v1.6.7: add settings.system permission, move numbering/VAT to company tab, rename security tab to roles
- New settings.system permission with migration (idempotent INSERT) - requireAnyPermission helper for route guards accepting multiple perms - Move document numbering + currency/VAT cards from system tab to CompanySettings - Rename security tab to roles, add canManageSystem alongside canManageCompany - TOTP required endpoint and system-info now use settings.system - Roles list now includes user_count - Sidebar Settings link includes settings.system Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -3,6 +3,7 @@ import prisma from "../../config/database";
|
||||
import {
|
||||
requireAuth,
|
||||
requirePermission,
|
||||
requireAnyPermission,
|
||||
optionalAuth,
|
||||
} from "../../middleware/auth";
|
||||
import { logAudit } from "../../services/audit";
|
||||
@@ -333,7 +334,7 @@ export default async function companySettingsRoutes(
|
||||
// GET /api/admin/company-settings/system-info
|
||||
fastify.get(
|
||||
"/system-info",
|
||||
{ preHandler: requirePermission("settings.company") },
|
||||
{ preHandler: requirePermission("settings.system") },
|
||||
async (request, reply) => {
|
||||
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
||||
const pkg = require("../../../package.json") as { version: string };
|
||||
@@ -404,7 +405,7 @@ export default async function companySettingsRoutes(
|
||||
|
||||
fastify.put(
|
||||
"/",
|
||||
{ preHandler: requirePermission("settings.company") },
|
||||
{ preHandler: requireAnyPermission("settings.company", "settings.system") },
|
||||
async (request, reply) => {
|
||||
const parsed = parseBody(UpdateCompanySettingsSchema, request.body);
|
||||
if ("error" in parsed) return error(reply, parsed.error, 400);
|
||||
|
||||
Reference in New Issue
Block a user