fix: non-hacker confirm button disable conditions (#373)

* fix: non-hacker confirm button disable conditions

* fix: disable confirm button if status is reviewed

* update: allow check-in leads to confirm non-hackers

apps/api/src/admin/participant_manager.py

@@ -109,7 +109,7 @@ async def confirm_attendance_non_hacker(uid: str, director: User) -> None:
     if not record or record["role"] not in NON_HACKER_ROLES:
         raise ValueError
 
-    update_status = await mongodb_handler.raw_update_one(
+    update_status = await mongodb_handler.update_one(
         Collection.USERS,
         {"_id": uid},
         {"status": Status.ATTENDING},

apps/site/src/app/admin/participants/components/ParticipantAction.tsx

@@ -4,7 +4,7 @@ import Button from "@cloudscape-design/components/button";
 
 import UserContext from "@/lib/admin/UserContext";
 import { isCheckinLead, isNonHacker } from "@/lib/admin/authorization";
-import { Status } from "@/lib/admin/useApplicant";
+import { ReviewStatus, Status } from "@/lib/admin/useApplicant";
 import { Participant } from "@/lib/admin/useParticipants";
 import ParticipantActionPopover from "./ParticipantActionPopover";
 
@@ -61,10 +61,13 @@ function ParticipantAction({
 		</Button>
 	);
 
-	if (nonHacker && isWaiverSigned) {
-		if (role !== "director") {
+	if (nonHacker) {
+		const content = !isCheckinLead
+			? "Only check-in leads can confirm non-hackers."
+			: "Must sign waiver first.";
+		if (!isCheckinLead || participant.status === ReviewStatus.reviewed) {
 			return (
-				<ParticipantActionPopover content="Only directors are allowed to confirm non-hackers.">
+				<ParticipantActionPopover content={content}>
 					{confirmButton}
 				</ParticipantActionPopover>
 			);