shad0w/pelagia-portal
1
0
Fork 0
Code Issues 10 Pull requests Projects Releases 2 Packages Wiki Activity Actions
pelagia-portal/App/lib/feature-flags.ts
Hardik e481eb0a15
All checks were successful
PR checks / checks (pull_request) Successful in 50s
Details
PR checks / integration (pull_request) Successful in 31s
Details
feat(po): allow attachments in any state except rejected/cancelled 
Broadens the feature-flagged attachment affordance (same flag,
NEXT_PUBLIC_CLOSED_PO_ATTACHMENTS_ENABLED) from CLOSED-only to **any PO state
except REJECTED / CANCELLED**, for the same roles: the PO's own submitter plus
Accounts / Manager / SuperUser.

- lib/permissions.ts: canAddClosedPoAttachment → canAddPoAttachment(role,
  status, { isSubmitter }); allows the submitter + ACCOUNTS/MANAGER/SUPERUSER
  in any non-voided state. REJECTED/CANCELLED are always refused.
- uploadPoDocuments: voided POs are refused regardless of the flag; with the
  flag on, uploads are restricted to those roles in any live state (the normal
  create/receipt actors qualify, so those flows keep working); with the flag
  off, the legacy behaviour stands (closed POs immutable).
- po-detail.tsx: the Attachments card now shows the uploader for any non-voided
  state when permitted (not just CLOSED).
- Renamed ClosedPoAttachmentUploader → PoAttachmentUploader and the test file
  to po-attachment-permissions.test.ts (flag-on matrix now covers live states +
  rejected/cancelled refusal). Docs updated (feature-flags, .env.example,
  CLAUDE.md).

Full unit + integration suites green; tsc clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-28 01:42:13 +05:30

37 lines
1.9 KiB
TypeScript
Raw Blame History

/**
* Feature flags — read from environment variables.
* NEXT_PUBLIC_ prefix makes them available in both server and client components.
*
* NEXT_PUBLIC_INVENTORY_ENABLED=false → hides inventory tracking (site qty/consumption)
* Vendor list, product catalogue, and cart remain available for PO creation regardless.
*
* NEXT_PUBLIC_SUBMITTER_VIEW_ALL_ENABLED=true → lets submitters (TECHNICAL / MANNING)
* read every PO (not just their own), open the History page, and use the export buttons.
* Opt-in (off unless explicitly "true") because it widens read access. Submitters stay
* read-only — it grants no approval, payment, or edit rights. See lib/permissions.ts
* (canViewAllPos / submitterCanViewAll).
*
* NEXT_PUBLIC_CREWING_ENABLED=true → exposes the Crewing module (crew/ranks/requisitions
* etc.). Opt-in (off unless explicitly "true") because the feature is built incrementally;
* keeping it dark by default leaves production unchanged. See lib/permissions.ts (§6 matrix)
* and wiki Crewing-Implementation-Spec.
*
* NEXT_PUBLIC_CLOSED_PO_ATTACHMENTS_ENABLED=true → lets a PO's own submitter, plus
* Accounts / Manager / SuperUser, add attachments to it in any state EXCEPT
* rejected/cancelled. Remediation path for the upload bug where documents never persisted
* (no PODocument row), and the general "attach a document after the fact" affordance.
* Opt-in (off unless "true") so production is unchanged until enabled.
* See lib/permissions.ts (canAddPoAttachment).
*/
export const INVENTORY_ENABLED =
process.env.NEXT_PUBLIC_INVENTORY_ENABLED !== "false";
export const SUBMITTER_VIEW_ALL_ENABLED =
process.env.NEXT_PUBLIC_SUBMITTER_VIEW_ALL_ENABLED === "true";
export const CREWING_ENABLED =
process.env.NEXT_PUBLIC_CREWING_ENABLED === "true";
export const CLOSED_PO_ATTACHMENTS_ENABLED =
process.env.NEXT_PUBLIC_CLOSED_PO_ATTACHMENTS_ENABLED === "true";
Reference in a new issue View git blame Copy permalink