letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(admin): single Sales role, welcome-email password setup, Director=sales
All checks were successful
Build & Push Docker Images / lint (push) Successful in 3m5s
Details
Build & Push Docker Images / build-and-push (push) Successful in 9m24s
Details

Browse Source 
- Collapse the two sales roles in the create-user dropdown to one "Sales"
  (sales_manager relabelled). Hide super_admin + sales_agent from selection
  via NON_ASSIGNABLE_ROLE_NAMES; the form keeps a user's *current* role even
  if hidden so existing assignments stay editable.
- Director becomes a senior-title twin of Sales: DIRECTOR_PERMISSIONS now
  equals SALES_MANAGER_PERMISSIONS (no admin/settings — Super-Admin only).
  Migration 0097 updates the existing global director row (idempotent,
  data-only; 0 users assigned on prod, so no blast radius).
- Admin create-user defaults to emailing a set-password link instead of an
  inline password (manual entry still available via a toggle). createUserSchema:
  password optional + sendSetupEmail; createUser provisions with a throwaway
  password then triggers the set-password email.
- New users get a dedicated, unique WELCOME email (crmWelcomeEmail), not the
  self-service "reset your password" email. A pending-welcome flag routes the
  shared better-auth sendResetPassword callback via account-setup-email.ts.
- Phone confirmed already optional for staff accounts (no change needed).

Tests: +welcome-routing, +create-user-setup; permission-matrix director block
realigned to no-admin. 1662 vitest pass; tsc + eslint clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt
2026-06-22 12:40:55 +02:00
parent 5b9560531e
commit 93989b1e1d
16 changed files with 593 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/helpers/factories.ts
View File

@@ -660,15 +660,13 @@ export function makeSalesManagerPermissions(): RolePermissions {
}
/** Director - everything except system backup. */
/**
* Director is a senior-title twin of the single "Sales" role: identical
* capabilities, no admin/settings access (admin stays Super-Admin-only). Mirror
* the sales-manager map so the fixture tracks the real seeded role.
*/
export function makeDirectorPermissions(): RolePermissions {
return {
...makeFullPermissions(),
admin: {
...makeFullPermissions().admin,
system_backup: false,
permanently_delete_clients: false,
},
};
return makeSalesManagerPermissions();
}
// ─── Minimal valid CreateClientInput ─────────────────────────────────────────