ScreenTinker 0d14db97a6 feat(admin): Delete Organization + Workspace with cascade (#36) ... Platform admins can now cleanly remove a customer org (account ends) or a stray workspace from the UI, instead of raw SQL that risks orphaning resources. The tenant cascade isn't pure DB CASCADE - workspace-scoped tables (devices, content, playlists, ...) are NO ACTION and must be purged before the workspace. Extracted that logic out of deleteUserCascade into shared deleteWorkspaceCascade / deleteOrgCascade helpers (one tested implementation; deleteUserCascade now reuses the purgeWorkspaces extraction). Backend (platform-admin only): GET /api/admin/orgs (list + owner + counts + workspaces), DELETE /api/admin/orgs/:id, DELETE /api/admin/workspaces/:id. UI: an Organizations section in Admin listing every org/workspace with a type-the-name confirmation before the irreversible delete. Tests: org/workspace cascade (real FKs) + endpoint gating/404. Suite 53/53.		2026-06-09 09:22:21 -05:00
..
activity.js	Phase 2.1: tenancy middleware, permission helpers, JWT workspace context, frontend + backend role-rename compat	2026-05-11 20:02:00 -05:00
admin.js	feat(admin): Delete Organization + Workspace with cascade (#36)	2026-06-09 09:22:21 -05:00
assignments.js	fix(zone-id): restore zone-aware playlist_items wiring (issue #3 follow-up)	2026-05-14 19:20:44 -05:00
auth.js	fix(admin): user deletion failed with FOREIGN KEY constraint (#18)	2026-06-08 10:51:32 -05:00
contact.js	fix(landing): replace broken Custom pricing card with enterprise contact form	2026-05-14 13:52:24 -05:00
content.js	feat(socket): delivery queue for offline-device emits	2026-05-14 13:06:43 -05:00
device-groups.js	feat(socket): delivery queue for offline-device emits	2026-05-14 13:06:43 -05:00
devices.js	fix(security): patch quick-win findings from the codebase review	2026-06-08 19:02:19 -05:00
folders.js	Phase 2.2c: content_folders gets workspace_id (schema + backfill); folders.js scoped; content.js folder-move strict same-workspace	2026-05-11 21:04:03 -05:00
kiosk.js	fix(widgets): no-store on widget/kiosk render	2026-06-08 23:46:42 -05:00
layouts.js	feat(layouts): per-zone fit mode + default to 'contain'	2026-06-09 08:55:15 -05:00
player-debug.js	Add player debug overlay and server-side error telemetry sink	2026-05-15 15:20:42 -05:00
playlists.js	fix(zone-id): restore zone-aware playlist_items wiring (issue #3 follow-up)	2026-05-14 19:20:44 -05:00
provisioning.js	fix(security): patch quick-win findings from the codebase review	2026-06-08 19:02:19 -05:00
reports.js	Phase 2.2g: reports.js scoped to workspace_id; fixes pre-existing /export and /uptime cross-tenant leaks	2026-05-11 21:36:54 -05:00
schedules.js	Phase 2.2m: schedules.js scoped to workspace_id; schedule.workspace_id inherited from target (device/group); fixes 6 pre-existing cross-tenant leaks (POST content/widget/layout/playlist accepted with no check, PUT verifyOwnership rewrite across all 6 polymorphic targets)	2026-05-11 23:03:54 -05:00
status.js	Phase 2.2j: assignments.js scoped to workspace_id via playlist.workspace_id; fixes 3 pre-existing cross-tenant leaks (content add, widget add with NO existing check, copy-to cross-workspace); ensureDevicePlaylist loop-closer; status.js playlist INSERT bundle	2026-05-11 22:12:13 -05:00
stripe.js	Security audit remediation: auth, IDOR, XSS, hardening	2026-04-11 22:48:07 -05:00
subscription.js	Initial open source release	2026-04-08 12:14:53 -05:00
teams.js	feat(teams): temporarily disable Teams API while feature is redesigned	2026-05-12 13:30:55 -05:00
video-walls.js	feat(socket): delivery queue for offline-device emits	2026-05-14 13:06:43 -05:00
white-label.js	fix(security): patch quick-win findings from the codebase review	2026-06-08 19:02:19 -05:00
widgets.js	fix(widgets): no-store on widget/kiosk render	2026-06-08 23:46:42 -05:00
workspaces.js	fix(workspaces): use APP_URL env var for invite-accept URL generation	2026-05-17 15:26:07 -05:00