letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(audit): MEDIUMs sweep — mobile More-sheet, portal profile, inline override, dialog UX, ext-EOI gate

Browse Source 
R2-M11: mobile More-sheet missing 4 destinations. Added Reservations,
Notifications, Residential, Website analytics — anyone using mobile
chrome to triage on the go can now reach those domains.

R2-M12: portal had no profile / change-password surface. New
/portal/profile page with read-only contact details + a
ChangePasswordForm component, backed by a new POST
/api/portal/auth/change-password endpoint and
changePortalPassword() service function. Audits both ok and failure
cases at warning severity. Added Profile to PortalNav.

R2-M1: portal dashboard "My Memberships" tile had no href and no
/portal/memberships route — dead-end on tap. Hidden until a
memberships page ships; the count remains in the underlying data.

R2-M7: InlineStagePicker never sent override:true so users with
interests.override_stage couldn't actually use the perm from the
inline chip — they had to fall back to the modal picker. Now the
picker auto-detects when a transition isn't legal AND the user has
override_stage, sets override:true, and supplies a default reason.

Frontend M2: hard-delete-dialog confirm stage now has a "Send a new
code" link in case the original expired before the user could enter
it. Avoids forcing a full Cancel + reopen.

Frontend M4: audit-log-list date-range validation. From > To now
shows an inline error and skips the request rather than firing an
empty-range query that surfaces "no entries found".

R2-M6: external-EOI route now requires interests.edit AND
documents.upload_signed (defense-in-depth) — uploading a signed EOI
mutates interest state, so the upload-signed perm alone shouldn't
let a custom role flip an interest.

1175/1175 vitest passing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
2026-05-06 22:38:59 +02:00
parent da7ede71d6
commit b4fb3b2ca6
11 changed files with 303 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/app/api/v1/interests/[id]/external-eoi/route.ts
View File

@@ -2,7 +2,7 @@ import { NextResponse } from 'next/server';
import { withAuth, withPermission } from '@/lib/api/helpers';
import { uploadExternallySignedEoi } from '@/lib/services/external-eoi.service';
import { errorResponse, NotFoundError, ValidationError } from '@/lib/errors';
import { errorResponse, ForbiddenError, NotFoundError, ValidationError } from '@/lib/errors';
export const POST = withAuth(
withPermission('documents', 'upload_signed', async (req, ctx, params) => {
@@ -10,6 +10,15 @@ export const POST = withAuth(
const interestId = params.id;
if (!interestId) throw new NotFoundError('Interest');
// Defense-in-depth: uploading an externally-signed EOI mutates
// the interest's effective state (flips it to "signed"). Require
// interests.edit in addition to documents.upload_signed so a
// custom role with the upload bit but no interest-edit can't flip
// an interest. Super-admin bypasses (audit R2-M6).
if (!ctx.isSuperAdmin && !ctx.permissions?.interests?.edit) {
throw new ForbiddenError('interests.edit required to upload an external EOI');
}
const form = await req.formData();
const file = form.get('file');
if (!file || !(file instanceof File)) {