steve/check-printing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modal scroll fix; per-account editor/viewer roles

Browse Source 
- Fix account settings modal overflow: add max-height to .modal, make
  .modal-body flex/scrollable, widen #acct-settings-modal to 620px
- Add role column to user_accounts (editor|viewer) with migration;
  existing assignments promoted to editor
- New isEditorForAccount() in auth middleware for per-account write checks
- Replace global requireEditor with per-account checks in checks.js,
  deposits.js, pdf.js, deposit-pdf.js, qbo-import.js
- GET /api/accounts now returns user_role per account
- users.js returns {account_id, role} per assignment; POST/PUT accept
  accounts as [{id, role}]
- Frontend: state.accountRole tracks effective role for active account;
  applyRoleUI and renderRow use it; user management shows role dropdown
  per account assignment
This commit is contained in:
Steve Dogiakos
2026-03-18 23:31:23 -06:00
parent 764def4f7d
commit af88549ad8
12 changed files with 137 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/qbo-import.js
+4
View File
@@ -7,6 +7,7 @@ const os = require('os');
const fs = require('fs');
const upload = multer({ dest: os.tmpdir() });
const { isEditorForAccount } = require('../middleware/auth');
// ── CSV helpers ───────────────────────────────────────────────────────────────
@@ -291,6 +292,9 @@ router.post('/confirm', express.json(), (req, res) => {
if (!type || !records || !account_id) {
return res.status(400).json({ error: 'Missing required fields: type, records, account_id.' });
}
if (!isEditorForAccount(req.session, parseInt(account_id, 10))) {
return res.status(403).json({ error: 'Write access required.' });
}
if (type !== 'checks' && type !== 'deposits') {
return res.status(400).json({ error: 'Invalid type.' });
}