olsch01
43b10869f0
Introduces a capability layer on top of existing roles that controls feature visibility and access. Capabilities follow an area.feature.action taxonomy (~35 capabilities) with sensible defaults per role. Tenant admins can customize via grant/revoke overrides stored in org settings JSONB. Key changes: - Add vice_president role to DB schema - Backend: capability constants, resolution logic, CapabilityGuard (global), @RequireCapability decorator on all 16 tenant controllers - Frontend: permission hooks (useCanEdit, useHasCapability), CapabilityGate component, sidebar filtering by capability, all 17 pages migrated from useIsReadOnly to capability-based checks - New admin UI: /settings/permissions matrix page for per-tenant role customization with grant/revoke delta model - GET /organizations/my-capabilities endpoint for capability refresh - Validation of permissionOverrides in settings updates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
10 lines
468 B
SQL
10 lines
468 B
SQL
-- Migration 020: Add vice_president role to user_organizations
|
|
-- This adds the vice_president role to the CHECK constraint on the role column.
|
|
|
|
ALTER TABLE shared.user_organizations
|
|
DROP CONSTRAINT IF EXISTS user_organizations_role_check;
|
|
|
|
ALTER TABLE shared.user_organizations
|
|
ADD CONSTRAINT user_organizations_role_check
|
|
CHECK (role IN ('president', 'vice_president', 'treasurer', 'secretary', 'member_at_large', 'manager', 'homeowner', 'admin', 'viewer'));
|