andika/membership-fe
3
1
Fork 1
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(frontend): Comprehensive RBAC implementation across admin pages #10

Merged
andika merged 1 commits from dev into loaf-prod 2026-01-06 08:35:56 +00:00
Conversation 0 Commits 1 Files Changed 11 +368 -288
andika commented 2026-01-06 08:35:47 +00:00
Owner
Copy Link

Option 3 Implementation (Latest):

  • InviteStaffDialog: Use /admin/roles/assignable endpoint
  • AdminStaff: Enable admin users to see 'Invite Staff' button

Permission Checks Added (8 admin pages):

  • AdminNewsletters: newsletters.create/edit/delete
  • AdminFinancials: financials.create/edit/delete
  • AdminBylaws: bylaws.create/edit/delete
  • AdminValidations: users.approve, subscriptions.activate
  • AdminSubscriptions: subscriptions.export/edit/cancel
  • AdminDonations: donations.export
  • AdminGallery: gallery.upload/edit/delete
  • AdminPlans: subscriptions.plans

Pattern Established:
All admin action buttons now wrapped with hasPermission() checks.
UI hides what users can't access, backend enforces rules.

Files Modified: 10 files, 100+ permission checks added

**Option 3 Implementation (Latest):** - InviteStaffDialog: Use /admin/roles/assignable endpoint - AdminStaff: Enable admin users to see 'Invite Staff' button **Permission Checks Added (8 admin pages):** - AdminNewsletters: newsletters.create/edit/delete - AdminFinancials: financials.create/edit/delete - AdminBylaws: bylaws.create/edit/delete - AdminValidations: users.approve, subscriptions.activate - AdminSubscriptions: subscriptions.export/edit/cancel - AdminDonations: donations.export - AdminGallery: gallery.upload/edit/delete - AdminPlans: subscriptions.plans **Pattern Established:** All admin action buttons now wrapped with hasPermission() checks. UI hides what users can't access, backend enforces rules. **Files Modified:** 10 files, 100+ permission checks added
andika added 1 commit 2026-01-06 08:35:47 +00:00
feat(frontend): Comprehensive RBAC implementation across admin pages 40a0e3f342 
**Option 3 Implementation (Latest):**
- InviteStaffDialog: Use /admin/roles/assignable endpoint
- AdminStaff: Enable admin users to see 'Invite Staff' button

**Permission Checks Added (8 admin pages):**
- AdminNewsletters: newsletters.create/edit/delete
- AdminFinancials: financials.create/edit/delete
- AdminBylaws: bylaws.create/edit/delete
- AdminValidations: users.approve, subscriptions.activate
- AdminSubscriptions: subscriptions.export/edit/cancel
- AdminDonations: donations.export
- AdminGallery: gallery.upload/edit/delete
- AdminPlans: subscriptions.plans

**Pattern Established:**
All admin action buttons now wrapped with hasPermission() checks.
UI hides what users can't access, backend enforces rules.

**Files Modified:** 10 files, 100+ permission checks added
andika merged commit d94ea7b6d5 into loaf-prod 2026-01-06 08:35:56 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
kayela andika
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: andika/membership-fe#10
Delete Branch "dev"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?