Matt
d8f739a7c2
Previously the GDPR export trigger + download routes were gated by admin.manage_settings, so sales roles couldn't run a client data export. Per request, make it a dedicated, toggleable permission that's on by default for sales-capable roles and hides the button when withheld. - New RolePermissions leaf clients.gdpr_export (+ PERMISSION_CATALOG entry); strict type forces every role map + fixture to declare it. - Granted true for super_admin / director / sales_manager / sales_agent; false for viewer / residential_partner. - GDPR export POST (trigger) and [exportId] GET (download) re-gated from admin.manage_settings -> clients.gdpr_export. - GdprExportButton visibility now keys off clients.gdpr_export, so toggling it off per-user hides the function entirely. - Migration 0098 backfills the key onto existing role rows (idempotent). Verified end-to-end as a Sales user: trigger (202) -> worker build (ready) -> list (200) -> download (200). 1664 vitest pass; tsc + eslint clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>