fahed/marketing-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restrict team_role and brands to admin-only editing
All checks were successful
Deploy / deploy (push) Successful in 11s
Details

Browse Source 
- Remove team_role and brands from profile completion wizard
- Lock team_role and brands fields when user edits own profile
- Remove team_role and brands from PATCH /users/me/profile endpoint
- Profile completeness now checks name instead of team_role

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
fahed
2026-02-23 15:36:48 +03:00
parent 4d91e8e8a8
commit 6cdec2b4b5
4 changed files with 16 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
client/src/App.jsx
View File

@@ -200,17 +200,6 @@ function AppContent() {
placeholder={t('team.fullName')} placeholder={t('team.fullName')}
/> />
</div> </div>
<div>
<label className="block text-sm font-medium text-text-primary mb-1">{t('team.teamRole')}</label>
<select
value={profileForm.team_role}
onChange={e => setProfileForm(f => ({ ...f, team_role: e.target.value }))}
className="w-full px-3 py-2 text-sm border border-border rounded-lg focus:outline-none focus:ring-2 focus:ring-brand-primary/20 focus:border-brand-primary"
>
<option value=""></option>
{TEAM_ROLES.map(r => <option key={r.value} value={r.value}>{r.label}</option>)}
</select>
</div>
<div> <div>
<label className="block text-sm font-medium text-text-primary mb-1">{t('team.phone')} {t('team.optional')}</label> <label className="block text-sm font-medium text-text-primary mb-1">{t('team.phone')} {t('team.optional')}</label>
<input <input
@@ -220,16 +209,6 @@ function AppContent() {
className="w-full px-3 py-2 text-sm border border-border rounded-lg focus:outline-none focus:ring-2 focus:ring-brand-primary/20 focus:border-brand-primary" className="w-full px-3 py-2 text-sm border border-border rounded-lg focus:outline-none focus:ring-2 focus:ring-brand-primary/20 focus:border-brand-primary"
/> />
</div> </div>
<div>
<label className="block text-sm font-medium text-text-primary mb-1">{t('team.brands')}</label>
<input
type="text"
value={profileForm.brands}
onChange={e => setProfileForm(f => ({ ...f, brands: e.target.value }))}
className="w-full px-3 py-2 text-sm border border-border rounded-lg focus:outline-none focus:ring-2 focus:ring-brand-primary/20 focus:border-brand-primary"
placeholder={t('team.brandsHelp')}
/>
</div>
<div className="flex items-center justify-end gap-3 pt-4 border-t border-border"> <div className="flex items-center justify-end gap-3 pt-4 border-t border-border">
<button <button
onClick={() => setShowProfileModal(false)} onClick={() => setShowProfileModal(false)}
@@ -241,15 +220,9 @@ function AppContent() {
onClick={async () => { onClick={async () => {
setProfileSaving(true) setProfileSaving(true)
try { try {
const brandsArr = profileForm.brands
.split(',')
.map(b => b.trim())
.filter(Boolean)
await api.patch('/users/me/profile', { await api.patch('/users/me/profile', {
name: profileForm.name, name: profileForm.name,
team_role: profileForm.team_role,
phone: profileForm.phone || null, phone: profileForm.phone || null,
brands: brandsArr,
}) })
await checkAuth() await checkAuth()
setShowProfileModal(false) setShowProfileModal(false)
@@ -260,7 +233,7 @@ function AppContent() {
setProfileSaving(false) setProfileSaving(false)
} }
}} }}
disabled={!profileForm.name || !profileForm.team_role || profileSaving} disabled={!profileForm.name || profileSaving}
className="px-5 py-2 bg-brand-primary text-white rounded-lg text-sm font-medium hover:bg-brand-primary-light disabled:opacity-50 disabled:cursor-not-allowed shadow-sm" className="px-5 py-2 bg-brand-primary text-white rounded-lg text-sm font-medium hover:bg-brand-primary-light disabled:opacity-50 disabled:cursor-not-allowed shadow-sm"
> >
{profileSaving ? t('common.loading') : t('team.saveProfile')} {profileSaving ? t('common.loading') : t('team.saveProfile')}

15
client/src/components/TeamMemberPanel.jsx
View File

@@ -235,7 +235,14 @@ export default function TeamMemberPanel({ member, isEditingSelf, onClose, onSave
<div className="grid grid-cols-2 gap-3"> <div className="grid grid-cols-2 gap-3">
<div> <div>
<label className="block text-xs font-medium text-text-tertiary mb-1">{t('team.teamRole')}</label> <label className="block text-xs font-medium text-text-tertiary mb-1">{t('team.teamRole')}</label>
{userRole === 'manager' && isCreateMode && !isEditingSelf ? ( {isEditingSelf ? (
<input
type="text"
value={ROLES.find(r => r.value === form.role)?.label || form.role || '—'}
disabled
className="w-full px-3 py-2 text-sm border border-border rounded-lg bg-surface-tertiary text-text-tertiary cursor-not-allowed"
/>
) : userRole === 'manager' && isCreateMode ? (
<> <>
<input <input
type="text" type="text"
@@ -269,6 +276,11 @@ export default function TeamMemberPanel({ member, isEditingSelf, onClose, onSave
<div ref={brandsDropdownRef} className="relative"> <div ref={brandsDropdownRef} className="relative">
<label className="block text-xs font-medium text-text-tertiary mb-1">{t('team.brands')}</label> <label className="block text-xs font-medium text-text-tertiary mb-1">{t('team.brands')}</label>
{isEditingSelf ? (
<div className="w-full px-3 py-2 text-sm border border-border rounded-lg bg-surface-tertiary text-text-tertiary cursor-not-allowed">
{(form.brands || []).length === 0 ? '—' : (form.brands || []).join(', ')}
</div>
) : <>
<button <button
type="button" type="button"
onClick={() => setShowBrandsDropdown(prev => !prev)} onClick={() => setShowBrandsDropdown(prev => !prev)}
@@ -328,6 +340,7 @@ export default function TeamMemberPanel({ member, isEditingSelf, onClose, onSave
)} )}
</div> </div>
)} )}
</>}
</div> </div>
{/* Modules toggle */} {/* Modules toggle */}

2
client/src/pages/Team.jsx
View File

@@ -43,8 +43,6 @@ export default function Team() {
if (isEditingSelf) { if (isEditingSelf) {
await api.patch('/users/me/profile', { await api.patch('/users/me/profile', {
name: data.name, name: data.name,
team_role: data.role,
brands: data.brands,
phone: data.phone, phone: data.phone,
}) })
} else { } else {

4
server/server.js
View File

@@ -663,7 +663,7 @@ app.post('/api/auth/login', async (req, res) => {
avatar: user.avatar, avatar: user.avatar,
team_role: user.team_role, team_role: user.team_role,
tutorial_completed: user.tutorial_completed, tutorial_completed: user.tutorial_completed,
profileComplete: !!user.team_role, profileComplete: !!user.name,
modules, modules,
}, },
}); });
@@ -739,9 +739,7 @@ app.get('/api/users/me/profile', requireAuth, async (req, res) => {
app.patch('/api/users/me/profile', requireAuth, async (req, res) => { app.patch('/api/users/me/profile', requireAuth, async (req, res) => {
const data = {}; const data = {};
if (req.body.name !== undefined) data.name = req.body.name; if (req.body.name !== undefined) data.name = req.body.name;
if (req.body.team_role !== undefined) data.team_role = req.body.team_role;
if (req.body.phone !== undefined) data.phone = req.body.phone; if (req.body.phone !== undefined) data.phone = req.body.phone;
if (req.body.brands !== undefined) data.brands = JSON.stringify(req.body.brands);
if (Object.keys(data).length === 0) return res.status(400).json({ error: 'No fields to update' }); if (Object.keys(data).length === 0) return res.status(400).json({ error: 'No fields to update' });