fix: enforce read-only restrictions for viewer role #3

JoeBot · 2026-03-09T09:59:45-04:00

JoeBot commented

2026-03-09 09:59:45 -04:00

Summary

Audit and fix 5 pages where viewer (read-only) users had access to write/modify actions
Dashboard: conditionally hide health score refresh buttons for viewers
Accounts: hide investment edit icons for viewers via isReadOnly prop
Invoices: hide Apply Late Fees and Generate Invoices buttons for viewers
Capital Planning: disable drag-and-drop, hide grip handles and edit buttons for viewers
Investment Planning: hide AI Recommendations refresh button for viewers

Test plan

Log in as secretary@pinecreekhoa.com (viewer role)
Dashboard: verify no refresh icons on Operating/Reserve Fund Health cards
Accounts: verify no edit icons on investment table rows
Invoices: verify no Apply Late Fees or Generate Invoices buttons
Capital Planning: verify no grip handles, no edit buttons, cards not draggable
Investment Planning: verify no Refresh Recommendations button
Build passes with no TypeScript errors

🤖 Generated with Claude Code

## Summary - Audit and fix 5 pages where viewer (read-only) users had access to write/modify actions - Dashboard: conditionally hide health score refresh buttons for viewers - Accounts: hide investment edit icons for viewers via `isReadOnly` prop - Invoices: hide Apply Late Fees and Generate Invoices buttons for viewers - Capital Planning: disable drag-and-drop, hide grip handles and edit buttons for viewers - Investment Planning: hide AI Recommendations refresh button for viewers ## Test plan - [x] Log in as `secretary@pinecreekhoa.com` (viewer role) - [x] Dashboard: verify no refresh icons on Operating/Reserve Fund Health cards - [x] Accounts: verify no edit icons on investment table rows - [x] Invoices: verify no Apply Late Fees or Generate Invoices buttons - [x] Capital Planning: verify no grip handles, no edit buttons, cards not draggable - [x] Investment Planning: verify no Refresh Recommendations button - [x] Build passes with no TypeScript errors 🤖 Generated with [Claude Code](https://claude.com/claude-code)

JoeBot added 2 commits 2026-03-09 09:59:46 -04:00

fix: update password when adding existing user to new org 3bf6b8c6c9

When an existing user was added to a new organization via the member
management UI, the password entered in the form was silently ignored.
This caused the user to be unable to log in with the password they
were given, since the hash in the database was from their original
account creation for a different org.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix: enforce read-only restrictions for viewer role across 5 pages 9d137a40d3

Audit and fix viewer (read-only) user permissions:
- Dashboard: hide health score refresh buttons
- Accounts: hide investment edit icons
- Invoices: hide Apply Late Fees and Generate Invoices buttons
- Capital Planning: disable drag-and-drop, hide grip handles and edit buttons
- Investment Planning: hide AI Recommendations refresh button

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin fix/viewer-readonly-audit:fix/viewer-readonly-audit

git checkout fix/viewer-readonly-audit

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: JoeBot/HOA_Financial_Platform#3