Modal scroll fix; per-account editor/viewer roles
- Fix account settings modal overflow: add max-height to .modal, make
.modal-body flex/scrollable, widen #acct-settings-modal to 620px
- Add role column to user_accounts (editor|viewer) with migration;
existing assignments promoted to editor
- New isEditorForAccount() in auth middleware for per-account write checks
- Replace global requireEditor with per-account checks in checks.js,
deposits.js, pdf.js, deposit-pdf.js, qbo-import.js
- GET /api/accounts now returns user_role per account
- users.js returns {account_id, role} per assignment; POST/PUT accept
accounts as [{id, role}]
- Frontend: state.accountRole tracks effective role for active account;
applyRoleUI and renderRow use it; user management shows role dropdown
per account assignment
This commit is contained in:
+9
-7
@@ -10,7 +10,7 @@ const multer = require('multer');
|
||||
const session = require('express-session');
|
||||
|
||||
const db = require('./db/database');
|
||||
const { requireAuth, requireAdmin, requireEditor, canAccessAccount } = require('./middleware/auth');
|
||||
const { requireAuth, requireAdmin, canAccessAccount } = require('./middleware/auth');
|
||||
|
||||
const app = express();
|
||||
const upload = multer({ dest: os.tmpdir() });
|
||||
@@ -44,15 +44,15 @@ app.use('/api/users', require('./routes/users'));
|
||||
// ── Check routes ──────────────────────────────────────────────────────────────
|
||||
app.use('/api/checks', require('./routes/checks'));
|
||||
|
||||
// ── PDF (editor+) ─────────────────────────────────────────────────────────────
|
||||
app.use('/api/pdf', requireEditor, require('./routes/pdf'));
|
||||
// ── PDF (per-account editor check inside route) ───────────────────────────────
|
||||
app.use('/api/pdf', require('./routes/pdf'));
|
||||
|
||||
// ── Deposits ──────────────────────────────────────────────────────────────────
|
||||
app.use('/api/deposits', require('./routes/deposits'));
|
||||
app.use('/api/deposit-pdf', requireEditor, require('./routes/deposit-pdf'));
|
||||
app.use('/api/deposit-pdf', require('./routes/deposit-pdf'));
|
||||
|
||||
// ── QBO import (editor+) ──────────────────────────────────────────────────────
|
||||
app.use('/api/qbo-import', requireEditor, require('./routes/qbo-import'));
|
||||
// ── QBO import (per-account editor check inside route) ────────────────────────
|
||||
app.use('/api/qbo-import', require('./routes/qbo-import'));
|
||||
|
||||
// ── Accounts list — filtered by role ─────────────────────────────────────────
|
||||
app.get('/api/accounts', (req, res) => {
|
||||
@@ -61,9 +61,11 @@ app.get('/api/accounts', (req, res) => {
|
||||
accounts = db.prepare(
|
||||
'SELECT id, company1, bank_name, current_check_no FROM account ORDER BY id ASC'
|
||||
).all();
|
||||
// Admins have editor access to all accounts
|
||||
accounts.forEach(a => { a.user_role = 'editor'; });
|
||||
} else {
|
||||
accounts = db.prepare(`
|
||||
SELECT a.id, a.company1, a.bank_name, a.current_check_no
|
||||
SELECT a.id, a.company1, a.bank_name, a.current_check_no, ua.role AS user_role
|
||||
FROM account a
|
||||
JOIN user_accounts ua ON ua.account_id = a.id
|
||||
WHERE ua.user_id = ?
|
||||
|
||||
Reference in New Issue
Block a user