pn-new-crm

letsbe/pn-new-crm

Fork 0

Commit Graph

Author	SHA1	Message	Date
Matt	352b2420b7	fix(ui): mobile cutoff polish — onboarding banner + yacht owner truncate (R1/R2) All checks were successful Build & Push Docker Images / lint (push) Successful in 3m2s Details Build & Push Docker Images / build-and-push (push) Successful in 8m28s Details Responsive-overflow sweep findings (tests/e2e/matrix/responsive-overflow.spec.ts): - R1: the onboarding banner's verbose "N of M steps done. Next: <link>" was clipped on mobile (extended ~160px past a 390px viewport) and duplicated the always-visible "View checklist" button. Now hidden below sm:; mobile shows just "Setup X% complete" + the checklist button. - R2: yacht card owner subtitle used inline-flex + truncate, so a long owner name overflowed ~11px on the narrowest widths. Switched to flex min-w-0 so it truncates within the card. - Detector: skip SVG internals (icons / the react-grab dev overlay) and elements inside overflow-x scroll containers (data tables scroll on purpose) to drop false positives. Sweep now confirms mobile/tablet clean + no real desktop overflow (berths wide table is the DataTable's intended horizontal scroll). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-22 16:23:56 +02:00
Matt	459c68a2c3	feat(rbac): residential-partner route lockdown + role-aware mobile nav All checks were successful Build & Push Docker Images / lint (push) Successful in 3m0s Details Build & Push Docker Images / build-and-push (push) Successful in 8m32s Details UAT (residential partners must have zero access to anything non-residential; no marina dashboard). Server-side their permission map already 403s every marina domain — this locks the client surface to match: - AppShell: a residential-only user (residential_clients.view && !clients.view, non-super-admin) is redirected off ANY non-residential route to /residential/clients. Blocks the marina dashboard + every marina page in one place; personal surfaces (settings, inbox) stay reachable. (Fixes F4 — they no longer land on a marina dashboard of 403-ing empty widgets.) - Mobile bottom tabs were hardcoded Dashboard/Clients/Berths regardless of role; now role-aware — residential-only users get Residential Clients/Interests instead of marina tabs they 403 on. (Fixes F5.) - e2e: stale `#email` login selector → `#identifier` (smoke helper) — a real reason the smoke auth specs fail independent of the dev-server OOM. - New crash-safe `matrix` Playwright project (role×viewport access matrix + responsive overflow sweep) — lean alternative to the full suite which OOM-crashes next dev locally. Verified: matrix run shows residential_partner redirected to residential + residential-scoped mobile tabs; 403s unchanged; tsc + eslint + 42 permission tests pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-22 15:53:22 +02:00

Author

SHA1

Message

Date

Matt

352b2420b7

fix(ui): mobile cutoff polish — onboarding banner + yacht owner truncate (R1/R2)

Build & Push Docker Images / lint (push) Successful in 3m2s

Details

Build & Push Docker Images / build-and-push (push) Successful in 8m28s

Details

Responsive-overflow sweep findings (tests/e2e/matrix/responsive-overflow.spec.ts):

- R1: the onboarding banner's verbose "N of M steps done. Next: <link>" was
  clipped on mobile (extended ~160px past a 390px viewport) and duplicated the
  always-visible "View checklist" button. Now hidden below sm:; mobile shows
  just "Setup X% complete" + the checklist button.
- R2: yacht card owner subtitle used inline-flex + truncate, so a long owner
  name overflowed ~11px on the narrowest widths. Switched to flex min-w-0 so it
  truncates within the card.
- Detector: skip SVG internals (icons / the react-grab dev overlay) and elements
  inside overflow-x scroll containers (data tables scroll on purpose) to drop
  false positives. Sweep now confirms mobile/tablet clean + no real desktop
  overflow (berths wide table is the DataTable's intended horizontal scroll).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-22 16:23:56 +02:00

Matt

459c68a2c3

feat(rbac): residential-partner route lockdown + role-aware mobile nav

Build & Push Docker Images / lint (push) Successful in 3m0s

Details

Build & Push Docker Images / build-and-push (push) Successful in 8m32s

Details

UAT (residential partners must have zero access to anything non-residential;
no marina dashboard). Server-side their permission map already 403s every
marina domain — this locks the client surface to match:

- AppShell: a residential-only user (residential_clients.view && !clients.view,
  non-super-admin) is redirected off ANY non-residential route to
  /residential/clients. Blocks the marina dashboard + every marina page in one
  place; personal surfaces (settings, inbox) stay reachable. (Fixes F4 — they
  no longer land on a marina dashboard of 403-ing empty widgets.)
- Mobile bottom tabs were hardcoded Dashboard/Clients/Berths regardless of role;
  now role-aware — residential-only users get Residential Clients/Interests
  instead of marina tabs they 403 on. (Fixes F5.)
- e2e: stale `#email` login selector → `#identifier` (smoke helper) — a real
  reason the smoke auth specs fail independent of the dev-server OOM.
- New crash-safe `matrix` Playwright project (role×viewport access matrix +
  responsive overflow sweep) — lean alternative to the full suite which
  OOM-crashes next dev locally.

Verified: matrix run shows residential_partner redirected to residential +
residential-scoped mobile tabs; 403s unchanged; tsc + eslint + 42 permission
tests pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-22 15:53:22 +02:00

2 Commits