No description
Hardik
3556b1425f
Schema (migration: 20260516103515_user_profile_signature): - User.signatureKey String? — storage key for the manager's approval signature - New RequestStatus enum (PENDING / APPROVED / DENIED) - New SuperUserRequest model — tracks access-escalation requests from users Profile page (/profile) — all roles: - Account info panel (name, email, employee ID, role — read-only) - Change password form (validates current password, bcrypt hash on save) - Signature uploader (MANAGER / SUPERUSER only) — PNG/JPG/WebP up to 2 MB; previews before save; can remove existing signature - SuperUser access request form — textarea for reason, shows current request status (pending / approved / denied) after submission Signature gate on approval page (/approvals/[id]): - Server checks if the current manager has uploaded a signatureKey - If missing: shows an amber warning banner with a deep-link to /profile instead of rendering the approval action buttons; managers cannot approve, reject, or request edits without a signature on file PDF and XLSX exports: - Fetches the approver's signature image from storage after identifying the approval action - PDF: embeds as base64 data URI <img> above the approver name in the left signature block - XLSX: inserts the image into the sig-row cells via ExcelJS addImage; adds a name row below the image for legibility SuperUser requests admin page (/admin/superuser-requests): - Pending requests listed with user info, role, reason, and Approve/Deny buttons - Approve: sets user.role = SUPERUSER and closes the request - Deny: marks request DENIED, user role unchanged - Resolved history table below Admin user management updates (/admin/users): - "SuperUser" button (ShieldCheck icon) on every non-superuser, non-admin row - Directly grants SUPERUSER role and auto-closes any open request for that user lib/storage.ts: - buildSignatureKey(userId, ext) helper - uploadBuffer(key, buffer, contentType) — server-side write to dev-uploads or R2 - downloadBuffer(key) — server-side read from dev-uploads or R2 presigned URL Sidebar: - "My Profile" link (UserCircle) visible to all roles - "SuperUser Requests" link (ShieldCheck) in admin section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .claude | ||
| App/pelagia-portal | ||
| design_handoff_pelagia_portal | ||
| GstService | ||
| Progress | ||
| Prototype | ||
| Spec | ||
| .gitignore | ||
| DESIGN.md | ||
| generate_po.py | ||
| inspect_po.py | ||
| PLAYRIGHT_TEST_DESIGN.md | ||