chore(autonomous-session): consolidate uncommitted work from prior session
Bundles the prior autonomous-session output that was sitting unstaged: - Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances) - country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk after the per-subpath dynamic-import approach silently failed in webpack) - Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index, redirects (ocr to ai, reports to dashboard, invitations to users), docs/admin-ia-proposal.md - Per-template email tester (registry + endpoint + UI on Email admin page) - Cancel-document mode picker (delete-from-Documenso vs keep-for-audit) - Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers - Customize-widgets per-region sortables at xl+ (charts/rails/feed); single flat sortable below xl when the layout stacks; per-viewport saved orders - Audit doc updates capturing each shipped item - Lint fixes: react-compiler immutability in DonutChart (reduce instead of let-reassign), set-state-in-effect disables in CountryFlag and UploadForSigning preview-bytes effect, unused 'confirm' destructures in interest contract + reservation tabs, unescaped apostrophe in test-template card copy
This commit is contained in:
@@ -17,7 +17,7 @@ export async function listUsers(portId: string) {
|
||||
// Two passes:
|
||||
// 1. Users with an explicit user_port_roles row for this port
|
||||
// 2. All super-admins (they have global access via the
|
||||
// userProfiles.isSuperAdmin flag, no per-port row required —
|
||||
// userProfiles.isSuperAdmin flag, no per-port row required -
|
||||
// previous query missed them and the admin list looked empty
|
||||
// to the only super-admin viewing it)
|
||||
const portRoleRows = await db
|
||||
@@ -91,7 +91,7 @@ export async function listUsers(portId: string) {
|
||||
isActive: row.isActive,
|
||||
isSuperAdmin: row.isSuperAdmin,
|
||||
lastLoginAt: row.lastLoginAt,
|
||||
// Synthetic role label — super admins don't have a per-port
|
||||
// Synthetic role label - super admins don't have a per-port
|
||||
// role row, but the UI expects a `role` object. The list
|
||||
// already shows the "Super Admin" badge separately.
|
||||
role: { id: 'super_admin', name: 'super_admin' },
|
||||
@@ -261,14 +261,14 @@ export async function updateUser(
|
||||
// Better Auth's credential provider authenticates by
|
||||
// `account.accountId` (the email captured at sign-up), NOT by
|
||||
// `user.email`. Without this update the user can't sign in with
|
||||
// either address — old fails because user.email no longer matches,
|
||||
// either address - old fails because user.email no longer matches,
|
||||
// new fails because there's no account.accountId row for it.
|
||||
await db
|
||||
.update(account)
|
||||
.set({ accountId: newEmailLower, updatedAt: new Date() })
|
||||
.where(and(eq(account.userId, userId), eq(account.providerId, 'credential')));
|
||||
|
||||
// Revoke every active session — the admin just changed the identity
|
||||
// Revoke every active session - the admin just changed the identity
|
||||
// the user authenticates with, so existing sessions are effectively
|
||||
// orphaned and a security risk if the account is being rotated due
|
||||
// to compromise. The user re-authenticates with the new address.
|
||||
@@ -276,7 +276,7 @@ export async function updateUser(
|
||||
}
|
||||
|
||||
if (wantsEmailChange && previousEmail) {
|
||||
// Best-effort notification — failure to send doesn't roll back the
|
||||
// Best-effort notification - failure to send doesn't roll back the
|
||||
// change because Better Auth's primary identity has already moved.
|
||||
// The user still gets in with the new address; this is just an
|
||||
// outbound courtesy.
|
||||
@@ -301,7 +301,7 @@ export async function updateUser(
|
||||
// assign a role whose effective permission set contains any leaf
|
||||
// the caller doesn't hold. Super admins bypass. When
|
||||
// `callerPermissions` isn't passed (legacy callers / system jobs)
|
||||
// we skip the check — but every interactive API route should pass
|
||||
// we skip the check - but every interactive API route should pass
|
||||
// ctx.permissions + ctx.isSuperAdmin through.
|
||||
if (callerPermissions && !callerIsSuperAdmin) {
|
||||
const newRolePerms = newRole.permissions as Record<string, Record<string, boolean>>;
|
||||
@@ -397,7 +397,7 @@ export async function removeUserFromPort(userId: string, portId: string, meta: A
|
||||
|
||||
/**
|
||||
* Sends the "your admin changed your sign-in email" courtesy notice to
|
||||
* the prior address. Best-effort — failures are logged but don't roll
|
||||
* the prior address. Best-effort - failures are logged but don't roll
|
||||
* back the change; Better Auth has already pointed the account at the
|
||||
* new address by the time this fires.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user