fix(audit): MEDIUMs sweep — mobile More-sheet, portal profile, inline override, dialog UX, ext-EOI gate

R2-M11: mobile More-sheet missing 4 destinations. Added Reservations, Notifications, Residential, Website analytics — anyone using mobile chrome to triage on the go can now reach those domains. R2-M12: portal had no profile / change-password surface. New /portal/profile page with read-only contact details + a ChangePasswordForm component, backed by a new POST /api/portal/auth/change-password endpoint and changePortalPassword() service function. Audits both ok and failure cases at warning severity. Added Profile to PortalNav. R2-M1: portal dashboard "My Memberships" tile had no href and no /portal/memberships route — dead-end on tap. Hidden until a memberships page ships; the count remains in the underlying data. R2-M7: InlineStagePicker never sent override:true so users with interests.override_stage couldn't actually use the perm from the inline chip — they had to fall back to the modal picker. Now the picker auto-detects when a transition isn't legal AND the user has override_stage, sets override:true, and supplies a default reason. Frontend M2: hard-delete-dialog confirm stage now has a "Send a new code" link in case the original expired before the user could enter it. Avoids forcing a full Cancel + reopen. Frontend M4: audit-log-list date-range validation. From > To now shows an inline error and skips the request rather than firing an empty-range query that surfaces "no entries found". R2-M6: external-EOI route now requires interests.edit AND documents.upload_signed (defense-in-depth) — uploading a signed EOI mutates interest state, so the upload-signed perm alone shouldn't let a custom role flip an interest. 1175/1175 vitest passing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 22:38:59 +02:00
parent da7ede71d6
commit b4fb3b2ca6
11 changed files with 303 additions and 18 deletions
--- a/src/components/admin/audit/audit-log-list.tsx
+++ b/src/components/admin/audit/audit-log-list.tsx
@@ -140,8 +140,12 @@ export function AuditLogList() {
    if (source !== 'all') params.set('source', source);
    if (debouncedSearch) params.set('search', debouncedSearch);
    if (debouncedUserId) params.set('userId', debouncedUserId);
-    if (dateFrom) params.set('dateFrom', new Date(dateFrom).toISOString());
-    if (dateTo) {
+    // Skip the date filters when From > To — the inline warning below
+    // tells the user to fix it; we don't want to fire a request with a
+    // useless empty range either.
+    const datesValid = !(dateFrom && dateTo && dateFrom > dateTo);
+    if (datesValid && dateFrom) params.set('dateFrom', new Date(dateFrom).toISOString());
+    if (datesValid && dateTo) {
      const end = new Date(dateTo);
      end.setHours(23, 59, 59, 999);
      params.set('dateTo', end.toISOString());
@@ -207,6 +211,8 @@ export function AuditLogList() {
    Boolean(dateFrom) ||
    Boolean(dateTo);

+  const dateRangeInvalid = Boolean(dateFrom && dateTo && dateFrom > dateTo);
+
  const columns: ColumnDef<AuditEntry, unknown>[] = [
    {
      accessorKey: 'createdAt',
@@ -475,6 +481,12 @@ export function AuditLogList() {
        ) : null}
      </div>

+      {dateRangeInvalid && (
+        <p className="mt-2 text-xs text-destructive">
+          From date must be on or before To date — date filter ignored.
+        </p>
+      )}
+
      {loadError && !loading && entries.length === 0 ? (
        <div className="mt-4 rounded-md border border-destructive/30 bg-destructive/5 p-4 text-sm space-y-2">
          <p className="text-destructive">Couldn&rsquo;t load audit log: {loadError}</p>
--- a/src/components/clients/hard-delete-dialog.tsx
+++ b/src/components/clients/hard-delete-dialog.tsx
@@ -122,9 +122,22 @@ export function HardDeleteDialog({ open, onOpenChange, clientId, clientName, onD
          <div className="space-y-3">
            <div className="flex items-start gap-2 rounded-md border border-blue-300 bg-blue-50 p-3 text-xs text-blue-900">
              <Mail className="h-4 w-4 shrink-0 mt-0.5" />
-              <div>
-                Code sent to <span className="font-mono">{maskedEmail}</span>. It expires in 10
-                minutes. Check your inbox and enter both fields below.
+              <div className="flex-1">
+                <div>
+                  Code sent to <span className="font-mono">{maskedEmail}</span>. It expires in 10
+                  minutes.
+                </div>
+                <button
+                  type="button"
+                  onClick={() => {
+                    setCode('');
+                    requestCode.mutate();
+                  }}
+                  disabled={requestCode.isPending}
+                  className="mt-1 text-blue-700 underline-offset-2 hover:underline disabled:opacity-60"
+                >
+                  {requestCode.isPending ? 'Sending…' : 'Send a new code'}
+                </button>
              </div>
            </div>
            <div className="space-y-1.5">
--- a/src/components/interests/inline-stage-picker.tsx
+++ b/src/components/interests/inline-stage-picker.tsx
@@ -18,6 +18,8 @@ import {
  safeStage,
  type PipelineStage,
 } from '@/components/clients/pipeline-constants';
+import { canTransitionStage } from '@/lib/constants';
+import { usePermissions } from '@/hooks/use-permissions';

 interface InlineStagePickerProps {
  interestId: string;
@@ -47,15 +49,28 @@ export function InlineStagePicker({
  const [open, setOpen] = useState(false);
  const [reason, setReason] = useState('');
  const [pendingStage, setPendingStage] = useState<string | null>(null);
+  const { can } = usePermissions();
+  const canOverride = can('interests', 'override_stage');

  const stage = safeStage(currentStage);

  const mutation = useMutation({
-    mutationFn: async (next: PipelineStage) =>
-      apiFetch(`/api/v1/interests/${interestId}/stage`, {
+    mutationFn: async (next: PipelineStage) => {
+      // Auto-set override:true when the picked stage isn't a legal
+      // transition AND the user has override_stage. Without this, the
+      // permission was unreachable from the inline picker (audit R2-M7)
+      // and users had to fall back to the modal InterestStagePicker.
+      const needsOverride = !canTransitionStage(stage, next);
+      const useOverride = needsOverride && canOverride;
+      return apiFetch(`/api/v1/interests/${interestId}/stage`, {
        method: 'PATCH',
-        body: { pipelineStage: next, reason: reason.trim() || undefined },
-      }),
+        body: {
+          pipelineStage: next,
+          reason: reason.trim() || (useOverride ? 'Manual override (inline)' : undefined),
+          override: useOverride || undefined,
+        },
+      });
+    },
    onSuccess: (_data, next) => {
      queryClient.invalidateQueries({ queryKey: ['interests', interestId] });
      queryClient.invalidateQueries({ queryKey: ['interests'] });
--- a/src/components/layout/mobile/more-sheet.tsx
+++ b/src/components/layout/mobile/more-sheet.tsx
@@ -3,11 +3,15 @@
 import Link from 'next/link';
 import { usePathname } from 'next/navigation';
 import {
+  Anchor,
  BarChart3,
  Bell,
+  BellRing,
  Bookmark,
  Building2,
  FileText,
+  Globe,
+  Home,
  Mail,
  Receipt,
  Settings,
@@ -42,6 +46,10 @@ const MORE_ITEMS: MoreItem[] = [
  { label: 'Invoices', icon: FileText, segment: 'invoices' },
  { label: 'Expenses', icon: Receipt, segment: 'expenses' },
  { label: 'Inbox', icon: Mail, segment: 'email' },
+  { label: 'Reservations', icon: Anchor, segment: 'berth-reservations' },
+  { label: 'Notifications', icon: BellRing, segment: 'notifications' },
+  { label: 'Residential', icon: Home, segment: 'residential/clients' },
+  { label: 'Website analytics', icon: Globe, segment: 'website-analytics' },
  { label: 'Alerts', icon: ShieldAlert, segment: 'alerts' },
  { label: 'Reports', icon: BarChart3, segment: 'reports' },
  { label: 'Reminders', icon: Bell, segment: 'reminders' },
--- a/src/components/portal/change-password-form.tsx
+++ b/src/components/portal/change-password-form.tsx
@@ -0,0 +1,88 @@
+'use client';
+
+import { useState } from 'react';
+import { toast } from 'sonner';
+
+import { Button } from '@/components/ui/button';
+import { Input } from '@/components/ui/input';
+import { Label } from '@/components/ui/label';
+
+export function ChangePasswordForm() {
+  const [current, setCurrent] = useState('');
+  const [next, setNext] = useState('');
+  const [confirm, setConfirm] = useState('');
+  const [pending, setPending] = useState(false);
+
+  const valid = current.length > 0 && next.length >= 9 && next === confirm;
+
+  async function handleSubmit(e: React.FormEvent) {
+    e.preventDefault();
+    if (!valid) return;
+    setPending(true);
+    try {
+      const res = await fetch('/api/portal/auth/change-password', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ currentPassword: current, newPassword: next }),
+      });
+      const body = (await res.json().catch(() => ({}))) as { error?: string };
+      if (!res.ok) {
+        throw new Error(body.error || 'Password change failed');
+      }
+      toast.success('Password updated.');
+      setCurrent('');
+      setNext('');
+      setConfirm('');
+    } catch (err) {
+      toast.error(err instanceof Error ? err.message : 'Password change failed');
+    } finally {
+      setPending(false);
+    }
+  }
+
+  return (
+    <form onSubmit={handleSubmit} className="space-y-4 max-w-md">
+      <div className="space-y-1.5">
+        <Label htmlFor="cp-current">Current password</Label>
+        <Input
+          id="cp-current"
+          type="password"
+          autoComplete="current-password"
+          value={current}
+          onChange={(e) => setCurrent(e.target.value)}
+          required
+        />
+      </div>
+      <div className="space-y-1.5">
+        <Label htmlFor="cp-new">New password</Label>
+        <Input
+          id="cp-new"
+          type="password"
+          autoComplete="new-password"
+          value={next}
+          onChange={(e) => setNext(e.target.value)}
+          minLength={9}
+          required
+        />
+        <p className="text-xs text-gray-500">At least 9 characters.</p>
+      </div>
+      <div className="space-y-1.5">
+        <Label htmlFor="cp-confirm">Confirm new password</Label>
+        <Input
+          id="cp-confirm"
+          type="password"
+          autoComplete="new-password"
+          value={confirm}
+          onChange={(e) => setConfirm(e.target.value)}
+          required
+        />
+        {confirm && next !== confirm && (
+          <p className="text-xs text-destructive">Passwords don&rsquo;t match.</p>
+        )}
+      </div>
+      <Button type="submit" disabled={!valid || pending}>
+        {pending ? 'Updating…' : 'Update password'}
+      </Button>
+    </form>
+  );
+}
--- a/src/components/portal/portal-nav.tsx
+++ b/src/components/portal/portal-nav.tsx
@@ -2,7 +2,15 @@

 import Link from 'next/link';
 import { usePathname } from 'next/navigation';
-import { LayoutDashboard, Anchor, FileText, Receipt, Sailboat, CalendarCheck } from 'lucide-react';
+import {
+  LayoutDashboard,
+  Anchor,
+  FileText,
+  Receipt,
+  Sailboat,
+  CalendarCheck,
+  User,
+} from 'lucide-react';
 import { cn } from '@/lib/utils';

 const navItems = [
@@ -12,6 +20,7 @@ const navItems = [
  { label: 'Reservations', href: '/portal/my-reservations', icon: CalendarCheck },
  { label: 'Documents', href: '/portal/documents', icon: FileText },
  { label: 'Invoices', href: '/portal/invoices', icon: Receipt },
+  { label: 'Profile', href: '/portal/profile', icon: User },
 ];

 export function PortalNav() {