lunarfront-app

ryan/lunarfront-app

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Moon	b9f78639e2	Add paginated users/roles, user status, frontend permissions, profile pictures, identifier file storage - Users page: paginated, searchable, sortable with inline roles (no N+1) - Roles page: paginated, searchable, sortable + /roles/all for dropdowns - User is_active field with migration, PATCH toggle, auth check (disabled=401) - Frontend permission checks: auth store loads permissions, sidebar/buttons conditional - Profile pictures via file storage for users and members, avatar component - Identifier images use file storage API instead of base64 - Fix TypeScript errors across admin UI - 64 API tests passing (10 new)	2026-03-29 08:16:34 -05:00
Ryan Moon	92371ff228	Add RBAC tests, wiki docs, reset token to 1 hour 12 RBAC API tests: permission denial for no-role users, viewer read-only, sales associate can create but not delete, technician scoped access, instructor inventory denied, admin full access, permission inheritance (admin implies edit+view), system role undeletable, custom role lifecycle. Wiki articles for Users & Roles and Profile settings. Reset password link expires in 1 hour instead of 24.	2026-03-28 18:11:32 -05:00

Author

SHA1

Message

Date

Ryan Moon

b9f78639e2

Add paginated users/roles, user status, frontend permissions, profile pictures, identifier file storage

- Users page: paginated, searchable, sortable with inline roles (no N+1)
- Roles page: paginated, searchable, sortable + /roles/all for dropdowns
- User is_active field with migration, PATCH toggle, auth check (disabled=401)
- Frontend permission checks: auth store loads permissions, sidebar/buttons conditional
- Profile pictures via file storage for users and members, avatar component
- Identifier images use file storage API instead of base64
- Fix TypeScript errors across admin UI
- 64 API tests passing (10 new)

2026-03-29 08:16:34 -05:00

Ryan Moon

92371ff228

Add RBAC tests, wiki docs, reset token to 1 hour

12 RBAC API tests: permission denial for no-role users, viewer read-only,
sales associate can create but not delete, technician scoped access,
instructor inventory denied, admin full access, permission inheritance
(admin implies edit+view), system role undeletable, custom role lifecycle.

Wiki articles for Users & Roles and Profile settings.
Reset password link expires in 1 hour instead of 24.

2026-03-28 18:11:32 -05:00

2 Commits