogContent>
+			</Dialog>
+		</Restricted>
+	);
+}
diff --git a/apps/web/src/components/admin/roles/DeleteRoleDialog.tsx b/apps/web/src/components/admin/roles/DeleteRoleDialog.tsx
new file mode 100644
index 00000000..0c5a1631
--- /dev/null
+++ b/apps/web/src/components/admin/roles/DeleteRoleDialog.tsx
@@ -0,0 +1,72 @@
+"use client";
+
+import { useState } from "react";
+import { Button } from "@/components/shadcn/ui/button";
+import {
+	Dialog,
+	DialogContent,
+	DialogHeader,
+	DialogTitle,
+	DialogTrigger,
+} from "@/components/shadcn/ui/dialog";
+import { useAction } from "next-safe-action/hooks";
+import { deleteRole } from "@/actions/admin/role-actions";
+import { toast } from "sonner";
+import { UserWithRole } from "db/types";
+import { InferSelectModel } from "drizzle-orm";
+import { roles } from "db/schema";
+
+type Role = InferSelectModel<typeof roles>;
+
+export default function DeleteRoleDialog({
+	role,
+	class_name,
+}: {
+	role: Role;
+	currentUser: UserWithRole;
+	class_name?: string;
+}) {
+	const [open, setOpen] = useState(false);
+	const { execute: doDelete } = useAction(deleteRole, {
+		onError: ({ error }) => {
+			toast.error(
+				"Failed to delete role: " +
+					(error.serverError || "Unknown error"),
+			);
+		},
+		onSuccess: () => {
+			toast.success("Role deleted successfully");
+			setOpen(false);
+		},
+	});
+
+	return (
+		<Dialog open={open} onOpenChange={setOpen}>
+			<DialogTrigger asChild>
+				<Button variant="destructive" className={class_name}>
+					Delete
+				</Button>
+			</DialogTrigger>
+			<DialogContent>
+				<DialogHeader>
+					<DialogTitle>Delete Role</DialogTitle>
+				</DialogHeader>
+				<p>
+					Are you sure you want to delete the role "{role.name}"? This
+					action cannot be undone.
+				</p>
+				<div className="mt-4 flex justify-end gap-2">
+					<Button variant="outline" onClick={() => setOpen(false)}>
+						Cancel
+					</Button>
+					<Button
+						variant="destructive"
+						onClick={() => doDelete({ roleId: role.id })}
+					>
+						Delete
+					</Button>
+				</div>
+			</DialogContent>
+		</Dialog>
+	);
+}
diff --git a/apps/web/src/components/admin/roles/RoleCard.tsx b/apps/web/src/components/admin/roles/RoleCard.tsx
new file mode 100644
index 00000000..e332caea
--- /dev/null
+++ b/apps/web/src/components/admin/roles/RoleCard.tsx
@@ -0,0 +1,217 @@
+"use client";
+
+import { useState, useEffect } from "react";
+import { Button } from "@/components/shadcn/ui/button";
+import {
+	AccordionItem,
+	AccordionTrigger,
+	AccordionContent,
+} from "@/components/shadcn/ui/accordion";
+import Restricted from "@/components/Restricted";
+import { PermissionType } from "@/lib/constants/permission";
+import { PermissionMask } from "@/lib/utils/shared/permission";
+import { ChevronUp, ChevronDown } from "lucide-react";
+import RoleBadge from "@/components/dash/shared/RoleBadge";
+import { UserWithRole } from "db/types";
+import { InferSelectModel } from "drizzle-orm";
+import { roles } from "db/schema";
+import {
+	compareUserPosition,
+	userHasPermission,
+} from "@/lib/utils/server/admin";
+import DeleteRoleDialog from "@/components/admin/roles/DeleteRoleDialog";
+
+type Role = InferSelectModel<typeof roles>;
+
+export default function RoleCard({
+	role,
+	currentUser,
+	onRoleChange,
+	onMove,
+	index,
+	total,
+}: {
+	role: Role;
+	currentUser: UserWithRole;
+	onRoleChange: (r: Role) => void;
+	onMove: (roleId: number, dir: "up" | "down") => void;
+	index: number;
+	total: number;
+}) {
+	const [permissionsMask, setPermissionsMask] = useState<number>(
+		role.permissions ?? 0,
+	);
+	const [color, setColor] = useState<string | null>(role.color ?? "");
+
+	useEffect(() => {
+		setPermissionsMask(role.permissions ?? 0);
+		setColor(role.color ?? "");
+	}, [role]);
+
+	const hasPermLocal = (perm: PermissionType) => {
+		const mask = new PermissionMask(permissionsMask);
+		return mask.has(perm);
+	};
+
+	// Whether current user may toggle this permission on target role (they must have EDIT_ROLES and higher position)
+	const canEditRole = (() => {
+		try {
+			return (
+				userHasPermission(currentUser, PermissionType.EDIT_ROLES) &&
+				compareUserPosition(currentUser, role.position, "higher")
+			);
+		} catch (e) {
+			return false;
+		}
+	})();
+
+	// Whether current user may delete this role (they must have DELETE_ROLES and higher position)
+	const canDeleteRole = (() => {
+		try {
+			return (
+				userHasPermission(currentUser, PermissionType.DELETE_ROLES) &&
+				compareUserPosition(currentUser, role.position, "higher")
+			);
+		} catch (e) {
+			return false;
+		}
+	})();
+
+	// user cannot toggle individual permission bits they don't personally have
+	function canTogglePermission(perm: PermissionType) {
+		return userHasPermission(currentUser, perm) && canEditRole;
+	}
+
+	function togglePerm(perm: PermissionType) {
+		if (!canTogglePermission(perm)) return;
+		const next = new PermissionMask(role.permissions).toggle(perm);
+		setPermissionsMask(next);
+		onRoleChange({ ...role, permissions: next, color });
+	}
+
+	function onColorChange(v: string) {
+		setColor(v);
+		onRoleChange({ ...role, permissions: permissionsMask, color: v });
+	}
+
+	// Build a list of PermissionType entries
+	const permissionEntries = Object.keys(PermissionType)
+		.filter((k) => isNaN(Number(k)))
+		.map((k) => ({
+			name: k.replaceAll("_", " "),
+			value: (PermissionType as any)[k] as number,
+		}));
+
+	return (
+		<AccordionItem
+			value={String(role.id)}
+			className={`p-4 ${canEditRole ? "" : "opacity-40"}`}
+		>
+			<AccordionTrigger asChild>
+				<div className="flex w-full items-center gap-x-3">
+					<div className="flex items-center gap-x-2">
+						<div className="flex flex-col">
+							<div className="flex items-center gap-x-1">
+								<Button
+									size="icon"
+									variant="ghost"
+									onClick={(e) => {
+										e.stopPropagation();
+										onMove(role.id, "up");
+									}}
+									disabled={index === 0 || !canEditRole}
+								>
+									<ChevronUp />
+								</Button>
+								<Button
+									size="icon"
+									variant="ghost"
+									onClick={(e) => {
+										e.stopPropagation();
+										onMove(role.id, "down");
+									}}
+									disabled={
+										index === total - 1 || !canEditRole
+									}
+								>
+									<ChevronDown />
+								</Button>
+							</div>
+						</div>
+						<RoleBadge role={role} />
+					</div>
+
+					<div className="ml-auto mr-4 flex items-center gap-x-2"></div>
+				</div>
+			</AccordionTrigger>
+			<AccordionContent>
+				<div className="grid grid-cols-[1.5fr_0.5fr_0.5fr] gap-12">
+					<div>
+						<h4 className="font-semibold">Permissions</h4>
+						<div className="mt-2 space-y-2">
+							{permissionEntries.map((p) => (
+								<div
+									key={p.name}
+									className="flex items-center justify-between"
+								>
+									<div className="flex items-center gap-x-2">
+										<input
+											type="checkbox"
+											checked={hasPermLocal(p.value)}
+											disabled={
+												!canTogglePermission(p.value) ||
+												!canEditRole
+											}
+											onChange={() => togglePerm(p.value)}
+										/>
+										<span>{p.name}</span>
+									</div>
+									<div className="text-sm text-muted-foreground">
+										{hasPermLocal(p.value)
+											? "Enabled"
+											: "Disabled"}
+									</div>
+								</div>
+							))}
+						</div>
+					</div>
+					<div>
+						<h4 className="font-semibold">Appearance</h4>
+						<div className="mt-2 flex flex-col gap-y-2">
+							<div className="flex items-center gap-x-2">
+								<label className="text-sm">Color</label>
+								{canEditRole ? (
+									<input
+										type="color"
+										value={color || "#000000"}
+										onChange={(e) =>
+											onColorChange(e.target.value)
+										}
+									/>
+								) : (
+									<span className="text-sm text-muted-foreground">
+										{role.color || "—"}
+									</span>
+								)}
+							</div>
+						</div>
+					</div>
+					<div>
+						<Restricted
+							user={currentUser}
+							permissions={PermissionType.DELETE_ROLES}
+							targetRolePosition={role.position}
+							position="higher"
+						>
+							<DeleteRoleDialog
+								role={role}
+								currentUser={currentUser}
+								class_name="mt-4"
+							/>
+						</Restricted>
+					</div>
+				</div>
+			</AccordionContent>
+		</AccordionItem>
+	);
+}
diff --git a/apps/web/src/components/admin/roles/RolesManager.tsx b/apps/web/src/components/admin/roles/RolesManager.tsx
new file mode 100644
index 00000000..020f3963
--- /dev/null
+++ b/apps/web/src/components/admin/roles/RolesManager.tsx
@@ -0,0 +1,127 @@
+"use client";
+
+import { useState, useEffect } from "react";
+import RoleCard from "@/components/admin/roles/RoleCard";
+import { Accordion } from "@/components/shadcn/ui/accordion";
+import { Button } from "@/components/shadcn/ui/button";
+import { useAction } from "next-safe-action/hooks";
+import { editRole } from "@/actions/admin/role-actions";
+import { toast } from "sonner";
+import CreateRoleDialog from "@/components/admin/roles/CreateRoleDialog";
+import Restricted from "@/components/Restricted";
+import { PermissionType } from "@/lib/constants/permission";
+
+export default function RolesManager({
+	roles: initialRoles,
+	currentUser,
+}: {
+	roles: any[];
+	currentUser: any;
+}) {
+	const [roles, setRoles] = useState(() =>
+		[...initialRoles].sort((a, b) => a.position - b.position),
+	);
+	const [dirty, setDirty] = useState(false);
+	const { execute: doEdit } = useAction(editRole, {
+		onError: ({ error }) => {
+			toast.error(
+				"Failed to save role: " +
+					(error.serverError || "Unknown error"),
+			);
+		},
+		onSuccess: () => {
+			// Individual success not needed since we save all at once
+		},
+	});
+
+	useEffect(() => {
+		setRoles([...initialRoles].sort((a, b) => a.position - b.position));
+	}, [initialRoles]);
+
+	const nextPosition =
+		roles.length > 0 ? Math.max(...roles.map((r) => r.position)) + 1 : 1;
+
+	function onRoleChange(updated: any) {
+		setRoles((prev) => {
+			const next = prev.map((r) =>
+				r.id === updated.id ? { ...r, ...updated } : r,
+			);
+			setDirty(true);
+			return next;
+		});
+	}
+
+	function onMove(roleId: number, dir: "up" | "down") {
+		setRoles((prev) => {
+			const idx = prev.findIndex((r) => r.id === roleId);
+			if (idx === -1) return prev;
+			const next = [...prev];
+			const swapIdx = dir === "up" ? idx - 1 : idx + 1;
+			if (swapIdx < 0 || swapIdx >= next.length) return prev;
+			// swap positions
+			const a = next[idx];
+			const b = next[swapIdx];
+			const aPos = a.position;
+			next[idx] = { ...a, position: b.position };
+			next[swapIdx] = { ...b, position: aPos };
+			setDirty(true);
+			// resort after swap
+			return next.sort((a, b) => a.position - b.position);
+		});
+	}
+
+	const total = roles.length;
+
+	async function saveAll() {
+		const promises = roles.map((r) =>
+			doEdit({
+				roleId: r.id,
+				name: r.name,
+				position: r.position,
+				permissions: r.permissions,
+				color: r.color ?? null,
+			}),
+		);
+		try {
+			await Promise.all(promises);
+			toast.success("All changes saved successfully");
+			setDirty(false);
+		} catch (e: any) {
+			// Errors are handled by onError callback
+			console.error(e);
+		}
+	}
+
+	return (
+		<div>
+			<div className="mb-4 flex justify-end">
+				<Restricted
+					user={currentUser}
+					permissions={PermissionType.CREATE_ROLES}
+				>
+					<CreateRoleDialog
+						currentUser={currentUser}
+						nextPosition={nextPosition}
+					/>
+				</Restricted>
+			</div>
+			<Accordion type="multiple" className="w-full">
+				{roles.map((r, i) => (
+					<RoleCard
+						key={r.id}
+						role={r}
+						currentUser={currentUser}
+						onRoleChange={onRoleChange}
+						onMove={onMove}
+						index={i}
+						total={total}
+					/>
+				))}
+			</Accordion>
+
+			<div className="fixed bottom-0 right-0 m-8">
+				{dirty ? <Button onClick={saveAll}>Save Changes</Button> : null}
+			</div>
+		</div>
+	);
+}
diff --git a/apps/web/src/components/admin/scanner/PassScanner.tsx b/apps/web/src/components/admin/scanner/PassScanner.tsx
index f7c1d936..e6429b55 100644
--- a/apps/web/src/components/admin/scanner/PassScanner.tsx
+++ b/apps/web/src/components/admin/scanner/PassScanner.tsx
@@ -63,7 +63,7 @@ export default function PassScanner({
 		: "Not Checked In";
 	const guild =
 		Object.keys(c.groups)[scanUser?.hackerData.group || 0] ?? "None";
-	const role = scanUser?.role ? scanUser?.role : "Not Found";
+	const role = scanUser?.role?.name ? scanUser?.role?.name : "Not Found";
 
 	function handleScanCreate() {
 		const params = new URLSearchParams(searchParams.toString());
diff --git a/apps/web/src/components/admin/users/ServerSections.tsx b/apps/web/src/components/admin/users/ServerSections.tsx
index 21b7c6cb..951654ee 100644
--- a/apps/web/src/components/admin/users/ServerSections.tsx
+++ b/apps/web/src/components/admin/users/ServerSections.tsx
@@ -1,9 +1,9 @@
 import UserInfoSection from "@/components/admin/users/UserInfoSection";
 import type { Hacker } from "db/types";
-import { titleCase } from "title-case";
 import { Button } from "@/components/shadcn/ui/button";
 import Link from "next/link";
 import { clerkClient } from "@clerk/nextjs/server";
+import { titleCase } from "@/lib/utils/shared/string";
 
 export function PersonalInfo({ user }: { user: Hacker }) {
 	return (
diff --git a/apps/web/src/components/admin/users/UpdateRoleDialog.tsx b/apps/web/src/components/admin/users/UpdateRoleDialog.tsx
index edf59a25..cea26185 100644
--- a/apps/web/src/components/admin/users/UpdateRoleDialog.tsx
+++ b/apps/web/src/components/admin/users/UpdateRoleDialog.tsx
@@ -16,30 +16,34 @@ import {
 	SelectValue,
 } from "@/components/shadcn/ui/select";
 import { Button } from "@/components/shadcn/ui/button";
-import { perms } from "config";
 import { toast } from "sonner";
 import { useAction } from "next-safe-action/hooks";
 import { updateRole } from "@/actions/admin/user-actions";
 import { useState } from "react";
-import { titleCase } from "title-case";
 import { Badge } from "@/components/shadcn/ui/badge";
+import { db } from "db";
+import { titleCase } from "@/lib/utils/shared/string";
 
 interface UpdateRoleDialogProps {
 	userID: string;
 	name: string;
-	currPermision: (typeof perms)[number];
-	canMakeAdmins: boolean;
+	currentRoleId: number;
 }
 
-export default function UpdateRoleDialog({
+export default async function UpdateRoleDialog({
 	userID,
-	currPermision,
-	canMakeAdmins,
+	currentRoleId,
 	name,
 }: UpdateRoleDialogProps) {
-	const [roleToSet, setRoleToSet] = useState(currPermision);
+	const [roleToSet, setRoleToSet] = useState(currentRoleId);
 	const [open, setOpen] = useState(false);
 
+	const roles = await db.query.roles.findMany();
+
+	const currentRoleName = titleCase(
+		roles.find((r) => r.id === currentRoleId)?.name.replace("_", " ") || "",
+	);
+
 	const { execute } = useAction(updateRole, {
 		async onSuccess() {
 			toast.dismiss();
@@ -66,41 +70,15 @@ export default function UpdateRoleDialog({
 				</DialogHeader>
 				<div className="grid gap-4 py-4">
 					<div className="flex">
-						{/* <Label htmlFor="name" className="text-right">
-                        HackerTag
-                    </Label>
-                    <Input
-                        onChange={(e) => setHackerTag(e.target.value)}
-                        id="name"
-                        placeholder="@HackerTag"
-                        className="col-span-3"
-                    /> */}
-						<Select
-							onValueChange={(v) =>
-								setRoleToSet(v as (typeof perms)[number])
-							}
-						>
+						<Select onValueChange={(v) => setRoleToSet(Number(v))}>
 							<SelectTrigger className="w-[180px]">
-								<SelectValue
-									placeholder={titleCase(
-										currPermision.replace("_", " "),
-									)}
-								/>
+								<SelectValue placeholder={currentRoleName} />
 							</SelectTrigger>
 							<SelectContent>
-								{/* <SelectItem value="light">Light</SelectItem>
-								<SelectItem value="dark">Dark</SelectItem>
-								<SelectItem value="system">System</SelectItem> */}
-								{perms.map((perm) => {
-									if (
-										!canMakeAdmins &&
-										(perm === "admin" ||
-											perm === "super_admin")
-									)
-										return null;
+								{roles.map(({ id, name }) => {
 									return (
-										<SelectItem key={perm} value={perm}>
-											{titleCase(perm.replace("_", " "))}
+										<SelectItem key={id} value={String(id)}>
+											{titleCase(name.replace("_", " "))}
 										</SelectItem>
 									);
 								})}
@@ -109,27 +87,23 @@ export default function UpdateRoleDialog({
 					</div>
 				</div>
 				<DialogFooter>
-					{roleToSet !== currPermision ? (
+					{roleToSet !== currentRoleId ? (
 						<div className="flex h-full w-full items-center justify-center gap-x-2 self-end sm:justify-start">
-							<Badge>
-								{titleCase(currPermision.replace("_", " "))}
-							</Badge>
+							<Badge>{currentRoleName}</Badge>
 							<span>&rarr;</span>
-							<Badge>
-								{titleCase(roleToSet.replace("_", " "))}
-							</Badge>
+							<Badge>{currentRoleName}</Badge>
 						</div>
 					) : null}
 					<Button
 						onClick={() => {
-							if (roleToSet === currPermision) {
+							if (roleToSet === currentRoleId) {
 								return toast.warning(
 									"The user already has this role.",
 								);
 							}
 							toast.loading("Updating role...", { duration: 0 });
 							execute({
-								roleToSet,
+								roleIdToSet: roleToSet,
 								userIDToUpdate: userID,
 							});
 							setOpen(false);
diff --git a/apps/web/src/components/dash/shared/RoleBadge.tsx b/apps/web/src/components/dash/shared/RoleBadge.tsx
index 78381f1b..b9aecb1e 100644
--- a/apps/web/src/components/dash/shared/RoleBadge.tsx
+++ b/apps/web/src/components/dash/shared/RoleBadge.tsx
@@ -1,30 +1,39 @@
-import c from "config";
 import { Badge } from "@/components/shadcn/ui/badge";
 import { BadgeCheck } from "lucide-react";
+import { roles } from "db/schema";
+import { InferSelectModel } from "drizzle-orm";
 
 interface RoleBadgeProps {
-	role: keyof typeof c.roleBadges;
+	role: InferSelectModel<typeof roles>;
+}
+
+function getContrastColor(hex: string) {
+	// fallback
+	if (!hex) return "#000";
+	const cleaned = hex.replace("#", "");
+	const r = parseInt(cleaned.substring(0, 2), 16);
+	const g = parseInt(cleaned.substring(2, 4), 16);
+	const b = parseInt(cleaned.substring(4, 6), 16);
+	// luminance formula
+	const luminance = (0.2126 * r + 0.7152 * g + 0.0722 * b) / 255;
+	return luminance > 0.6 ? "#000" : "#fff";
 }
 
 export default function RoleBadge({ role }: RoleBadgeProps) {
+	const bg = role.color || "#e5e7eb"; // default gray-200
+	const fg = getContrastColor(bg);
+
 	return (
 		<Badge
-			style={{ backgroundColor: c.roleBadges[role].color }}
-			className={`${c.roleBadges[role].checked ? "px-1" : ""} gap-x-1`}
+			style={{ backgroundColor: bg, height: "32px" }}
+			className={`gap-x-1 px-2`}
 		>
-			<span style={{ color: c.roleBadges[role].foreground }}>
-				{c.roleBadges[role].title}
+			<span style={{ color: fg }} className="weight-700 uppercase">
+				{role.name.replace(/_/g, " ")}
 			</span>
-			{c.roleBadges[role].checked ? (
-				<BadgeCheck
-					className="text-lg"
-					style={{
-						color:
-							typeof c.roleBadges[role].checked == "boolean"
-								? `color-mix(in hsl longer hue, ${c.roleBadges[role].color} 95%, ${c.roleBadges[role].foreground})`
-								: (c.roleBadges[role].checked as string),
-					}}
-				/>
+			{/* show check icon if this role has any permissions (simple heuristic) */}
+			{role.permissions ? (
+				<BadgeCheck className="weight-700" style={{ color: fg }} />
 			) : null}
 		</Badge>
 	);
diff --git a/apps/web/src/components/emails/RegistrationSuccessEmail.tsx b/apps/web/src/components/emails/RegistrationSuccessEmail.tsx
new file mode 100644
index 00000000..14e628e5
--- /dev/null
+++ b/apps/web/src/components/emails/RegistrationSuccessEmail.tsx
@@ -0,0 +1,114 @@
+import {
+	Body,
+	Button,
+	Container,
+	Column,
+	Head,
+	Heading,
+	Hr,
+	Html,
+	Img,
+	Link,
+	Preview,
+	Row,
+	Section,
+	Tailwind,
+	Text,
+} from "@react-email/components";
+import type { DefaultEmailTemplateProps } from "@/lib/utils/server/types";
+import c from "config";
+
+interface RegistrationSuccessProps extends DefaultEmailTemplateProps {}
+
+const baseUrl = process.env.VERCEL_URL
+	? `https://${process.env.VERCEL_URL}`
+	: "";
+
+export default function RegistrationSuccessEmail({
+	firstName,
+}: RegistrationSuccessProps) {
+	return (
+		<div>
+			<Tailwind>
+				<Body className="mx-auto my-auto bg-white font-sans">
+					<Container className="mx-auto my-[40px] w-[465px] rounded border border-solid border-[#eaeaea] p-[20px]">
+						<Section className="mt-[32px]">
+							<Img
+								src={`${baseUrl}${c.icon.md}`}
+								width="40"
+								height="37"
+								alt={`${c.hackathonName} logo`}
+								className="mx-auto my-0"
+							/>
+						</Section>
+						<Heading className="mx-0 my-[30px] p-0 text-center text-[24px] font-normal text-black">
+							You are now registered for {c.hackathonName} $
+							{c.itteration}!
+						</Heading>
+						<Text className="text-[14px] leading-[24px] text-black">
+							Hello {firstName},
+						</Text>
+						{/* <Text className="text-black text-[14px] leading-[24px]">
+              <strong>bukinoshita</strong> (
+              <Link
+                href={`mailto:${invitedByEmail}`}
+                className="text-blue-600 no-underline"
+              >
+                {invitedByEmail}
+              </Link>
+              ) has invited you to the <strong>{teamName}</strong> team on{' '}
+              <strong>Vercel</strong>.
+            </Text>
+            <Section>
+              <Row>
+                <Column align="right">
+                  <Img className="rounded-full" src={userImage} width="64" height="64" />
+                </Column>
+                <Column align="center">
+                  <Img
+                    src={`${baseUrl}/static/vercel-arrow.png`}
+                    width="12"
+                    height="9"
+                    alt="invited you to"
+                  />
+                </Column>
+                <Column align="left">
+                  <Img className="rounded-full" src={teamImage} width="64" height="64" />
+                </Column>
+              </Row>
+            </Section>
+            <Section className="text-center mt-[32px] mb-[32px]">
+              <Button
+                pX={20}
+                pY={12}
+                className="bg-[#000000] rounded text-white text-[12px] font-semibold no-underline text-center"
+                href={inviteLink}
+              >
+                Join the team
+              </Button>
+            </Section>
+            <Text className="text-black text-[14px] leading-[24px]">
+              or copy and paste this URL into your browser:{' '}
+              <Link
+                href={inviteLink}
+                className="text-blue-600 no-underline"
+              >
+                {inviteLink}
+              </Link>
+            </Text>
+            <Hr className="border border-solid border-[#eaeaea] my-[26px] mx-0 w-full" />
+            <Text className="text-[#666666] text-[12px] leading-[24px]">
+              This invitation was intended for{' '}
+              <span className="text-black">{username} </span>.This invite was sent from{' '}
+              <span className="text-black">{inviteFromIp}</span> located in{' '}
+              <span className="text-black">{inviteFromLocation}</span>. If you were not
+              expecting this invitation, you can ignore this email. If you are
+              concerned about your account's safety, please reply to this email to
+              get in touch with us.
+            </Text> */}
+					</Container>
+				</Body>
+			</Tailwind>
+		</div>
+	);
+}
diff --git a/apps/web/src/components/events/admin/NewEventForm.tsx b/apps/web/src/components/events/admin/NewEventForm.tsx
index efc9c0d1..a486ded3 100644
--- a/apps/web/src/components/events/admin/NewEventForm.tsx
+++ b/apps/web/src/components/events/admin/NewEventForm.tsx
@@ -25,9 +25,9 @@ import { Textarea } from "@/components/shadcn/ui/textarea";
 import c from "config";
 import { DateTimePicker } from "@/components/shadcn/ui/date-time-picker/date-time-picker";
 import { parseAbsolute, getLocalTimeZone } from "@internationalized/date";
-import { zpostSafe } from "@/lib/utils/client/zfetch";
-import { BasicRedirValidator } from "@/validators/shared/basicRedir";
-import { useState } from "react";
+import { useAction } from "next-safe-action/hooks";
+import { createEvent } from "@/actions/admin/event-actions";
+import { useCallback, useState } from "react";
 import { LoaderPinwheel } from "lucide-react";
 import { useRouter } from "next/navigation";
 import { ONE_HOUR_IN_MILLISECONDS } from "@/lib/constants";
@@ -41,6 +41,31 @@ export default function NewEventForm({ defaultDate }: NewEventFormProps) {
 	const router = useRouter();
 	const userLocalTimeZone = getLocalTimeZone();
 
+	const { execute } = useAction(createEvent, {
+		onExecute: () => setLoading(true),
+		onSettled: () => setLoading(false),
+		onSuccess: () => {
+			toast.success(
+				"Event Created Successfully! Redirecting to event...",
+			);
+			setTimeout(() => {
+				router.push("/admin/events");
+			}, 2000);
+		},
+		onError: ({ error }) => {
+			let description: string;
+
+			if (error.validationErrors?._errors) {
+				// User is not super admin
+				description = error.validationErrors._errors[0];
+			} else {
+				description = error.serverError || "An unknown error occurred";
+			}
+
+			toast.error("Unable to edit event", { description });
+		},
+	});
+
 	const form = useForm<z.infer<typeof newEventFormSchema>>({
 		resolver: zodResolver(newEventFormSchema),
 		defaultValues: {
@@ -54,26 +79,19 @@ export default function NewEventForm({ defaultDate }: NewEventFormProps) {
 		},
 	});
 
-	async function onSubmit(values: z.infer<typeof newEventFormSchema>) {
-		setLoading(true);
-		const res = await zpostSafe({
-			url: "/api/admin/events/create",
-			body: values,
-			superReq: true,
-			vReq: newEventFormSchema,
-			vRes: BasicRedirValidator,
-		});
-		setLoading(false);
-		if (res.success) {
-			toast.success("Event Created Successfully! Redirecting to event");
-			router.push(res.data.redirect);
-		} else {
-			toast.error(
-				"Failed to create event, please try again. Error:\n\n" +
-					res.error,
-			);
-		}
-	}
+	const onSubmit = useCallback(
+		(values: z.infer<typeof newEventFormSchema>) => {
+			if (form.formState.isDirty) {
+				execute(values);
+			} else {
+				toast.error("Failed to create event", {
+					description:
+						"Please make changes to the form before submitting it!",
+				});
+			}
+		},
+		[form.formState.isDirty],
+	);
 
 	return (
 		<Form {...form}>
diff --git a/apps/web/src/components/shadcn/ui/accordion.tsx b/apps/web/src/components/shadcn/ui/accordion.tsx
index 6d13f3a9..20851dab 100644
--- a/apps/web/src/components/shadcn/ui/accordion.tsx
+++ b/apps/web/src/components/shadcn/ui/accordion.tsx
@@ -28,13 +28,15 @@ const AccordionTrigger = React.forwardRef<
 		<AccordionPrimitive.Trigger
 			ref={ref}
 			className={cn(
-				"flex flex-1 items-center justify-between py-4 font-medium transition-all hover:underline [&[data-state=open]>svg]:rotate-180",
+				"flex flex-1 items-center justify-between py-4 font-medium transition-all [&[data-state=open]>svg]:rotate-180",
 				className,
 			)}
 			{...props}
 		>
-			{children}
-			<ChevronDown className="h-4 w-4 shrink-0 transition-transform duration-200" />
+			<div>
+				{children}
+				<ChevronDown className="h-4 w-4 shrink-0 transition-transform duration-200" />
+			</div>
 		</AccordionPrimitive.Trigger>
 	</AccordionPrimitive.Header>
 ));
diff --git a/apps/web/src/components/shadcn/ui/button.tsx b/apps/web/src/components/shadcn/ui/button.tsx
index b50a2e1b..4006280b 100644
--- a/apps/web/src/components/shadcn/ui/button.tsx
+++ b/apps/web/src/components/shadcn/ui/button.tsx
@@ -22,7 +22,7 @@ const buttonVariants = cva(
 			},
 			size: {
 				default: "h-10 px-4 py-2",
-				sm: "h-9 rounded-md px-3",
+				sm: "h-7 rounded-md px-2",
 				lg: "h-11 rounded-md px-8",
 				icon: "h-10 w-10",
 			},
diff --git a/apps/web/src/components/shared/ClientToast.tsx b/apps/web/src/components/shared/ClientToast.tsx
index 9fd01e7c..9da362f0 100644
--- a/apps/web/src/components/shared/ClientToast.tsx
+++ b/apps/web/src/components/shared/ClientToast.tsx
@@ -3,8 +3,20 @@ import { Toaster } from "sonner";
 
 interface clientToastOptions {
 	richColors?: boolean;
+	duration?: number;
+	position?: "top-right" | "top-left" | "bottom-right" | "bottom-left";
 }
 
-export default function ClientToast({ richColors = true }: clientToastOptions) {
-	return <Toaster richColors={richColors} />;
+export default function ClientToast({
+	richColors = true,
+	duration,
+	position,
+}: clientToastOptions) {
+	return (
+		<Toaster
+			richColors={richColors}
+			duration={duration}
+			position={position}
+		/>
+	);
 }
diff --git a/apps/web/src/components/shared/ProfileButton.tsx b/apps/web/src/components/shared/ProfileButton.tsx
index 83730ab3..e406b25a 100644
--- a/apps/web/src/components/shared/ProfileButton.tsx
+++ b/apps/web/src/components/shared/ProfileButton.tsx
@@ -21,6 +21,8 @@ import DefaultDropdownTrigger from "../dash/shared/DefaultDropDownTrigger";
 import MobileNavBarLinks from "./MobileNavBarLinks";
 import { getUser } from "db/functions";
 import { clientLogOut } from "@/lib/utils/server/user";
+import Restricted from "../Restricted";
+import { PermissionType } from "@/lib/constants/permission";
 
 export default async function ProfileButton() {
 	const clerkUser = await auth();
@@ -153,15 +155,15 @@ export default async function ProfileButton() {
 							Event Pass
 						</DropdownMenuItem>
 					</Link>
-					{["admin", "super_admin", "volunteer"].includes(
-						user.role,
-					) && (
+
+					<Restricted user={user} permissions={PermissionType.ADMIN}>
 						<Link href={`/admin`}>
 							<DropdownMenuItem className="cursor-pointer text-hackathon">
 								Admin
 							</DropdownMenuItem>
 						</Link>
-					)}
+					</Restricted>
+
 					<MobileNavBarLinks />
 					<DropdownMenuSeparator className="bg-[rgb(228,228,231)] dark:bg-[rgb(39,39,42)]" />
 					<Link href={`/bug-report`}>
diff --git a/apps/web/src/lib/constants/permission.ts b/apps/web/src/lib/constants/permission.ts
new file mode 100644
index 00000000..4ae7f762
--- /dev/null
+++ b/apps/web/src/lib/constants/permission.ts
@@ -0,0 +1,25 @@
+export enum PermissionType {
+	//! DANGER: DO NOT CHANGE ANYTHING (NAMINGS, VALUES) OR REARRANGE. CAN CAUSE MAJOR ISSUES.
+	ADMIN = 1 << 0, // can access admin panel
+
+	VIEW_ROLES = 1 << 1,
+	CREATE_ROLES = 1 << 2,
+	EDIT_ROLES = 1 << 3,
+	DELETE_ROLES = 1 << 4,
+
+	VIEW_USERS = 1 << 5,
+	CHANGE_USER_ROLES = 1 << 6,
+	BAN_USERS = 1 << 7,
+
+	VIEW_EVENTS = 1 << 8,
+	CREATE_EVENTS = 1 << 9,
+	EDIT_EVENTS = 1 << 10,
+	DELETE_EVENTS = 1 << 11,
+
+	CHECK_IN = 1 << 12,
+	CREATE_SCANS = 1 << 13,
+
+	/* You can add new permissions following the pattern:
+		NEW_PERMISSION = 1 << n,
+	*/
+}
diff --git a/apps/web/src/lib/safe-action.ts b/apps/web/src/lib/safe-action.ts
index 822408a9..c6dc74b3 100644
--- a/apps/web/src/lib/safe-action.ts
+++ b/apps/web/src/lib/safe-action.ts
@@ -1,5 +1,6 @@
 import {
 	createSafeActionClient,
+	DEFAULT_SERVER_ERROR_MESSAGE,
 	returnValidationErrors,
 } from "next-safe-action";
 import { auth } from "@clerk/nextjs/server";
@@ -7,7 +8,12 @@ import { getUser } from "db/functions";
 import { z } from "zod";
 import { isUserAdmin } from "./utils/server/admin";
 
-export const publicAction = createSafeActionClient();
+export const publicAction = createSafeActionClient({
+	handleServerError: (error) => {
+		if (error instanceof Error && error.message) return error.message;
+		return DEFAULT_SERVER_ERROR_MESSAGE;
+	},
+});
 
 export const authenticatedAction = publicAction.use(
 	// TODO: Add registration check here?
@@ -25,10 +31,7 @@ export const authenticatedAction = publicAction.use(
 export const volunteerAction = authenticatedAction.use(
 	async ({ next, ctx }) => {
 		const user = await getUser(ctx.userId);
-		if (
-			!user ||
-			!["admin", "super_admin", "volunteer"].includes(user.role)
-		) {
+		if (!user || !isUserAdmin(user)) {
 			returnValidationErrors(z.null(), {
 				_errors: ["Unauthorized (Not Admin)"],
 			});
diff --git a/apps/web/src/lib/utils/server/admin.ts b/apps/web/src/lib/utils/server/admin.ts
index d91062cb..1e21952e 100644
--- a/apps/web/src/lib/utils/server/admin.ts
+++ b/apps/web/src/lib/utils/server/admin.ts
@@ -1,5 +1,39 @@
 import type { User } from "db/types";
+import { PermissionMask } from "@/lib/utils/shared/permission";
+import { PermissionType } from "@/lib/constants/permission";
+import { UserWithRole } from "db/types";
 
-export function isUserAdmin(user: User) {
-	return ["admin", "super_admin"].includes(user.role);
+export function userHasPermission(
+	user: UserWithRole,
+	permissions: PermissionType | [PermissionType],
+): boolean {
+	const userPermissionMask = new PermissionMask(user.role?.permissions || 0);
+
+	if (Array.isArray(permissions)) {
+		return permissions.every((permission) =>
+			userPermissionMask.has(permission),
+		);
+	}
+
+	return userPermissionMask.has(permissions);
+}
+
+export function isUserAdmin(user: UserWithRole): boolean {
+	return userHasPermission(user, PermissionType.ADMIN);
+}
+
+export function compareUserPosition(
+	user: UserWithRole,
+	targetRolePosition: number,
+	position: "higher" | "lower" | "equal",
+): boolean {
+	const userRolePosition = user.role?.position || 0;
+	if (position === "higher") {
+		return userRolePosition < targetRolePosition;
+	} else if (position === "lower") {
+		return userRolePosition > targetRolePosition;
+	} else if (position === "equal") {
+		return userRolePosition === targetRolePosition;
+	}
+	return false;
 }
diff --git a/apps/web/src/lib/utils/server/user.ts b/apps/web/src/lib/utils/server/user.ts
index 4789dea3..1877bc5d 100644
--- a/apps/web/src/lib/utils/server/user.ts
+++ b/apps/web/src/lib/utils/server/user.ts
@@ -1,5 +1,23 @@
+import { auth } from "@clerk/nextjs/server";
+import { getUser } from "db/functions";
+import { UserWithRole } from "db/types";
 import { redirect } from "next/navigation";
+import { cache } from "react";
 export async function clientLogOut() {
 	"use server";
 	redirect("/");
 }
+
+export const getCurrentUser = cache(async (): Promise<UserWithRole> => {
+	"use server";
+	const { userId } = await auth();
+	if (!userId) {
+		throw new Error("No user logged in");
+	}
+	const user = await getUser(userId);
+	if (!user) {
+		throw new Error("User not found");
+	}
+
+	return user;
+});
diff --git a/apps/web/src/lib/utils/shared/permission.ts b/apps/web/src/lib/utils/shared/permission.ts
new file mode 100644
index 00000000..cb47a7b1
--- /dev/null
+++ b/apps/web/src/lib/utils/shared/permission.ts
@@ -0,0 +1,35 @@
+import { PermissionType } from "@/lib/constants/permission";
+
+class PermissionMask {
+	mask: number;
+
+	constructor(mask: number) {
+		this.mask = mask;
+	}
+
+	has(perm: PermissionType): boolean {
+		return (this.mask & perm) !== 0;
+	}
+
+	add(perm: PermissionType): number {
+		return this.mask | perm;
+	}
+
+	remove(perm: PermissionType): number {
+		return this.mask & ~perm;
+	}
+
+	toggle(perm: PermissionType): number {
+		return this.mask ^ perm;
+	}
+
+	hasAny(perms: PermissionType[]): boolean {
+		return perms.some((p) => (this.mask & p) !== 0);
+	}
+
+	hasAll(perms: PermissionType[]): boolean {
+		return perms.every((p) => (this.mask & p) !== 0);
+	}
+}
+
+export { PermissionMask };
diff --git a/apps/web/src/lib/utils/shared/string.ts b/apps/web/src/lib/utils/shared/string.ts
new file mode 100644
index 00000000..762bf0b5
--- /dev/null
+++ b/apps/web/src/lib/utils/shared/string.ts
@@ -0,0 +1,12 @@
+export function titleCase(str: string): string {
+	if (!str) {
+		return "";
+	}
+	return str
+		.toLowerCase()
+		.split(" ")
+		.map(function (word) {
+			return word.charAt(0).toUpperCase() + word.substr(1);
+		})
+		.join(" ");
+}
diff --git a/apps/web/src/validators/event.ts b/apps/web/src/validators/event.ts
index 00827bcb..fa1687b7 100644
--- a/apps/web/src/validators/event.ts
+++ b/apps/web/src/validators/event.ts
@@ -16,4 +16,6 @@ export const newEventFormSchema = createInsertSchema(events, {
 	path: ["startTime"],
 });
 
+export const editEventFormSchema = newEventFormSchema;
+
 export const eventDataTableValidator = createSelectSchema(events);
diff --git a/packages/config/hackkit.config.ts b/packages/config/hackkit.config.ts
index daf34ec2..85631614 100644
--- a/packages/config/hackkit.config.ts
+++ b/packages/config/hackkit.config.ts
@@ -912,6 +912,7 @@ const c = {
 			Overview: "/admin",
 			Users: "/admin/users",
 			Events: "/admin/events",
+			Roles: "/admin/roles",
 			"Hackathon Check-in": "/admin/check-in",
 		},
 	},
@@ -988,14 +989,14 @@ const staticUploads = {
 
 // Its important that this is kept in sync with the database schema.
 
-const perms = [
-	"hacker",
-	"volunteer",
-	"mentor",
-	"mlh",
-	"admin",
-	"super_admin",
-] as const;
+// const perms = [
+// 	"hacker",
+// 	"volunteer",
+// 	"mentor",
+// 	"mlh",
+// 	"admin",
+// 	"super_admin",
+// ] as const;
 
 const discordInviteStatus = ["pending", "accepted", "declined"] as const;
 
@@ -1023,7 +1024,6 @@ const publicRoutes = [
 export default c;
 export {
 	defaultTheme,
-	perms,
 	discordInviteStatus,
 	ticketStatus,
 	discordVerificationStatus,
diff --git a/packages/db/drizzle/0002_slimy_talos.sql b/packages/db/drizzle/0002_slimy_talos.sql
new file mode 100644
index 00000000..8849d570
--- /dev/null
+++ b/packages/db/drizzle/0002_slimy_talos.sql
@@ -0,0 +1,46 @@
+CREATE TABLE `roles` (
+	`id` integer PRIMARY KEY NOT NULL,
+	`name` text(50) NOT NULL,
+	`position` integer NOT NULL,
+	`permissions` integer NOT NULL,
+	`color` text(7)
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `roles_name_unique` ON `roles` (`name`);--> statement-breakpoint
+PRAGMA foreign_keys=OFF;--> statement-breakpoint
+CREATE TABLE `__new_user_common_data` (
+	`clerk_id` text(255) PRIMARY KEY NOT NULL,
+	`first_name` text(50) NOT NULL,
+	`last_name` text(50) NOT NULL,
+	`email` text(255) NOT NULL,
+	`hacker_tag` text(50) NOT NULL,
+	`age` integer NOT NULL,
+	`gender` text(50) NOT NULL,
+	`race` text(75) NOT NULL,
+	`ethnicity` text(50) NOT NULL,
+	`shirt_size` text(5) NOT NULL,
+	`diet_restrictions` text DEFAULT '[]' NOT NULL,
+	`accommodation_note` text,
+	`discord` text(60),
+	`pronouns` text(20) NOT NULL,
+	`bio` text NOT NULL,
+	`skills` text DEFAULT '[]' NOT NULL,
+	`profile_photo` text(255) NOT NULL,
+	`phone_number` text(30) NOT NULL,
+	`country_of_residence` text(3) NOT NULL,
+	`is_fully_registered` integer DEFAULT false NOT NULL,
+	`signup_time` integer DEFAULT (current_timestamp) NOT NULL,
+	`is_searchable` integer DEFAULT true NOT NULL,
+	`role_id` integer NOT NULL,
+	`checkin_timestamp` integer,
+	`is_rsvped` integer DEFAULT false NOT NULL,
+	`is_approved` integer DEFAULT false NOT NULL,
+	FOREIGN KEY (`role_id`) REFERENCES `roles`(`id`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+INSERT INTO `__new_user_common_data`("clerk_id", "first_name", "last_name", "email", "hacker_tag", "age", "gender", "race", "ethnicity", "shirt_size", "diet_restrictions", "accommodation_note", "discord", "pronouns", "bio", "skills", "profile_photo", "phone_number", "country_of_residence", "is_fully_registered", "signup_time", "is_searchable", "role_id", "checkin_timestamp", "is_rsvped", "is_approved") SELECT "clerk_id", "first_name", "last_name", "email", "hacker_tag", "age", "gender", "race", "ethnicity", "shirt_size", "diet_restrictions", "accommodation_note", "discord", "pronouns", "bio", "skills", "profile_photo", "phone_number", "country_of_residence", "is_fully_registered", "signup_time", "is_searchable", "role_id", "checkin_timestamp", "is_rsvped", "is_approved" FROM `user_common_data`;--> statement-breakpoint
+DROP TABLE `user_common_data`;--> statement-breakpoint
+ALTER TABLE `__new_user_common_data` RENAME TO `user_common_data`;--> statement-breakpoint
+PRAGMA foreign_keys=ON;--> statement-breakpoint
+CREATE UNIQUE INDEX `user_common_data_email_unique` ON `user_common_data` (`email`);--> statement-breakpoint
+CREATE UNIQUE INDEX `user_common_data_hacker_tag_unique` ON `user_common_data` (`hacker_tag`);
\ No newline at end of file
diff --git a/packages/db/drizzle/meta/0002_snapshot.json b/packages/db/drizzle/meta/0002_snapshot.json
new file mode 100644
index 00000000..cfccd3df
--- /dev/null
+++ b/packages/db/drizzle/meta/0002_snapshot.json
@@ -0,0 +1,1093 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "ac2c99f0-61d0-47e5-84d4-b9b178dbcc25",
+  "prevId": "8d3401ea-653e-49d5-a664-790d98e2bab6",
+  "tables": {
+    "banned_users": {
+      "name": "banned_users",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "reason": {
+          "name": "reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "banned_by_id": {
+          "name": "banned_by_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "banned_users_user_id_user_common_data_clerk_id_fk": {
+          "name": "banned_users_user_id_user_common_data_clerk_id_fk",
+          "tableFrom": "banned_users",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "banned_users_banned_by_id_user_common_data_clerk_id_fk": {
+          "name": "banned_users_banned_by_id_user_common_data_clerk_id_fk",
+          "tableFrom": "banned_users",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "banned_by_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "chat_messages": {
+      "name": "chat_messages",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "message": {
+          "name": "message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "author_id": {
+          "name": "author_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "chats": {
+      "name": "chats",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "ticket_id": {
+          "name": "ticket_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "author": {
+          "name": "author",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "chats_ticket_id_tickets_id_fk": {
+          "name": "chats_ticket_id_tickets_id_fk",
+          "tableFrom": "chats",
+          "tableTo": "tickets",
+          "columnsFrom": [
+            "ticket_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "chats_to_users": {
+      "name": "chats_to_users",
+      "columns": {
+        "chat_id": {
+          "name": "chat_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "chats_to_users_chat_id_chats_id_fk": {
+          "name": "chats_to_users_chat_id_chats_id_fk",
+          "tableFrom": "chats_to_users",
+          "tableTo": "chats",
+          "columnsFrom": [
+            "chat_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        },
+        "chats_to_users_user_id_user_common_data_clerk_id_fk": {
+          "name": "chats_to_users_user_id_user_common_data_clerk_id_fk",
+          "tableFrom": "chats_to_users",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "chats_to_users_user_id_chat_id_pk": {
+          "columns": [
+            "user_id",
+            "chat_id"
+          ],
+          "name": "chats_to_users_user_id_chat_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "discord_verification": {
+      "name": "discord_verification",
+      "columns": {
+        "code": {
+          "name": "code",
+          "type": "text(255)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "clerk_id": {
+          "name": "clerk_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "discord_user_id": {
+          "name": "discord_user_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "discord_user_tag": {
+          "name": "discord_user_tag",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "discord_profile_photo": {
+          "name": "discord_profile_photo",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "discord_name": {
+          "name": "discord_name",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'pending'"
+        },
+        "guild": {
+          "name": "guild",
+          "type": "text(100)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "error_log": {
+      "name": "error_log",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text(50)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "route": {
+          "name": "route",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "message": {
+          "name": "message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "events": {
+      "name": "events",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "start_time": {
+          "name": "start_time",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "end_time": {
+          "name": "end_time",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "location": {
+          "name": "location",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'TBD'"
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "host": {
+          "name": "host",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "hidden": {
+          "name": "hidden",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "files": {
+      "name": "files",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text(255)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "presigned_url": {
+          "name": "presigned_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key": {
+          "name": "key",
+          "type": "text(500)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "validated": {
+          "name": "validated",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "owner_id": {
+          "name": "owner_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "files_id_unique": {
+          "name": "files_id_unique",
+          "columns": [
+            "id"
+          ],
+          "isUnique": true
+        },
+        "files_key_unique": {
+          "name": "files_key_unique",
+          "columns": [
+            "key"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "roles": {
+      "name": "roles",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "position": {
+          "name": "position",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "permissions": {
+          "name": "permissions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "color": {
+          "name": "color",
+          "type": "text(7)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "roles_name_unique": {
+          "name": "roles_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "scans": {
+      "name": "scans",
+      "columns": {
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "event_id": {
+          "name": "event_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "count": {
+          "name": "count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {
+        "scans_user_id_event_id_pk": {
+          "columns": [
+            "user_id",
+            "event_id"
+          ],
+          "name": "scans_user_id_event_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "tickets": {
+      "name": "tickets",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "title": {
+          "name": "title",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'awaiting'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "tickets_to_users": {
+      "name": "tickets_to_users",
+      "columns": {
+        "ticket_id": {
+          "name": "ticket_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "tickets_to_users_ticket_id_tickets_id_fk": {
+          "name": "tickets_to_users_ticket_id_tickets_id_fk",
+          "tableFrom": "tickets_to_users",
+          "tableTo": "tickets",
+          "columnsFrom": [
+            "ticket_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        },
+        "tickets_to_users_user_id_user_common_data_clerk_id_fk": {
+          "name": "tickets_to_users_user_id_user_common_data_clerk_id_fk",
+          "tableFrom": "tickets_to_users",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "tickets_to_users_user_id_ticket_id_pk": {
+          "columns": [
+            "user_id",
+            "ticket_id"
+          ],
+          "name": "tickets_to_users_user_id_ticket_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "user_common_data": {
+      "name": "user_common_data",
+      "columns": {
+        "clerk_id": {
+          "name": "clerk_id",
+          "type": "text(255)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "first_name": {
+          "name": "first_name",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "last_name": {
+          "name": "last_name",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "email": {
+          "name": "email",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "hacker_tag": {
+          "name": "hacker_tag",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "age": {
+          "name": "age",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "gender": {
+          "name": "gender",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "race": {
+          "name": "race",
+          "type": "text(75)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "ethnicity": {
+          "name": "ethnicity",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "shirt_size": {
+          "name": "shirt_size",
+          "type": "text(5)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "diet_restrictions": {
+          "name": "diet_restrictions",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "accommodation_note": {
+          "name": "accommodation_note",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "discord": {
+          "name": "discord",
+          "type": "text(60)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "pronouns": {
+          "name": "pronouns",
+          "type": "text(20)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "bio": {
+          "name": "bio",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "skills": {
+          "name": "skills",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "profile_photo": {
+          "name": "profile_photo",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "phone_number": {
+          "name": "phone_number",
+          "type": "text(30)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "country_of_residence": {
+          "name": "country_of_residence",
+          "type": "text(3)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "is_fully_registered": {
+          "name": "is_fully_registered",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "signup_time": {
+          "name": "signup_time",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "is_searchable": {
+          "name": "is_searchable",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "role_id": {
+          "name": "role_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "checkin_timestamp": {
+          "name": "checkin_timestamp",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "is_rsvped": {
+          "name": "is_rsvped",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "is_approved": {
+          "name": "is_approved",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        }
+      },
+      "indexes": {
+        "user_common_data_email_unique": {
+          "name": "user_common_data_email_unique",
+          "columns": [
+            "email"
+          ],
+          "isUnique": true
+        },
+        "user_common_data_hacker_tag_unique": {
+          "name": "user_common_data_hacker_tag_unique",
+          "columns": [
+            "hacker_tag"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "user_common_data_role_id_roles_id_fk": {
+          "name": "user_common_data_role_id_roles_id_fk",
+          "tableFrom": "user_common_data",
+          "tableTo": "roles",
+          "columnsFrom": [
+            "role_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "user_hacker_data": {
+      "name": "user_hacker_data",
+      "columns": {
+        "clerk_id": {
+          "name": "clerk_id",
+          "type": "text(255)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "university": {
+          "name": "university",
+          "type": "text(200)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "major": {
+          "name": "major",
+          "type": "text(200)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "school_id": {
+          "name": "school_id",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "level_of_study": {
+          "name": "level_of_study",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "hackathons_attended": {
+          "name": "hackathons_attended",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "software_experience": {
+          "name": "software_experience",
+          "type": "text(25)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "heard_from": {
+          "name": "heard_from",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "github": {
+          "name": "github",
+          "type": "text(100)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "linkedin": {
+          "name": "linkedin",
+          "type": "text(100)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "personal_website": {
+          "name": "personal_website",
+          "type": "text(100)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "resume": {
+          "name": "resume",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'https://static.acmutsa.org/No%20Resume%20Provided.pdf'"
+        },
+        "group": {
+          "name": "group",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_accepted_mlh_coc": {
+          "name": "has_accepted_mlh_coc",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_shared_data_with_mlh": {
+          "name": "has_shared_data_with_mlh",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "is_emailable": {
+          "name": "is_emailable",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "user_hacker_data_clerk_id_user_common_data_clerk_id_fk": {
+          "name": "user_hacker_data_clerk_id_user_common_data_clerk_id_fk",
+          "tableFrom": "user_hacker_data",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "clerk_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {
+      "\"user_common_data\".\"role\"": "\"user_common_data\".\"role_id\""
+    }
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/packages/db/drizzle/meta/_journal.json b/packages/db/drizzle/meta/_journal.json
index 2b20f80a..c9d98403 100644
--- a/packages/db/drizzle/meta/_journal.json
+++ b/packages/db/drizzle/meta/_journal.json
@@ -15,6 +15,13 @@
       "when": 1759264799447,
       "tag": "0001_smooth_squadron_supreme",
       "breakpoints": true
+    },
+    {
+      "idx": 2,
+      "version": "6",
+      "when": 1760146195966,
+      "tag": "0002_slimy_talos",
+      "breakpoints": true
     }
   ]
 }
\ No newline at end of file
diff --git a/packages/db/functions/hacker.ts b/packages/db/functions/hacker.ts
index f32623e7..d1022455 100644
--- a/packages/db/functions/hacker.ts
+++ b/packages/db/functions/hacker.ts
@@ -34,13 +34,13 @@ export function getAllHackers(): Promise<Hacker[] | undefined> {
 export function getHacker(
 	clerkID: string,
 	//withTeam: boolean,
-): Promise<Hacker | undefined> {
+) {
 	// return withTeam
 	// 	? _getHackerByIDWithTeam.execute({ _clerkID: clerkID })
 	// 	: _getHackerByIDAlone.execute({ _clerkID: clerkID });
 	return db.query.userCommonData.findFirst({
 		where: eq(userCommonData.clerkID, clerkID),
-		with: { hackerData: true },
+		with: { hackerData: true, role: true },
 	});
 }
 
@@ -63,12 +63,12 @@ export function getHacker(
 export function getHackerByTag(
 	hackerTag: string,
 	//withTeam: boolean,
-): Promise<Hacker | undefined> {
+) {
 	// return withTeam
 	// 	? _getHackerByTagWithTeam.execute({ _hackerTag: hackerTag })
 	// 	: _getHackerByTagAlone.execute({ _hackerTag: hackerTag });
 	return db.query.userCommonData.findFirst({
 		where: eq(userCommonData.hackerTag, hackerTag),
-		with: { hackerData: true },
+		with: { hackerData: true, role: true },
 	});
 }
diff --git a/packages/db/functions/user.ts b/packages/db/functions/user.ts
index 068d397e..461a5b14 100644
--- a/packages/db/functions/user.ts
+++ b/packages/db/functions/user.ts
@@ -1,18 +1,24 @@
-import { db, eq } from "..";
-import { userCommonData, userHackerData } from "../schema";
+import { SQLiteRelationalQuery } from "drizzle-orm/sqlite-core/query-builders/query";
+import { db, eq, InferSelectModel } from "..";
+import { roles, userCommonData, userHackerData } from "../schema";
 import { HackerData, User } from "../types";
 
 // const _getAllUsers = db.query.userCommonData.findMany().prepare("getAllUsers");
 
 export function getAllUsers() {
 	// return _getAllUsers.execute();
-	return db.query.userCommonData.findMany();
+	return db.query.userCommonData.findMany({
+		with: {
+			role: true,
+		},
+	});
 }
 
 export async function getAllUsersWithHackerData() {
 	return db.query.userCommonData.findMany({
 		with: {
 			hackerData: true,
+			role: true,
 		},
 	});
 }
@@ -25,10 +31,13 @@ export async function getAllUsersWithHackerData() {
 // 	})
 // 	.prepare("getUser");
 
-export function getUser(clerkID: string): Promise<User | undefined> {
+export function getUser(clerkID: string) {
 	// return _getUser.execute({ _clerkID: clerkID });
 	return db.query.userCommonData.findFirst({
-		where: eq(userCommonData.clerkID, clerkID),
+		where: (fields, { eq }) => eq(fields.clerkID, clerkID),
+		with: {
+			role: true,
+		},
 	});
 }
 
diff --git a/packages/db/schema.ts b/packages/db/schema.ts
index 7542ae75..d45b5616 100644
--- a/packages/db/schema.ts
+++ b/packages/db/schema.ts
@@ -19,7 +19,6 @@ import {
 import { relations, sql } from "drizzle-orm";
 import { nanoid } from "nanoid";
 import {
-	perms,
 	discordInviteStatus,
 	ticketStatus,
 	discordVerificationStatus,
@@ -34,19 +33,6 @@ export const uuid = customType<{ data: string; notNull: true; default: true }>({
 	},
 });
 
-export const rolesEnum = customType<{
-	data: (typeof perms)[number];
-	notNull: true;
-	default: true;
-}>({
-	dataType() {
-		return "text";
-	},
-	toDriver(value) {
-		return value;
-	},
-});
-
 export const fileTypesEnum = customType<{
 	data: "resume" | "profilePhoto";
 	notNull: true;
@@ -148,7 +134,9 @@ export const userCommonData = sqliteTable("user_common_data", {
 	isSearchable: integer("is_searchable", { mode: "boolean" })
 		.notNull()
 		.default(true),
-	role: rolesEnum("role").notNull().default("hacker"),
+	role_id: integer("role_id")
+		.notNull()
+		.references(() => roles.id),
 	checkinTimestamp: integer("checkin_timestamp", { mode: "timestamp_ms" }),
 	isRSVPed: integer("is_rsvped", { mode: "boolean" })
 		.notNull()
@@ -158,6 +146,18 @@ export const userCommonData = sqliteTable("user_common_data", {
 		.default(false),
 });
 
+export const roles = sqliteTable("roles", {
+	id: integer("id").primaryKey(),
+	name: text("name", { length: 50 }).notNull().unique(),
+	position: integer("position").notNull(), // lower value = higher role (0 = highest)
+	permissions: integer("permissions", { mode: "number" }).notNull(), // 32-bit mask
+	color: text("color", { length: 7 }), // e.g. #RRGGBB
+});
+
+export const rolesRelations = relations(roles, ({ many }) => ({
+	users: many(userCommonData),
+}));
+
 export const userCommonRelations = relations(
 	userCommonData,
 	({ one, many }) => ({
@@ -178,6 +178,10 @@ export const userCommonRelations = relations(
 			fields: [userCommonData.clerkID],
 			references: [bannedUsers.userID],
 		}),
+		role: one(roles, {
+			fields: [userCommonData.role_id],
+			references: [roles.id],
+		}),
 	}),
 );
 
diff --git a/packages/db/types.ts b/packages/db/types.ts
index ec18ed24..8c0022b7 100644
--- a/packages/db/types.ts
+++ b/packages/db/types.ts
@@ -1,14 +1,17 @@
 import { InferSelectModel } from "drizzle-orm";
 //add "teams" to import in order to implement teams(removed for V1 release)
-import { userCommonData, userHackerData, scans, events } from "./schema";
+import { userCommonData, userHackerData, scans, events, roles } from "./schema";
 
 export interface Scan extends InferSelectModel<typeof scans> {}
 export interface User extends InferSelectModel<typeof userCommonData> {}
+export type UserWithRole = InferSelectModel<typeof userCommonData> & {
+	role?: InferSelectModel<typeof roles>;
+};
 export interface HackerData extends InferSelectModel<typeof userHackerData> {}
 //export interface Team extends InferSelectModel<typeof teams> {}
 export interface Event extends InferSelectModel<typeof events> {}
 
-export interface Hacker extends User {
+export interface Hacker extends UserWithRole {
 	hackerData: typeof userHackerData.$inferSelect & {};
 }
 export interface NoticeOrError {

From d936234780125fb1d263689d33fc05367034caf7 Mon Sep 17 00:00:00 2001
From: Rufat <rufat.niftaliyev2007@gmail.com>
Date: Fri, 31 Oct 2025 19:43:04 -0500
Subject: [PATCH 04/10] removed unused imports, incorrect spellings fixed

---
 apps/web/src/actions/admin/user-actions.ts    |   1 -
 apps/web/src/app/admin/roles/page.tsx         |   6 +-
 apps/web/src/app/admin/users/[slug]/page.tsx  |   2 +-
 .../src/components/admin/roles/RoleCard.tsx   |  12 --
 .../components/admin/users/BanUserDialog.tsx  |   2 +-
 .../admin/users/RemoveUserBanDialog.tsx       |   4 +-
 .../emails/RegistrationSuccessEmail.tsx       | 114 ------------------
 packages/db/functions/user.ts                 |   5 +-
 8 files changed, 11 insertions(+), 135 deletions(-)
 delete mode 100644 apps/web/src/components/emails/RegistrationSuccessEmail.tsx

diff --git a/apps/web/src/actions/admin/user-actions.ts b/apps/web/src/actions/admin/user-actions.ts
index a4ca340b..2b214375 100644
--- a/apps/web/src/actions/admin/user-actions.ts
+++ b/apps/web/src/actions/admin/user-actions.ts
@@ -3,7 +3,6 @@
 import { adminAction } from "@/lib/safe-action";
 import { returnValidationErrors } from "next-safe-action";
 import { z } from "zod";
-import { perms } from "config";
 import { userCommonData, bannedUsers, roles } from "db/schema";
 import { db } from "db";
 import { eq } from "db/drizzle";
diff --git a/apps/web/src/app/admin/roles/page.tsx b/apps/web/src/app/admin/roles/page.tsx
index 56ec08d9..f5bcc550 100644
--- a/apps/web/src/app/admin/roles/page.tsx
+++ b/apps/web/src/app/admin/roles/page.tsx
@@ -17,7 +17,11 @@ export default async function Page() {
 	return (
 		<div className="mx-auto max-w-7xl px-5 pt-40">
 			<h1 className="mb-4 text-2xl font-bold">Roles</h1>
-			<Suspense fallback={<div className="text-center py-8">Loading roles...</div>}>
+			<Suspense
+				fallback={
+					<div className="py-8 text-center">Loading roles...</div>
+				}
+			>
 				<RolesManager roles={resRoles} currentUser={user} />
 			</Suspense>
 		</div>
diff --git a/apps/web/src/app/admin/users/[slug]/page.tsx b/apps/web/src/app/admin/users/[slug]/page.tsx
index fd9539d7..e8a4f24b 100644
--- a/apps/web/src/app/admin/users/[slug]/page.tsx
+++ b/apps/web/src/app/admin/users/[slug]/page.tsx
@@ -41,7 +41,7 @@ export default async function Page({ params }: { params: { slug: string } }) {
 			{!!banInstance && (
 				<div className="absolute left-0 top-28 w-screen bg-destructive p-2 text-center">
 					<strong>
-						This user has been suspended, reason for suspenssion:{" "}
+						This user has been suspended, reason for suspension:{" "}
 					</strong>
 					{banInstance.reason}
 				</div>
diff --git a/apps/web/src/components/admin/roles/RoleCard.tsx b/apps/web/src/components/admin/roles/RoleCard.tsx
index e332caea..6c07232e 100644
--- a/apps/web/src/components/admin/roles/RoleCard.tsx
+++ b/apps/web/src/components/admin/roles/RoleCard.tsx
@@ -65,18 +65,6 @@ export default function RoleCard({
 		}
 	})();
 
-	// Whether current user may delete this role (they must have DELETE_ROLES and higher position)
-	const canDeleteRole = (() => {
-		try {
-			return (
-				userHasPermission(currentUser, PermissionType.DELETE_ROLES) &&
-				compareUserPosition(currentUser, role.position, "higher")
-			);
-		} catch (e) {
-			return false;
-		}
-	})();
-
 	// user cannot toggle individual permission bits they don't personally have
 	function canTogglePermission(perm: PermissionType) {
 		return userHasPermission(currentUser, perm) && canEditRole;
diff --git a/apps/web/src/components/admin/users/BanUserDialog.tsx b/apps/web/src/components/admin/users/BanUserDialog.tsx
index bf986f98..1e0204dd 100644
--- a/apps/web/src/components/admin/users/BanUserDialog.tsx
+++ b/apps/web/src/components/admin/users/BanUserDialog.tsx
@@ -45,7 +45,7 @@ export default function BanUserDialog({ userID, name }: BanUserDialogProps) {
 				<DialogHeader>
 					<DialogTitle>Ban {name}.</DialogTitle>
 					<DialogDescription>
-						Ban this user (not permament action).
+						Ban this user (not permanent action).
 					</DialogDescription>
 				</DialogHeader>
 				<div className="grid gap-4 py-4">
diff --git a/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx b/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx
index 5b8778fd..a592e88d 100644
--- a/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx
+++ b/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx
@@ -26,11 +26,11 @@ export default function RemoveUserBanDialog({
 	const { execute } = useAction(removeUserBan, {
 		async onSuccess() {
 			toast.dismiss();
-			toast.success("Suspension successfuly removed!");
+			toast.success("Suspension successfully removed!");
 		},
 		async onError(e) {
 			toast.dismiss();
-			toast.error("An error occurred while removing suspenssion.");
+			toast.error("An error occurred while removing suspension.");
 			console.error(e);
 		},
 	});
diff --git a/apps/web/src/components/emails/RegistrationSuccessEmail.tsx b/apps/web/src/components/emails/RegistrationSuccessEmail.tsx
deleted file mode 100644
index 14e628e5..00000000
--- a/apps/web/src/components/emails/RegistrationSuccessEmail.tsx
+++ /dev/null
@@ -1,114 +0,0 @@
-import {
-	Body,
-	Button,
-	Container,
-	Column,
-	Head,
-	Heading,
-	Hr,
-	Html,
-	Img,
-	Link,
-	Preview,
-	Row,
-	Section,
-	Tailwind,
-	Text,
-} from "@react-email/components";
-import type { DefaultEmailTemplateProps } from "@/lib/utils/server/types";
-import c from "config";
-
-interface RegistrationSuccessProps extends DefaultEmailTemplateProps {}
-
-const baseUrl = process.env.VERCEL_URL
-	? `https://${process.env.VERCEL_URL}`
-	: "";
-
-export default function RegistrationSuccessEmail({
-	firstName,
-}: RegistrationSuccessProps) {
-	return (
-		<div>
-			<Tailwind>
-				<Body className="mx-auto my-auto bg-white font-sans">
-					<Container className="mx-auto my-[40px] w-[465px] rounded border border-solid border-[#eaeaea] p-[20px]">
-						<Section className="mt-[32px]">
-							<Img
-								src={`${baseUrl}${c.icon.md}`}
-								width="40"
-								height="37"
-								alt={`${c.hackathonName} logo`}
-								className="mx-auto my-0"
-							/>
-						</Section>
-						<Heading className="mx-0 my-[30px] p-0 text-center text-[24px] font-normal text-black">
-							You are now registered for {c.hackathonName} $
-							{c.itteration}!
-						</Heading>
-						<Text className="text-[14px] leading-[24px] text-black">
-							Hello {firstName},
-						</Text>
-						{/* <Text className="text-black text-[14px] leading-[24px]">
-              <strong>bukinoshita</strong> (
-              <Link
-                href={`mailto:${invitedByEmail}`}
-                className="text-blue-600 no-underline"
-              >
-                {invitedByEmail}
-              </Link>
-              ) has invited you to the <strong>{teamName}</strong> team on{' '}
-              <strong>Vercel</strong>.
-            </Text>
-            <Section>
-              <Row>
-                <Column align="right">
-                  <Img className="rounded-full" src={userImage} width="64" height="64" />
-                </Column>
-                <Column align="center">
-                  <Img
-                    src={`${baseUrl}/static/vercel-arrow.png`}
-                    width="12"
-                    height="9"
-                    alt="invited you to"
-                  />
-                </Column>
-                <Column align="left">
-                  <Img className="rounded-full" src={teamImage} width="64" height="64" />
-                </Column>
-              </Row>
-            </Section>
-            <Section className="text-center mt-[32px] mb-[32px]">
-              <Button
-                pX={20}
-                pY={12}
-                className="bg-[#000000] rounded text-white text-[12px] font-semibold no-underline text-center"
-                href={inviteLink}
-              >
-                Join the team
-              </Button>
-            </Section>
-            <Text className="text-black text-[14px] leading-[24px]">
-              or copy and paste this URL into your browser:{' '}
-              <Link
-                href={inviteLink}
-                className="text-blue-600 no-underline"
-              >
-                {inviteLink}
-              </Link>
-            </Text>
-            <Hr className="border border-solid border-[#eaeaea] my-[26px] mx-0 w-full" />
-            <Text className="text-[#666666] text-[12px] leading-[24px]">
-              This invitation was intended for{' '}
-              <span className="text-black">{username} </span>.This invite was sent from{' '}
-              <span className="text-black">{inviteFromIp}</span> located in{' '}
-              <span className="text-black">{inviteFromLocation}</span>. If you were not
-              expecting this invitation, you can ignore this email. If you are
-              concerned about your account's safety, please reply to this email to
-              get in touch with us.
-            </Text> */}
-					</Container>
-				</Body>
-			</Tailwind>
-		</div>
-	);
-}
diff --git a/packages/db/functions/user.ts b/packages/db/functions/user.ts
index 461a5b14..60575a90 100644
--- a/packages/db/functions/user.ts
+++ b/packages/db/functions/user.ts
@@ -1,6 +1,5 @@
-import { SQLiteRelationalQuery } from "drizzle-orm/sqlite-core/query-builders/query";
-import { db, eq, InferSelectModel } from "..";
-import { roles, userCommonData, userHackerData } from "../schema";
+import { db, eq } from "..";
+import { userCommonData, userHackerData } from "../schema";
 import { HackerData, User } from "../types";
 
 // const _getAllUsers = db.query.userCommonData.findMany().prepare("getAllUsers");

From b0bdd64adcf016bbab7e22dc44add30ac80d92d0 Mon Sep 17 00:00:00 2001
From: Rufat <rufat.niftaliyev2007@gmail.com>
Date: Mon, 3 Nov 2025 16:01:22 -0600
Subject: [PATCH 05/10] Some Errors fixed, and final touch

---
 apps/web/src/actions/admin/modify-nav-item.ts | 59 ++++++++++++++-----
 .../src/actions/admin/registration-actions.ts | 26 ++++++++
 apps/web/src/actions/registration.ts          |  3 +-
 apps/web/src/app/admin/events/new/page.tsx    |  2 +-
 apps/web/src/app/admin/layout.tsx             |  5 ++
 apps/web/src/app/admin/page.tsx               |  3 -
 apps/web/src/app/admin/toggles/layout.tsx     | 25 ++++++--
 .../app/admin/toggles/registration/page.tsx   |  9 +++
 apps/web/src/app/api/admin/export/route.ts    | 10 +++-
 .../components/admin/users/UserColumns.tsx    | 28 +++------
 apps/web/src/lib/constants/permission.ts      |  3 +
 .../web/src/validators/shared/registration.ts |  4 +-
 packages/config/hackkit.config.ts             |  4 ++
 packages/db/seed.ts                           | 18 ++++++
 14 files changed, 149 insertions(+), 50 deletions(-)
 create mode 100644 packages/db/seed.ts

diff --git a/apps/web/src/actions/admin/modify-nav-item.ts b/apps/web/src/actions/admin/modify-nav-item.ts
index 11c575b7..35407525 100644
--- a/apps/web/src/actions/admin/modify-nav-item.ts
+++ b/apps/web/src/actions/admin/modify-nav-item.ts
@@ -6,6 +6,8 @@ import { redisSAdd, redisHSet, removeNavItem } from "@/lib/utils/server/redis";
 import { revalidatePath } from "next/cache";
 
 import { Redis } from "@upstash/redis";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
 
 const redis = Redis.fromEnv();
 
@@ -25,6 +27,12 @@ const navAdminPage = "/admin/toggles/landing";
 export const setItem = adminAction
 	.schema(metadataSchema)
 	.action(async ({ parsedInput: { name, url }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)) {
+			throw new Error(
+				"You do not have permission to manage navigation links.",
+			);
+		}
+
 		await redisSAdd("config:navitemslist", encodeURIComponent(name));
 		await redisHSet(`config:navitems:${encodeURIComponent(name)}`, {
 			url,
@@ -37,29 +45,45 @@ export const setItem = adminAction
 
 export const editItem = adminAction
 	.schema(editMetadataSchema)
-	.action(async ({ parsedInput: { name, url, existingName } }) => {
-		const pipe = redis.pipeline();
+	.action(
+		async ({ parsedInput: { name, url, existingName }, ctx: { user } }) => {
+			if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)) {
+				throw new Error(
+					"You do not have permission to manage navigation links.",
+				);
+			}
 
-		if (existingName != name) {
-			pipe.srem("config:navitemslist", encodeURIComponent(existingName));
-		}
+			const pipe = redis.pipeline();
 
-		pipe.sadd("config:navitemslist", encodeURIComponent(name));
-		pipe.hset(`config:navitems:${encodeURIComponent(name)}`, {
-			url,
-			name,
-			enabled: true,
-		});
+			if (existingName != name) {
+				pipe.srem(
+					"config:navitemslist",
+					encodeURIComponent(existingName),
+				);
+			}
 
-		await pipe.exec();
+			pipe.sadd("config:navitemslist", encodeURIComponent(name));
+			pipe.hset(`config:navitems:${encodeURIComponent(name)}`, {
+				url,
+				name,
+				enabled: true,
+			});
 
-		revalidatePath(navAdminPage);
-		return { success: true };
-	});
+			await pipe.exec();
+
+			revalidatePath(navAdminPage);
+			return { success: true };
+		},
+	);
 
 export const removeItem = adminAction
 	.schema(z.string())
 	.action(async ({ parsedInput: name, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)) {
+			throw new Error(
+				"You do not have permission to manage navigation links.",
+			);
+		}
 		await removeNavItem(name);
 		// await new Promise((resolve) => setTimeout(resolve, 1500));
 		revalidatePath(navAdminPage);
@@ -73,6 +97,11 @@ export const toggleItem = adminAction
 			parsedInput: { name, statusToSet },
 			ctx: { user, userId },
 		}) => {
+			if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)) {
+				throw new Error(
+					"You do not have permission to manage navigation links.",
+				);
+			}
 			await redisHSet(`config:navitems:${encodeURIComponent(name)}`, {
 				enabled: statusToSet,
 			});
diff --git a/apps/web/src/actions/admin/registration-actions.ts b/apps/web/src/actions/admin/registration-actions.ts
index 9ad5c027..e62d70d4 100644
--- a/apps/web/src/actions/admin/registration-actions.ts
+++ b/apps/web/src/actions/admin/registration-actions.ts
@@ -4,6 +4,8 @@ import { z } from "zod";
 import { adminAction } from "@/lib/safe-action";
 import { redisSet } from "@/lib/utils/server/redis";
 import { revalidatePath } from "next/cache";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
 
 const defaultRegistrationToggleSchema = z.object({
 	enabled: z.boolean(),
@@ -16,6 +18,12 @@ const defaultRSVPLimitSchema = z.object({
 export const toggleRegistrationEnabled = adminAction
 	.schema(defaultRegistrationToggleSchema)
 	.action(async ({ parsedInput: { enabled }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION)) {
+			throw new Error(
+				"You do not have permission to manage registration settings.",
+			);
+		}
+
 		await redisSet("config:registration:registrationEnabled", enabled);
 		revalidatePath("/admin/toggles/registration");
 		return { success: true, statusSet: enabled };
@@ -24,6 +32,12 @@ export const toggleRegistrationEnabled = adminAction
 export const toggleRegistrationMessageEnabled = adminAction
 	.schema(defaultRegistrationToggleSchema)
 	.action(async ({ parsedInput: { enabled }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION)) {
+			throw new Error(
+				"You do not have permission to manage registration settings.",
+			);
+		}
+
 		await redisSet(
 			"config:registration:registrationMessageEnabled",
 			enabled,
@@ -35,6 +49,12 @@ export const toggleRegistrationMessageEnabled = adminAction
 export const toggleRSVPs = adminAction
 	.schema(defaultRegistrationToggleSchema)
 	.action(async ({ parsedInput: { enabled }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION)) {
+			throw new Error(
+				"You do not have permission to manage registration settings.",
+			);
+		}
+
 		await redisSet("config:registration:allowRSVPs", enabled);
 		revalidatePath("/admin/toggles/registration");
 		return { success: true, statusSet: enabled };
@@ -43,6 +63,12 @@ export const toggleRSVPs = adminAction
 export const setRSVPLimit = adminAction
 	.schema(defaultRSVPLimitSchema)
 	.action(async ({ parsedInput: { rsvpLimit }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION)) {
+			throw new Error(
+				"You do not have permission to manage registration settings.",
+			);
+		}
+
 		await redisSet("config:registration:maxRSVPs", rsvpLimit);
 		revalidatePath("/admin/toggles/registration");
 		return { success: true, statusSet: rsvpLimit };
diff --git a/apps/web/src/actions/registration.ts b/apps/web/src/actions/registration.ts
index d3928fc0..7e27f0f0 100644
--- a/apps/web/src/actions/registration.ts
+++ b/apps/web/src/actions/registration.ts
@@ -7,7 +7,7 @@ import { returnValidationErrors } from "next-safe-action";
 import { hackerRegistrationFormValidator } from "@/validators/shared/registration";
 import { userCommonData, userHackerData } from "db/schema";
 import { currentUser } from "@clerk/nextjs/server";
-import c from "config";
+import c, { defaultRoleId } from "config";
 import { DatabaseError } from "db/types";
 import {
 	UNIQUE_KEY_CONSTRAINT_VIOLATION_CODE,
@@ -60,6 +60,7 @@ export const registerHacker = authenticatedAction
 					skills: userData.skills.map((v) => v.text.toLowerCase()),
 					isFullyRegistered: true,
 					dietRestrictions: userData.dietRestrictions,
+					role_id: defaultRoleId,
 				});
 
 				await tx.insert(userHackerData).values({
diff --git a/apps/web/src/app/admin/events/new/page.tsx b/apps/web/src/app/admin/events/new/page.tsx
index 817c5a34..95ec6faa 100644
--- a/apps/web/src/app/admin/events/new/page.tsx
+++ b/apps/web/src/app/admin/events/new/page.tsx
@@ -2,7 +2,7 @@ import NewEventForm from "@/components/events/admin/NewEventForm";
 import { PermissionType } from "@/lib/constants/permission";
 import { userHasPermission } from "@/lib/utils/server/admin";
 import { getCurrentUser } from "@/lib/utils/server/user";
-import { notFound } from "next/dist/client/components/navigation";
+import { notFound } from "next/navigation";
 
 export default async function Page() {
 	const user = await getCurrentUser();
diff --git a/apps/web/src/app/admin/layout.tsx b/apps/web/src/app/admin/layout.tsx
index dc04ad24..a9f02eda 100644
--- a/apps/web/src/app/admin/layout.tsx
+++ b/apps/web/src/app/admin/layout.tsx
@@ -91,6 +91,11 @@ export default async function AdminLayout({ children }: AdminLayoutProps) {
 						!userHasPermission(user, PermissionType.VIEW_ROLES)
 					)
 						return null;
+					if (
+						name === "Toggles" &&
+						!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)
+					)
+						return null;
 					// Keep other configured admin paths visible by default
 					return <DashNavItem key={name} name={name} path={path} />;
 				})}
diff --git a/apps/web/src/app/admin/page.tsx b/apps/web/src/app/admin/page.tsx
index acc4feb8..46952290 100644
--- a/apps/web/src/app/admin/page.tsx
+++ b/apps/web/src/app/admin/page.tsx
@@ -19,9 +19,6 @@ import { getCurrentUser } from "@/lib/utils/server/user";
 export default async function Page() {
 	const adminUser = await getCurrentUser();
 
-	if (!adminUser) {
-		return notFound();
-	}
 	const allUsers = (await getAllUsers()) ?? [];
 
 	const {
diff --git a/apps/web/src/app/admin/toggles/layout.tsx b/apps/web/src/app/admin/toggles/layout.tsx
index 71e48895..db8db932 100644
--- a/apps/web/src/app/admin/toggles/layout.tsx
+++ b/apps/web/src/app/admin/toggles/layout.tsx
@@ -1,20 +1,35 @@
 import ToggleItem from "@/components/admin/toggles/ToggleItem";
+import Restricted from "@/components/Restricted";
+import { PermissionType } from "@/lib/constants/permission";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { getCurrentUser } from "@/lib/utils/server/user";
+import { notFound } from "next/navigation";
 
 interface ToggleLayoutProps {
 	children: React.ReactNode;
 }
 
-export default function Layout({ children }: ToggleLayoutProps) {
+export default async function Layout({ children }: ToggleLayoutProps) {
+	const user = await getCurrentUser();
+
+	if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS))
+		return notFound();
+
 	return (
 		<div className="mx-auto grid max-w-5xl grid-cols-5 gap-x-3 pt-44">
 			<div className="min-h-screen">
 				<ToggleItem name="Toggles" path="/admin/toggles" />
 				<ToggleItem name="Landing Page" path="/admin/toggles/landing" />
 
-				<ToggleItem
-					name="Registration & RSVP"
-					path="/admin/toggles/registration"
-				/>
+				<Restricted
+					permissions={[PermissionType.MANAGE_REGISTRATION]}
+					user={user}
+				>
+					<ToggleItem
+						name="Registration & RSVP"
+						path="/admin/toggles/registration"
+					/>
+				</Restricted>
 			</div>
 			<div className="col-span-4">{children}</div>
 		</div>
diff --git a/apps/web/src/app/admin/toggles/registration/page.tsx b/apps/web/src/app/admin/toggles/registration/page.tsx
index 626b97d7..0da223e0 100644
--- a/apps/web/src/app/admin/toggles/registration/page.tsx
+++ b/apps/web/src/app/admin/toggles/registration/page.tsx
@@ -1,7 +1,11 @@
 import { RegistrationToggles } from "@/components/admin/toggles/RegistrationSettings";
+import { PermissionType } from "@/lib/constants/permission";
+import { userHasPermission } from "@/lib/utils/server/admin";
 import { redisMGet } from "@/lib/utils/server/redis";
 import { parseRedisBoolean, parseRedisNumber } from "@/lib/utils/server/redis";
+import { getCurrentUser } from "@/lib/utils/server/user";
 import c from "config";
+import { notFound } from "next/dist/client/components/navigation";
 
 export default async function Page() {
 	const [defaultRegistrationEnabled, defaultRSVPsEnabled, defaultRSVPLimit]: (
@@ -13,6 +17,11 @@ export default async function Page() {
 		"config:registration:maxRSVPs",
 	);
 
+	const user = await getCurrentUser();
+
+	if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION))
+		return notFound();
+
 	return (
 		<div>
 			<div className="flex items-center justify-start pb-10">
diff --git a/apps/web/src/app/api/admin/export/route.ts b/apps/web/src/app/api/admin/export/route.ts
index d44f4508..ffeebcf0 100644
--- a/apps/web/src/app/api/admin/export/route.ts
+++ b/apps/web/src/app/api/admin/export/route.ts
@@ -1,3 +1,5 @@
+import { PermissionType } from "@/lib/constants/permission";
+import { isUserAdmin, userHasPermission } from "@/lib/utils/server/admin";
 import { auth } from "@clerk/nextjs/server";
 import { getAllHackers, getUser } from "db/functions";
 
@@ -36,9 +38,13 @@ export async function GET() {
 	if (!userId) return new Response("Unauthorized", { status: 401 });
 
 	const reqUserRecord = await getUser(userId);
+	if (!reqUserRecord) {
+		return new Response("Unauthorized", { status: 401 });
+	}
+
 	if (
-		!reqUserRecord ||
-		(reqUserRecord.role !== "super_admin" && reqUserRecord.role !== "admin")
+		!isUserAdmin(reqUserRecord) ||
+		!userHasPermission(reqUserRecord, PermissionType.VIEW_USERS)
 	) {
 		return new Response("Unauthorized", { status: 401 });
 	}
diff --git a/apps/web/src/components/admin/users/UserColumns.tsx b/apps/web/src/components/admin/users/UserColumns.tsx
index 63ecc115..85ff7b6f 100644
--- a/apps/web/src/components/admin/users/UserColumns.tsx
+++ b/apps/web/src/components/admin/users/UserColumns.tsx
@@ -21,21 +21,14 @@ import type { Column, Row } from "@tanstack/react-table";
 import { dataTableFuzzyFilter } from "@/lib/utils/client/shared";
 import { Badge } from "@/components/shadcn/ui/badge";
 
-const userValidator = createSelectSchema(userCommonData);
+const userValidator = createSelectSchema(userCommonData).extend({
+	role: z.object({
+		name: z.string(),
+	}),
+});
 
 // default fuzzy search and add filters by each column if possible
-export type userValidatorType = Pick<
-	z.infer<typeof userValidator>,
-	| "clerkID"
-	| "signupTime"
-	| "firstName"
-	| "lastName"
-	| "email"
-	| "role"
-	| "isRSVPed"
-	| "hackerTag"
-	| "checkinTimestamp"
->;
+export type userValidatorType = z.infer<typeof userValidator>;
 
 type UserColumnType = Column<userValidatorType, unknown>;
 
@@ -73,7 +66,7 @@ export const columns: ColumnDef<userValidatorType>[] = [
 		filterFn: dataTableFuzzyFilter,
 	},
 	{
-		accessorKey: "role",
+		accessorKey: "role.name",
 		header: ({ column }) => (
 			<UserTableHeader name="Role" column={column} hasFilter={true} />
 		),
@@ -124,13 +117,6 @@ export const columns: ColumnDef<userValidatorType>[] = [
 			</span>
 		),
 	},
-	// {
-	// 	accessorKey: "role",
-	// 	header: ({ column }) => (
-	// 		<UserTableHeader name="Role" column={column} hasFilter={true} />
-	// 	),
-	// 	filterFn: "includesString",
-	// },
 	{
 		accessorKey: "signupTime",
 		header: ({ column }) => (
diff --git a/apps/web/src/lib/constants/permission.ts b/apps/web/src/lib/constants/permission.ts
index 4ae7f762..651d78a5 100644
--- a/apps/web/src/lib/constants/permission.ts
+++ b/apps/web/src/lib/constants/permission.ts
@@ -19,6 +19,9 @@ export enum PermissionType {
 	CHECK_IN = 1 << 12,
 	CREATE_SCANS = 1 << 13,
 
+	MANAGE_NAVLINKS = 1 << 14,
+	MANAGE_REGISTRATION = 1 << 15,
+
 	/* You can add new permissions following the pattern:
 		NEW_PERMISSION = 1 << n,
 	*/
diff --git a/apps/web/src/validators/shared/registration.ts b/apps/web/src/validators/shared/registration.ts
index e41ab2a7..45f16b6d 100644
--- a/apps/web/src/validators/shared/registration.ts
+++ b/apps/web/src/validators/shared/registration.ts
@@ -178,7 +178,7 @@ export const hackerRegistrationFormValidator = z
 		clerkID: true,
 		isFullyRegistered: true,
 		signupTime: true,
-		role: true,
+		role_id: true,
 		isRSVPed: true,
 		isApproved: true,
 		group: true,
@@ -210,7 +210,7 @@ export const hackerRegistrationValidatorLocalStorage =
 			clerkID: true,
 			isFullyRegistered: true,
 			signupTime: true,
-			role: true,
+			role_id: true,
 			isRSVPed: true,
 			isApproved: true,
 			group: true,
diff --git a/packages/config/hackkit.config.ts b/packages/config/hackkit.config.ts
index 85631614..5957964c 100644
--- a/packages/config/hackkit.config.ts
+++ b/packages/config/hackkit.config.ts
@@ -913,6 +913,7 @@ const c = {
 			Users: "/admin/users",
 			Events: "/admin/events",
 			Roles: "/admin/roles",
+			Toggles: "/admin/toggles",
 			"Hackathon Check-in": "/admin/check-in",
 		},
 	},
@@ -1021,6 +1022,8 @@ const publicRoutes = [
 	/^\/sign-up(\/.*)?$/,
 ];
 
+const defaultRoleId = 2;
+
 export default c;
 export {
 	defaultTheme,
@@ -1029,4 +1032,5 @@ export {
 	discordVerificationStatus,
 	publicRoutes,
 	staticUploads,
+	defaultRoleId,
 };
diff --git a/packages/db/seed.ts b/packages/db/seed.ts
new file mode 100644
index 00000000..3f2fad89
--- /dev/null
+++ b/packages/db/seed.ts
@@ -0,0 +1,18 @@
+import { db } from ".";
+import { roles } from "./schema";
+
+async function main() {
+	const result = await db.insert(roles).values([
+		{ name: "admin", position: 0, permissions: -1, color: "#FFFFFF" },
+		{
+			name: "hacker",
+			position: 1,
+			permissions: 0,
+			color: "#00FF00",
+		},
+	]);
+
+	if (result) {
+		console.log("Successfully seeded roles.");
+	}
+}

From 8b0c39d65edffe0e154227bbfc76e77bb142ebab Mon Sep 17 00:00:00 2001
From: Rufat Niftaliyev <rufat.niftaliyev2007@gmail.com>
Date: Tue, 4 Nov 2025 22:21:17 -0600
Subject: [PATCH 06/10] Fixed: Role position guard wasn't working

---
 apps/web/src/actions/admin/role-actions.ts    | 32 +++++++++----------
 .../src/components/admin/roles/RoleCard.tsx   |  7 +++-
 .../components/admin/roles/RolesManager.tsx   | 25 ++++++++++++++-
 apps/web/src/lib/utils/server/admin.ts        |  3 +-
 4 files changed, 47 insertions(+), 20 deletions(-)

diff --git a/apps/web/src/actions/admin/role-actions.ts b/apps/web/src/actions/admin/role-actions.ts
index 2c842670..43d5d29e 100644
--- a/apps/web/src/actions/admin/role-actions.ts
+++ b/apps/web/src/actions/admin/role-actions.ts
@@ -72,24 +72,24 @@ export const editRole = adminAction
 			const role = await db.query.roles.findFirst({
 				where: eq(roles.id, roleId),
 			});
+			console.log(user);
 			if (!role) throw new Error("Role not found");
 
-			if (!userHasPermission(user, PermissionType.EDIT_ROLES)) {
-				if (!compareUserPosition(user, role.position, "higher")) {
-					/* This prevents edition of roles higher-or-equal to the current user's position */
-
-					throw new Error(
-						"You do not have permission to edit this role.",
-					);
-				}
-				if (
-					position !== undefined &&
-					!compareUserPosition(user, position, "higher")
-				) {
-					throw new Error(
-						"You do not have permission to move a role to that position.",
-					);
-				}
+			if (
+				!userHasPermission(user, PermissionType.EDIT_ROLES) ||
+				!compareUserPosition(user, role.position, "higher")
+			) {
+				throw new Error(
+					"You do not have permission to edit this role.",
+				);
+			}
+			if (
+				position !== undefined &&
+				!compareUserPosition(user, position, "higher")
+			) {
+				throw new Error(
+					"You do not have permission to move a role to that position.",
+				);
 			}
 
 			await db
diff --git a/apps/web/src/components/admin/roles/RoleCard.tsx b/apps/web/src/components/admin/roles/RoleCard.tsx
index 6c07232e..d3c17b9b 100644
--- a/apps/web/src/components/admin/roles/RoleCard.tsx
+++ b/apps/web/src/components/admin/roles/RoleCard.tsx
@@ -107,7 +107,12 @@ export default function RoleCard({
 										e.stopPropagation();
 										onMove(role.id, "up");
 									}}
-									disabled={index === 0 || !canEditRole}
+									disabled={
+										index === 0 ||
+										!canEditRole ||
+										role.position - 1 ==
+											currentUser.role?.position
+									}
 								>
 									<ChevronUp />
 								</Button>
diff --git a/apps/web/src/components/admin/roles/RolesManager.tsx b/apps/web/src/components/admin/roles/RolesManager.tsx
index 020f3963..bc258b10 100644
--- a/apps/web/src/components/admin/roles/RolesManager.tsx
+++ b/apps/web/src/components/admin/roles/RolesManager.tsx
@@ -73,7 +73,29 @@ export default function RolesManager({
 	const total = roles.length;
 
 	async function saveAll() {
-		const promises = roles.map((r) =>
+		// Compute which roles actually changed compared to the original `initialRoles`
+		const changedRoles = roles.filter((r) => {
+			const orig = initialRoles.find((o: any) => o.id === r.id);
+			if (!orig) return true;
+			const origPerm = orig.permissions ?? 0;
+			const rPerm = r.permissions ?? 0;
+			const origColor = orig.color ?? null;
+			const rColor = r.color ?? null;
+			return (
+				orig.name !== r.name ||
+				orig.position !== r.position ||
+				origPerm !== rPerm ||
+				origColor !== rColor
+			);
+		});
+
+		if (changedRoles.length === 0) {
+			toast.success("No changes to save");
+			setDirty(false);
+			return;
+		}
+
+		const promises = changedRoles.map((r) =>
 			doEdit({
 				roleId: r.id,
 				name: r.name,
@@ -82,6 +104,7 @@ export default function RolesManager({
 				color: r.color ?? null,
 			}),
 		);
+
 		try {
 			await Promise.all(promises);
 			toast.success("All changes saved successfully");
diff --git a/apps/web/src/lib/utils/server/admin.ts b/apps/web/src/lib/utils/server/admin.ts
index 1e21952e..590a8b4c 100644
--- a/apps/web/src/lib/utils/server/admin.ts
+++ b/apps/web/src/lib/utils/server/admin.ts
@@ -1,4 +1,3 @@
-import type { User } from "db/types";
 import { PermissionMask } from "@/lib/utils/shared/permission";
 import { PermissionType } from "@/lib/constants/permission";
 import { UserWithRole } from "db/types";
@@ -27,7 +26,7 @@ export function compareUserPosition(
 	targetRolePosition: number,
 	position: "higher" | "lower" | "equal",
 ): boolean {
-	const userRolePosition = user.role?.position || 0;
+	const userRolePosition = user.role?.position ?? Number.MAX_SAFE_INTEGER;
 	if (position === "higher") {
 		return userRolePosition < targetRolePosition;
 	} else if (position === "lower") {

From 690f721085ba9be598c484a3efa653cfb17e6295 Mon Sep 17 00:00:00 2001
From: Rufat Niftaliyev <rufat.niftaliyev2007@gmail.com>
Date: Wed, 5 Nov 2025 21:30:50 -0600
Subject: [PATCH 07/10] pnpm lock up to date

---
 pnpm-lock.yaml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index c8cf0adf..76e6854e 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -367,9 +367,6 @@ importers:
       tailwindcss-animate:
         specifier: ^1.0.7
         version: 1.0.7(tailwindcss@3.4.6)
-      title-case:
-        specifier: ^4.3.1
-        version: 4.3.1
       typescript:
         specifier: 5.5.3
         version: 5.5.3
@@ -16505,10 +16502,6 @@ packages:
       upper-case: 1.1.3
     dev: true
 
-  /title-case@4.3.1:
-    resolution: {integrity: sha512-VnPxQ+/j0X2FZ4ceGq1oLruTLjtN5Ul4sam5ypd4mDZLm1eHwkwip1gLxqhON/j4qyTlUlfPKslE/t4NPSlxhg==}
-    dev: false
-
   /tmp@0.0.33:
     resolution: {integrity: sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==}
     engines: {node: '>=0.6.0'}

From f5f2a1b03c7d5309ab1e7e3802b665821a941d5a Mon Sep 17 00:00:00 2001
From: Rufat Niftaliyev <rufat.niftaliyev2007@gmail.com>
Date: Wed, 5 Nov 2025 21:40:00 -0600
Subject: [PATCH 08/10] Synchronised dev with current update

---
 apps/web/src/app/admin/users/[slug]/page.tsx | 92 +++++++++++---------
 apps/web/src/app/dash/pass/page.tsx          |  2 +-
 apps/web/src/app/globals.css                 |  3 +-
 3 files changed, 52 insertions(+), 45 deletions(-)

diff --git a/apps/web/src/app/admin/users/[slug]/page.tsx b/apps/web/src/app/admin/users/[slug]/page.tsx
index fab8c827..de613c26 100644
--- a/apps/web/src/app/admin/users/[slug]/page.tsx
+++ b/apps/web/src/app/admin/users/[slug]/page.tsx
@@ -10,11 +10,11 @@ import {
 	ProfileInfo,
 } from "@/components/admin/users/ServerSections";
 import {
-  DropdownMenu,
-  DropdownMenuTrigger,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuSeparator
+	DropdownMenu,
+	DropdownMenuTrigger,
+	DropdownMenuContent,
+	DropdownMenuItem,
+	DropdownMenuSeparator,
 } from "@/components/shadcn/ui/dropdown-menu";
 import { auth } from "@clerk/nextjs/server";
 import { notFound } from "next/navigation";
@@ -64,7 +64,7 @@ export default async function Page({ params }: { params: { slug: string } }) {
 						{/* <p className="text-sm text-muted-foreground">{users.length} Total Users</p> */}
 					</div>
 				</div>
-				<div className="col-span-2 hidden md:flex items-center justify-end gap-2 ">
+				<div className="col-span-2 hidden items-center justify-end gap-2 md:flex">
 					<Link href={`/@${subject.hackerTag}`} target="_blank">
 						<Button variant={"outline"}>Hacker Profile</Button>
 					</Link>
@@ -113,43 +113,51 @@ export default async function Page({ params }: { params: { slug: string } }) {
 						/>
 					)}
 				</div>
-				<div className="col-span-2 flex md:hidden items-center justify-end pr-4">
-				<DropdownMenu>
-					<DropdownMenuTrigger asChild>
-					<Button variant={"outline"} >
-						Admin Actions
-					</Button>
-					</DropdownMenuTrigger>
-					<DropdownMenuContent align="end" className="min-w-[160px]">
-					<DropdownMenuItem className="justify-center">
-						<Link href={`/@${user.hackerTag}`} target="_blank">
-						<Button variant={"outline"}>Hacker Profile</Button>
-						</Link>
-					</DropdownMenuItem>
-					<DropdownMenuSeparator />
-					<DropdownMenuItem className="justify-center">
-						<Link href={`mailto:${user.email}`}>
-						<Button variant={"outline"}>Email Hacker</Button>
-						</Link>
-					</DropdownMenuItem>
-					<DropdownMenuSeparator />
-					<div className="px-2 py-1.5 text-sm text-center hover:bg-accent rounded-sm cursor-pointer">
-						<UpdateRoleDialog
-						name={`${user.firstName} ${user.lastName}`}
-						canMakeAdmins={admin.role === "super_admin"}
-						currPermision={user.role}
-						userID={user.clerkID}
-						/>
-					</div>
+				<div className="col-span-2 flex items-center justify-end pr-4 md:hidden">
+					<DropdownMenu>
+						<DropdownMenuTrigger asChild>
+							<Button variant={"outline"}>Admin Actions</Button>
+						</DropdownMenuTrigger>
+						<DropdownMenuContent
+							align="end"
+							className="min-w-[160px]"
+						>
+							<DropdownMenuItem className="justify-center">
+								<Link
+									href={`/@${subject.hackerTag}`}
+									target="_blank"
+								>
+									<Button variant={"outline"}>
+										Hacker Profile
+									</Button>
+								</Link>
+							</DropdownMenuItem>
+							<DropdownMenuSeparator />
+							<DropdownMenuItem className="justify-center">
+								<Link href={`mailto:${subject.email}`}>
+									<Button variant={"outline"}>
+										Email Hacker
+									</Button>
+								</Link>
+							</DropdownMenuItem>
+							<DropdownMenuSeparator />
+							<div className="cursor-pointer rounded-sm px-2 py-1.5 text-center text-sm hover:bg-accent">
+								<UpdateRoleDialog
+									name={`${subject.firstName} ${subject.lastName}`}
+									currentRoleId={subject.role_id}
+									userID={subject.clerkID}
+								/>
+							</div>
 
-					{(c.featureFlags.core.requireUsersApproval as boolean) && (
-						<ApproveUserButton
-							userIDToUpdate={user.clerkID}
-							currentApproval={user.isApproved}
-						/>
-					)}
-					</DropdownMenuContent>
-				</DropdownMenu>
+							{(c.featureFlags.core
+								.requireUsersApproval as boolean) && (
+								<ApproveUserButton
+									userIDToUpdate={subject.clerkID}
+									currentApproval={subject.isApproved}
+								/>
+							)}
+						</DropdownMenuContent>
+					</DropdownMenu>
 				</div>
 			</div>
 			<div className="mt-20 grid min-h-[500px] w-full grid-cols-3">
diff --git a/apps/web/src/app/dash/pass/page.tsx b/apps/web/src/app/dash/pass/page.tsx
index 3746e840..baf48a46 100644
--- a/apps/web/src/app/dash/pass/page.tsx
+++ b/apps/web/src/app/dash/pass/page.tsx
@@ -101,7 +101,7 @@ function EventPass({ qrPayload, user, clerk, guild }: EventPassProps) {
 								c.startDate,
 								"h:mma, MMM d, yyyy",
 							)}`}</p>
-							<p className="font-mono text-xs text-right">
+							<p className="text-right font-mono text-xs">
 								{c.prettyLocation}
 							</p>
 						</div>
diff --git a/apps/web/src/app/globals.css b/apps/web/src/app/globals.css
index a35dbcef..8494cab5 100644
--- a/apps/web/src/app/globals.css
+++ b/apps/web/src/app/globals.css
@@ -139,7 +139,6 @@
 }
 
 @keyframes pulseDot {
-
 	0%,
 	100% {
 		transform: scale(1);
@@ -148,4 +147,4 @@
 	50% {
 		transform: scale(1.1);
 	}
-}
\ No newline at end of file
+}

From 0ced0165f66c91dcc2596c169deacfd482c8840e Mon Sep 17 00:00:00 2001
From: Rufat <rufat.niftaliyev2007@gmail.com>
Date: Mon, 10 Nov 2025 14:54:50 -0600
Subject: [PATCH 09/10] ```compareUserPosition``` function refactored

---
 apps/web/src/actions/admin/role-actions.ts    |  8 +++----
 apps/web/src/actions/admin/user-actions.ts    | 12 ++++------
 apps/web/src/components/Restricted.tsx        | 22 ++++++++++++++-----
 .../src/components/admin/roles/RoleCard.tsx   |  2 +-
 apps/web/src/lib/utils/server/admin.ts        | 15 +++++--------
 apps/web/src/lib/utils/server/user.ts         |  4 ++--
 6 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/apps/web/src/actions/admin/role-actions.ts b/apps/web/src/actions/admin/role-actions.ts
index 43d5d29e..c26da902 100644
--- a/apps/web/src/actions/admin/role-actions.ts
+++ b/apps/web/src/actions/admin/role-actions.ts
@@ -39,7 +39,7 @@ export const createRole = adminAction
 			ctx: { user },
 		}) => {
 			if (!userHasPermission(user, PermissionType.CREATE_ROLES)) {
-				if (!compareUserPosition(user, position, "higher")) {
+				if (!compareUserPosition(user, position)) {
 					/* This prevents creation of roles higher-or-equal to the current user's position */
 
 					throw new Error(
@@ -77,7 +77,7 @@ export const editRole = adminAction
 
 			if (
 				!userHasPermission(user, PermissionType.EDIT_ROLES) ||
-				!compareUserPosition(user, role.position, "higher")
+				!compareUserPosition(user, role.position)
 			) {
 				throw new Error(
 					"You do not have permission to edit this role.",
@@ -85,7 +85,7 @@ export const editRole = adminAction
 			}
 			if (
 				position !== undefined &&
-				!compareUserPosition(user, position, "higher")
+				!compareUserPosition(user, position)
 			) {
 				throw new Error(
 					"You do not have permission to move a role to that position.",
@@ -124,7 +124,7 @@ export const deleteRole = adminAction
 		}
 
 		if (!userHasPermission(user, PermissionType.DELETE_ROLES)) {
-			if (!compareUserPosition(user, role.position, "higher")) {
+			if (!compareUserPosition(user, role.position)) {
 				/* This prevents deletion of roles higher-or-equal to the current user's position */
 
 				throw new Error(
diff --git a/apps/web/src/actions/admin/user-actions.ts b/apps/web/src/actions/admin/user-actions.ts
index 2b214375..a1f48cdb 100644
--- a/apps/web/src/actions/admin/user-actions.ts
+++ b/apps/web/src/actions/admin/user-actions.ts
@@ -41,12 +41,8 @@ export const updateRole = adminAction
 
 			if (!userHasPermission(user, PermissionType.CHANGE_USER_ROLES)) {
 				if (
-					!compareUserPosition(
-						user,
-						userToUpdate.role.position,
-						"higher",
-					) ||
-					!compareUserPosition(user, roleToSet.position, "higher")
+					!compareUserPosition(user, userToUpdate.role.position) ||
+					!compareUserPosition(user, roleToSet.position)
 				) {
 					throw new Error(
 						"You do not have permission to set this role.",
@@ -99,7 +95,7 @@ export const banUser = adminAction
 
 			if (
 				!userHasPermission(user, PermissionType.BAN_USERS) ||
-				!compareUserPosition(user, userToBan!.role.position, "higher")
+				!compareUserPosition(user, userToBan!.role.position)
 			) {
 				throw new Error("You do not have permission to ban users.");
 			}
@@ -125,7 +121,7 @@ export const removeUserBan = adminAction
 
 		if (
 			!userHasPermission(user, PermissionType.BAN_USERS) ||
-			!compareUserPosition(user, userToBan!.role.position, "higher")
+			!compareUserPosition(user, userToBan!.role.position)
 		) {
 			throw new Error("You do not have permission to ban users.");
 		}
diff --git a/apps/web/src/components/Restricted.tsx b/apps/web/src/components/Restricted.tsx
index 30dd1301..52b46e56 100644
--- a/apps/web/src/components/Restricted.tsx
+++ b/apps/web/src/components/Restricted.tsx
@@ -23,12 +23,22 @@ function Restricted({
 		return <></>;
 	}
 	if (targetRolePosition !== undefined) {
-		console.log(
-			user.role?.name + ":" + user.role?.position,
-			targetRolePosition,
-			compareUserPosition(user, targetRolePosition, position),
-		);
-		if (!compareUserPosition(user, targetRolePosition, position)) {
+		if (
+			position === "higher" &&
+			!compareUserPosition(user, targetRolePosition)
+		) {
+			return <></>;
+		}
+		if (
+			position === "lower" &&
+			compareUserPosition(user, targetRolePosition) !== -1
+		) {
+			return <></>;
+		}
+		if (
+			position === "equal" &&
+			compareUserPosition(user, targetRolePosition) !== 0
+		) {
 			return <></>;
 		}
 	}
diff --git a/apps/web/src/components/admin/roles/RoleCard.tsx b/apps/web/src/components/admin/roles/RoleCard.tsx
index d3c17b9b..802e3d5d 100644
--- a/apps/web/src/components/admin/roles/RoleCard.tsx
+++ b/apps/web/src/components/admin/roles/RoleCard.tsx
@@ -58,7 +58,7 @@ export default function RoleCard({
 		try {
 			return (
 				userHasPermission(currentUser, PermissionType.EDIT_ROLES) &&
-				compareUserPosition(currentUser, role.position, "higher")
+				compareUserPosition(currentUser, role.position)
 			);
 		} catch (e) {
 			return false;
diff --git a/apps/web/src/lib/utils/server/admin.ts b/apps/web/src/lib/utils/server/admin.ts
index 590a8b4c..16113606 100644
--- a/apps/web/src/lib/utils/server/admin.ts
+++ b/apps/web/src/lib/utils/server/admin.ts
@@ -24,15 +24,12 @@ export function isUserAdmin(user: UserWithRole): boolean {
 export function compareUserPosition(
 	user: UserWithRole,
 	targetRolePosition: number,
-	position: "higher" | "lower" | "equal",
-): boolean {
+): 1 | -1 | 0 {
 	const userRolePosition = user.role?.position ?? Number.MAX_SAFE_INTEGER;
-	if (position === "higher") {
-		return userRolePosition < targetRolePosition;
-	} else if (position === "lower") {
-		return userRolePosition > targetRolePosition;
-	} else if (position === "equal") {
-		return userRolePosition === targetRolePosition;
+	if (userRolePosition < targetRolePosition) {
+		return 1;
+	} else if (userRolePosition == targetRolePosition) {
+		return 0;
 	}
-	return false;
+	return -1;
 }
diff --git a/apps/web/src/lib/utils/server/user.ts b/apps/web/src/lib/utils/server/user.ts
index 1877bc5d..64159848 100644
--- a/apps/web/src/lib/utils/server/user.ts
+++ b/apps/web/src/lib/utils/server/user.ts
@@ -12,11 +12,11 @@ export const getCurrentUser = cache(async (): Promise<UserWithRole> => {
 	"use server";
 	const { userId } = await auth();
 	if (!userId) {
-		throw new Error("No user logged in");
+		return redirect("/login");
 	}
 	const user = await getUser(userId);
 	if (!user) {
-		throw new Error("User not found");
+		return redirect("/login");
 	}
 
 	return user;

From f61d0377ac2de331d08228e5fb41ff551fd9e843 Mon Sep 17 00:00:00 2001
From: Rufat <rufat.niftaliyev2007@gmail.com>
Date: Mon, 24 Nov 2025 14:46:01 -0600
Subject: [PATCH 10/10] fixed some errors

---
 apps/web/src/app/admin/users/[slug]/page.tsx           |  6 ++++++
 apps/web/src/components/Restricted.tsx                 | 10 ++++++----
 .../src/components/admin/users/UpdateRoleDialog.tsx    |  7 +++----
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/apps/web/src/app/admin/users/[slug]/page.tsx b/apps/web/src/app/admin/users/[slug]/page.tsx
index de613c26..ba125b2a 100644
--- a/apps/web/src/app/admin/users/[slug]/page.tsx
+++ b/apps/web/src/app/admin/users/[slug]/page.tsx
@@ -40,6 +40,10 @@ export default async function Page({ params }: { params: { slug: string } }) {
 		return <p className="text-center font-bold">User Not Found</p>;
 	}
 
+	const roles = await db.query.roles.findMany({
+		columns: { id: true, name: true },
+	});
+
 	const banInstance = await db.query.bannedUsers.findFirst({
 		where: eq(bannedUsers.userID, subject.clerkID),
 	});
@@ -83,6 +87,7 @@ export default async function Page({ params }: { params: { slug: string } }) {
 							name={`${subject.firstName} ${subject.lastName}`}
 							currentRoleId={subject.role_id}
 							userID={subject.clerkID}
+							roles={roles}
 						/>
 					</Restricted>
 
@@ -146,6 +151,7 @@ export default async function Page({ params }: { params: { slug: string } }) {
 									name={`${subject.firstName} ${subject.lastName}`}
 									currentRoleId={subject.role_id}
 									userID={subject.clerkID}
+									roles={roles}
 								/>
 							</div>
 
diff --git a/apps/web/src/components/Restricted.tsx b/apps/web/src/components/Restricted.tsx
index 52b46e56..e7c61814 100644
--- a/apps/web/src/components/Restricted.tsx
+++ b/apps/web/src/components/Restricted.tsx
@@ -25,22 +25,24 @@ function Restricted({
 	if (targetRolePosition !== undefined) {
 		if (
 			position === "higher" &&
-			!compareUserPosition(user, targetRolePosition)
+			compareUserPosition(user, targetRolePosition)
 		) {
-			return <></>;
+			return <>{children}</>;
 		}
 		if (
 			position === "lower" &&
 			compareUserPosition(user, targetRolePosition) !== -1
 		) {
-			return <></>;
+			return <>{children}</>;
 		}
 		if (
 			position === "equal" &&
 			compareUserPosition(user, targetRolePosition) !== 0
 		) {
-			return <></>;
+			return <>{children}</>;
 		}
+
+		return <></>;
 	}
 	return <>{children}</>;
 }
diff --git a/apps/web/src/components/admin/users/UpdateRoleDialog.tsx b/apps/web/src/components/admin/users/UpdateRoleDialog.tsx
index cea26185..edda01e5 100644
--- a/apps/web/src/components/admin/users/UpdateRoleDialog.tsx
+++ b/apps/web/src/components/admin/users/UpdateRoleDialog.tsx
@@ -21,25 +21,24 @@ import { useAction } from "next-safe-action/hooks";
 import { updateRole } from "@/actions/admin/user-actions";
 import { useState } from "react";
 import { Badge } from "@/components/shadcn/ui/badge";
-import { db } from "db";
 import { titleCase } from "@/lib/utils/shared/string";
 
 interface UpdateRoleDialogProps {
 	userID: string;
 	name: string;
 	currentRoleId: number;
+	roles: { id: number; name: string }[];
 }
 
-export default async function UpdateRoleDialog({
+export default function UpdateRoleDialog({
 	userID,
 	currentRoleId,
 	name,
+	roles,
 }: UpdateRoleDialogProps) {
 	const [roleToSet, setRoleToSet] = useState(currentRoleId);
 	const [open, setOpen] = useState(false);
 
-	const roles = await db.query.roles.findMany();
-
 	const currentRoleName = titleCase(
 		roles.find((r) => r.id === currentRoleId)?.name.replace("_", " ") || "",
 	);