fix(audit): MEDIUMs sweep — mobile More-sheet, portal profile, inline override, dialog UX, ext-EOI gate
R2-M11: mobile More-sheet missing 4 destinations. Added Reservations, Notifications, Residential, Website analytics — anyone using mobile chrome to triage on the go can now reach those domains. R2-M12: portal had no profile / change-password surface. New /portal/profile page with read-only contact details + a ChangePasswordForm component, backed by a new POST /api/portal/auth/change-password endpoint and changePortalPassword() service function. Audits both ok and failure cases at warning severity. Added Profile to PortalNav. R2-M1: portal dashboard "My Memberships" tile had no href and no /portal/memberships route — dead-end on tap. Hidden until a memberships page ships; the count remains in the underlying data. R2-M7: InlineStagePicker never sent override:true so users with interests.override_stage couldn't actually use the perm from the inline chip — they had to fall back to the modal picker. Now the picker auto-detects when a transition isn't legal AND the user has override_stage, sets override:true, and supplies a default reason. Frontend M2: hard-delete-dialog confirm stage now has a "Send a new code" link in case the original expired before the user could enter it. Avoids forcing a full Cancel + reopen. Frontend M4: audit-log-list date-range validation. From > To now shows an inline error and skips the request rather than firing an empty-range query that surfaces "no entries found". R2-M6: external-EOI route now requires interests.edit AND documents.upload_signed (defense-in-depth) — uploading a signed EOI mutates interest state, so the upload-signed perm alone shouldn't let a custom role flip an interest. 1175/1175 vitest passing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
@@ -18,6 +18,8 @@ import {
|
||||
safeStage,
|
||||
type PipelineStage,
|
||||
} from '@/components/clients/pipeline-constants';
|
||||
import { canTransitionStage } from '@/lib/constants';
|
||||
import { usePermissions } from '@/hooks/use-permissions';
|
||||
|
||||
interface InlineStagePickerProps {
|
||||
interestId: string;
|
||||
@@ -47,15 +49,28 @@ export function InlineStagePicker({
|
||||
const [open, setOpen] = useState(false);
|
||||
const [reason, setReason] = useState('');
|
||||
const [pendingStage, setPendingStage] = useState<string | null>(null);
|
||||
const { can } = usePermissions();
|
||||
const canOverride = can('interests', 'override_stage');
|
||||
|
||||
const stage = safeStage(currentStage);
|
||||
|
||||
const mutation = useMutation({
|
||||
mutationFn: async (next: PipelineStage) =>
|
||||
apiFetch(`/api/v1/interests/${interestId}/stage`, {
|
||||
mutationFn: async (next: PipelineStage) => {
|
||||
// Auto-set override:true when the picked stage isn't a legal
|
||||
// transition AND the user has override_stage. Without this, the
|
||||
// permission was unreachable from the inline picker (audit R2-M7)
|
||||
// and users had to fall back to the modal InterestStagePicker.
|
||||
const needsOverride = !canTransitionStage(stage, next);
|
||||
const useOverride = needsOverride && canOverride;
|
||||
return apiFetch(`/api/v1/interests/${interestId}/stage`, {
|
||||
method: 'PATCH',
|
||||
body: { pipelineStage: next, reason: reason.trim() || undefined },
|
||||
}),
|
||||
body: {
|
||||
pipelineStage: next,
|
||||
reason: reason.trim() || (useOverride ? 'Manual override (inline)' : undefined),
|
||||
override: useOverride || undefined,
|
||||
},
|
||||
});
|
||||
},
|
||||
onSuccess: (_data, next) => {
|
||||
queryClient.invalidateQueries({ queryKey: ['interests', interestId] });
|
||||
queryClient.invalidateQueries({ queryKey: ['interests'] });
|
||||
|
||||
Reference in New Issue
Block a user