mirror of
https://github.com/renee-png/acmcc.git
synced 2026-06-21 01:40:01 +00:00
admin
fd7107290a
Restrict marking a bill paid to admins only, per requirement. - BillDetailPage: gate Mark Paid / Mark Unpaid on useAuth().isAdmin (was only hidden in board view). - BillApprovalsPage: gate Print Checks (which sets bills to paid) on isAdmin. - Migration: BEFORE INSERT/UPDATE trigger enforce_admin_marks_bill_paid() rejects the transition into 'paid' for authenticated non-admins. Service-role / system contexts (auth.uid() null: buildium-sync, accounting triggers, autopay) remain allowed. Verified: admin allowed, non-admin blocked (23514). Note: the approver column showing "None" in production is a stale-deploy issue — the DB column was renamed vendor_name->approver_name (Jun 4) but prod still ran code querying vendor_name. Deploying current main resolves it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>