VARASYS/ZDDC - Forgejo: Beyond coding. We forge.

VARASYS/ZDDC

Fork 0

Commit graph

Author	SHA1	Message	Date
ZDDC	fbe9d11f22	feat(profile): project-create — drop parent picker, add role groups, record creator Projects are always created at the deployment root, so the "Parent" dropdown (and populateParentChoices) is gone — the client always POSTs parent:"/". The Create-new-project dialog now collects members for the four project roles — admins, document controllers, project team, guests — as simple email lists. Server-side, each non-empty list becomes a roles:<name> entry plus a base acl.permissions grant (document_controller→rwcd, project_team→rwc, guest→r); an explicit advanced acl.permissions entry for the same key still wins. The new project's .zddc now always records the creator: zf.CreatedBy = creator email, and the creator is always included in admins: (deduped, first) so they administer their own project from birth. Tests: creator recorded + roles/permissions seeded; explicit permission overrides the role default. Existing create tests still pass (creator-in-admins is compatible with the explicit-admins-list case). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-05 08:55:55 -05:00
ZDDC	b80b11c99f	feat: project creation gated by cascade ActionCreate, not hardcoded admin The /.profile/projects endpoint previously refused anyone without hasAnyAdminScope. Now it runs the standard decider with ActionCreate on the parent directory — super-admins still pass via the IsActiveAdmin bypass branch, and anyone the root .zddc grants `c` to (e.g. `*@example.com: c`) can self-service a project without needing an existing admin grant. Other changes in this commit: - The new project's .zddc is seeded with the creator's email in admins: when the request body doesn't supply one — they become subtree admin of their own project at birth. .zddc edits in deeper subfolders flow through their authority; strict-ancestor rule still prevents them from editing /<project>/.zddc itself. - AccessView gains can_create_project, computed by the same decider call the endpoint uses — UI and server agree on visibility with no daylight. - Profile page splits the subtree-admin template from the create- project template so the latter mounts on can_create_project, independent of has_any_admin_scope. Non-admin grantees see the form; admins keep seeing both. - Lock-in tests cover the five interesting cases: cascade-granted user succeeds and becomes subtree admin; stranger gets 404; elevated super-admin auto-defaults admins; explicit admins list wins over the default; duplicate-name 409. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-18 10:25:19 -05:00

Author

SHA1

Message

Date

ZDDC

fbe9d11f22

feat(profile): project-create — drop parent picker, add role groups, record creator

Projects are always created at the deployment root, so the "Parent" dropdown
(and populateParentChoices) is gone — the client always POSTs parent:"/".

The Create-new-project dialog now collects members for the four project roles
— admins, document controllers, project team, guests — as simple email lists.
Server-side, each non-empty list becomes a roles:<name> entry plus a base
acl.permissions grant (document_controller→rwcd, project_team→rwc, guest→r);
an explicit advanced acl.permissions entry for the same key still wins.

The new project's .zddc now always records the creator: zf.CreatedBy = creator
email, and the creator is always included in admins: (deduped, first) so they
administer their own project from birth.

Tests: creator recorded + roles/permissions seeded; explicit permission
overrides the role default. Existing create tests still pass (creator-in-admins
is compatible with the explicit-admins-list case).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-05 08:55:55 -05:00

ZDDC

b80b11c99f

feat: project creation gated by cascade ActionCreate, not hardcoded admin

The /.profile/projects endpoint previously refused anyone without
hasAnyAdminScope. Now it runs the standard decider with ActionCreate
on the parent directory — super-admins still pass via the
IsActiveAdmin bypass branch, and anyone the root .zddc grants `c`
to (e.g. `*@example.com: c`) can self-service a project without
needing an existing admin grant.

Other changes in this commit:

- The new project's .zddc is seeded with the creator's email in
  admins: when the request body doesn't supply one — they become
  subtree admin of their own project at birth. .zddc edits in
  deeper subfolders flow through their authority; strict-ancestor
  rule still prevents them from editing /<project>/.zddc itself.

- AccessView gains can_create_project, computed by the same decider
  call the endpoint uses — UI and server agree on visibility with
  no daylight.

- Profile page splits the subtree-admin template from the create-
  project template so the latter mounts on can_create_project,
  independent of has_any_admin_scope. Non-admin grantees see the
  form; admins keep seeing both.

- Lock-in tests cover the five interesting cases: cascade-granted
  user succeeds and becomes subtree admin; stranger gets 404;
  elevated super-admin auto-defaults admins; explicit admins list
  wins over the default; duplicate-name 409.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-18 10:25:19 -05:00

2 commits