Phase 3: Roles & permissions enforcement with guards, member management, and admin panel
Centralize permission checks into guards.ts (requireAuth, requireBoardView, requireBoardEditor, requireBoardOwner, requireColumnEditor, requireCardEditor, requireBoardMemberManager, requireTenantAdmin) that fetch entities and check permissions in a single call, replacing ~100 lines of duplicated inline checks across all API routes. Adds board member management (add by email, change role, remove with last-owner protection), tenant admin panel (user role toggle with last-admin protection, board overview), and fixes missing view guard on card GET. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -170,6 +170,12 @@
|
||||
<span class="rounded bg-gray-100 px-2 py-0.5 text-xs text-gray-500">
|
||||
{data.board.visibility === 'PUBLIC' ? 'Public' : 'Private'}
|
||||
</span>
|
||||
<a
|
||||
href="/boards/{data.board.id}/members"
|
||||
class="rounded bg-gray-100 px-2 py-0.5 text-xs text-gray-500 hover:bg-gray-200 hover:text-gray-700 transition"
|
||||
>
|
||||
{data.board.members.length} {data.board.members.length === 1 ? 'member' : 'members'}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<!-- Columns container -->
|
||||
|
||||
Reference in New Issue
Block a user