InvoiceShelf

QT/InvoiceShelf

Fork 0

mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-15 17:24:10 +00:00

Commit Graph

Author	SHA1	Message	Date
Darko Gjorgjijoski	5c11147e95	feat(settings): allow Danger Zone for any owner regardless of company count Removes three layered gates that kept the Danger Zone completely hidden unless the current user had more than one company: 1. SettingsLayoutView's showDangerZone computed no longer checks companies.length > 1 — just is_owner. 2. DangerZoneView drops the v-if that wrapped the delete button with the same check. 3. Admin\\CompaniesController::destroy() drops the companies_count <= 1 early-return that was enforcing the rule server-side (translation key You_cannot_delete_all_companies was inline in the controller, not in lang files or tests, so nothing else needs cleanup). The reasoning behind the old gate was that a user with zero companies would be stranded. That's a misread of how the app degrades: /admin/no-company already exists as a graceful fallback view, and the user can create a fresh company from there to recover. Hiding the entire delete flow just to avoid that fallback UX was overkill — the name-confirmation modal already prevents accidental deletion.	2026-04-11 08:00:00 +02:00
Darko Gjorgjijoski	00d5abae5f	Eliminate Company\CompaniesController, introduce owner role Redistribute methods: - show() -> BootstrapController::currentCompany() - store(), destroy(), userCompanies() -> Admin\CompaniesController - transferOwnership() -> CompanySettingsController Security fix: introduce 'owner' role for company-level admin, distinct from 'super admin' which is now global platform admin only. - CompanyService::setupRoles() creates 'owner' role per company - Company creation assigns scoped 'owner' role instead of global 'super admin' - Seeders updated to assign 'owner' Migration renames all existing company-scoped 'super admin' roles to 'owner' and ensures every company owner has the role assigned.	2026-04-03 22:33:56 +02:00
Darko Gjorgjijoski	64c481e963	Rename controller namespaces: drop V1 prefix, clarify roles V1/Admin -> Company (company-scoped controllers) V1/SuperAdmin -> Admin (platform-wide admin controllers) V1/Customer -> CustomerPortal (customer-facing portal) V1/Installation -> Setup (installation wizard) V1/PDF -> Pdf (consistent casing) V1/Modules -> Modules (drop V1 prefix) V1/Webhook -> Webhook (drop V1 prefix) The V1 prefix served no purpose - API versioning is in the route prefix (/api/v1/), not the controller namespace. "Admin" was misleading for company-scoped controllers. "SuperAdmin" is now simply "Admin" for platform administration.	2026-04-03 19:15:20 +02:00

Author

SHA1

Message

Date

Darko Gjorgjijoski

5c11147e95

feat(settings): allow Danger Zone for any owner regardless of company count

Removes three layered gates that kept the Danger Zone completely hidden unless the current user had more than one company:

1. SettingsLayoutView's showDangerZone computed no longer checks companies.length > 1 — just is_owner. 2. DangerZoneView drops the v-if that wrapped the delete button with the same check. 3. Admin\\CompaniesController::destroy() drops the companies_count <= 1 early-return that was enforcing the rule server-side (translation key You_cannot_delete_all_companies was inline in the controller, not in lang files or tests, so nothing else needs cleanup).

The reasoning behind the old gate was that a user with zero companies would be stranded. That's a misread of how the app degrades: /admin/no-company already exists as a graceful fallback view, and the user can create a fresh company from there to recover. Hiding the entire delete flow just to avoid that fallback UX was overkill — the name-confirmation modal already prevents accidental deletion.

2026-04-11 08:00:00 +02:00

Darko Gjorgjijoski

00d5abae5f

Eliminate Company\CompaniesController, introduce owner role

Redistribute methods:
- show() -> BootstrapController::currentCompany()
- store(), destroy(), userCompanies() -> Admin\CompaniesController
- transferOwnership() -> CompanySettingsController

Security fix: introduce 'owner' role for company-level admin, distinct
from 'super admin' which is now global platform admin only.
- CompanyService::setupRoles() creates 'owner' role per company
- Company creation assigns scoped 'owner' role instead of global 'super admin'
- Seeders updated to assign 'owner'

Migration renames all existing company-scoped 'super admin' roles to
'owner' and ensures every company owner has the role assigned.

2026-04-03 22:33:56 +02:00

Darko Gjorgjijoski

64c481e963

Rename controller namespaces: drop V1 prefix, clarify roles

V1/Admin     -> Company       (company-scoped controllers)
V1/SuperAdmin -> Admin        (platform-wide admin controllers)
V1/Customer  -> CustomerPortal (customer-facing portal)
V1/Installation -> Setup      (installation wizard)
V1/PDF       -> Pdf           (consistent casing)
V1/Modules   -> Modules       (drop V1 prefix)
V1/Webhook   -> Webhook       (drop V1 prefix)

The V1 prefix served no purpose - API versioning is in the route prefix
(/api/v1/), not the controller namespace. "Admin" was misleading for
company-scoped controllers. "SuperAdmin" is now simply "Admin" for
platform administration.

2026-04-03 19:15:20 +02:00

3 Commits