check-printing

steve/check-printing

Fork 0

Commit Graph

Author	SHA1	Message	Date
steve	2504766be7	perf(db): reuse prepared statements on hot paths - Prepare the user_accounts role lookup once in the auth middleware; it runs on nearly every authenticated request - Prepare session store get/set/destroy/purge statements once in the constructor instead of per request - Prepare the per-check SELECT once per PDF job instead of once per check	2026-06-11 22:03:56 -06:00
steve	af88549ad8	Modal scroll fix; per-account editor/viewer roles - Fix account settings modal overflow: add max-height to .modal, make .modal-body flex/scrollable, widen #acct-settings-modal to 620px - Add role column to user_accounts (editor\|viewer) with migration; existing assignments promoted to editor - New isEditorForAccount() in auth middleware for per-account write checks - Replace global requireEditor with per-account checks in checks.js, deposits.js, pdf.js, deposit-pdf.js, qbo-import.js - GET /api/accounts now returns user_role per account - users.js returns {account_id, role} per assignment; POST/PUT accept accounts as [{id, role}] - Frontend: state.accountRole tracks effective role for active account; applyRoleUI and renderRow use it; user management shows role dropdown per account assignment	2026-03-18 23:31:23 -06:00
steve	f827210a07	Implement user authentication and role-based access control Three-tier user model: admin (all accounts, all actions), editor (assigned accounts, read/write), viewer (assigned accounts, read-only). Backend: - express-session with custom SQLite session store (no extra packages) - bcryptjs for password hashing - src/middleware/auth.js: requireAuth, requireAdmin, requireEditor, canAccessAccount helpers - src/routes/auth.js: login, logout, /me, setup-needed, change-password - src/routes/users.js: full CRUD + account assignments (admin only) - All API routes protected; /api/accounts filtered by user access; write routes gated by requireEditor; admin-only routes locked down Frontend: - Login overlay (full-page) with first-run admin-setup flow - Role-based UI: admin-only elements hidden for non-admins; edit/delete and PDF buttons hidden for viewers; account switcher shows only accessible accounts for non-admins - Users modal (admin only): user list with role badges, create/edit/delete users, set account access via checkboxes - Change-password section available to all logged-in users - apiFetch redirects to login on 401	2026-03-18 22:55:17 -06:00

Author

SHA1

Message

Date

steve

2504766be7

perf(db): reuse prepared statements on hot paths

- Prepare the user_accounts role lookup once in the auth middleware; it
  runs on nearly every authenticated request
- Prepare session store get/set/destroy/purge statements once in the
  constructor instead of per request
- Prepare the per-check SELECT once per PDF job instead of once per check

2026-06-11 22:03:56 -06:00

steve

af88549ad8

Modal scroll fix; per-account editor/viewer roles

- Fix account settings modal overflow: add max-height to .modal, make
  .modal-body flex/scrollable, widen #acct-settings-modal to 620px
- Add role column to user_accounts (editor|viewer) with migration;
  existing assignments promoted to editor
- New isEditorForAccount() in auth middleware for per-account write checks
- Replace global requireEditor with per-account checks in checks.js,
  deposits.js, pdf.js, deposit-pdf.js, qbo-import.js
- GET /api/accounts now returns user_role per account
- users.js returns {account_id, role} per assignment; POST/PUT accept
  accounts as [{id, role}]
- Frontend: state.accountRole tracks effective role for active account;
  applyRoleUI and renderRow use it; user management shows role dropdown
  per account assignment

2026-03-18 23:31:23 -06:00

steve

f827210a07

Implement user authentication and role-based access control

Three-tier user model: admin (all accounts, all actions), editor
(assigned accounts, read/write), viewer (assigned accounts, read-only).

Backend:
- express-session with custom SQLite session store (no extra packages)
- bcryptjs for password hashing
- src/middleware/auth.js: requireAuth, requireAdmin, requireEditor,
  canAccessAccount helpers
- src/routes/auth.js: login, logout, /me, setup-needed, change-password
- src/routes/users.js: full CRUD + account assignments (admin only)
- All API routes protected; /api/accounts filtered by user access;
  write routes gated by requireEditor; admin-only routes locked down

Frontend:
- Login overlay (full-page) with first-run admin-setup flow
- Role-based UI: admin-only elements hidden for non-admins; edit/delete
  and PDF buttons hidden for viewers; account switcher shows only
  accessible accounts for non-admins
- Users modal (admin only): user list with role badges, create/edit/delete
  users, set account access via checkboxes
- Change-password section available to all logged-in users
- apiFetch redirects to login on 401

2026-03-18 22:55:17 -06:00

3 Commits