ScreenTinker 48902f6807 feat(roles): add cross-org platform_operator staff role (#13) ... platform_operator is cross-org STAFF: it can see and act-as into every org and read/write workspace-scoped resources (content, playlists, layouts, schedules, devices, widgets, kiosk) anywhere - but holds NO owner-level power. Design is deny-by-default: operator is NEVER added to PLATFORM_ROLES / isPlatformRole, so every owner capability (billing, org/workspace deletion, user/role management, shared & template asset curation, branding, workspace member mgmt/rename) stays denied, and any NEW owner endpoint added later inherits that denial automatically. Operator gets power from exactly two levers: - middleware/auth.js: new PLATFORM_STAFF set + isPlatformStaff(); owner guards (PLATFORM_ROLES, requireAdmin, requireSuperAdmin) unchanged. - tenancy.js: accessContext + resolveTenancy treat staff as act-as capable; new req.isPlatformStaff / req.isPlatformOperator (req.isPlatformAdmin stays owner-only); accessibleWorkspaceIds + switch-workspace guard use staff. - permissions.js: canRead/canWrite + canAccessWorkspace (read) grant staff; canAdmin / canAdminWorkspace / isOrgAdmin / isOrgOwner stay owner-gated. Read-only edges (per review): operator may VIEW workspace member lists (canAccessWorkspace) and the unassigned device pool (devices.js), but cannot mutate either. Frontend: platform role dropdown adds "Platform operator"; the user-mgmt view stays isPlatformAdmin-gated so operators can't open it. EN i18n only. Behaviour identical under HOSTED_INSTANCE set or unset. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>		2026-06-05 10:30:21 -05:00
..
activity.js	i18n batch 6: wire teams + activity + help (~62 keys)	2026-04-29 20:16:21 -05:00
admin-player-debug.js	Add player debug overlay and server-side error telemetry sink	2026-05-15 15:20:42 -05:00
admin.js	feat(roles): add cross-org platform_operator staff role (#13)	2026-06-05 10:30:21 -05:00
billing.js	i18n batch 5: wire layout-editor + video-wall + billing (~85 keys)	2026-04-29 20:13:38 -05:00
content-library.js	i18n: extract all strings, add 6 language translations, restructure i18n module	2026-04-29 19:25:22 -05:00
dashboard.js	fix(dashboard): selection bar surfaces 'pick 1 more' hint when 1 display selected so the disabled Create Video Wall button isn't silently unresponsive	2026-05-11 22:56:15 -05:00
designer.js	i18n batch 2b: wire designer.js (~80 keys)	2026-04-29 19:57:12 -05:00
device-detail.js	fix(zones): frontend assignment-flow picker + missed devices.js zone_id projection	2026-05-14 21:26:58 -05:00
help.js	i18n batch 6: wire teams + activity + help (~62 keys)	2026-04-29 20:16:21 -05:00
kiosk.js	i18n batch 4: wire schedule + reports + kiosk (~95 keys)	2026-04-29 20:09:32 -05:00
layout-editor.js	i18n batch 5: wire layout-editor + video-wall + billing (~85 keys)	2026-04-29 20:13:38 -05:00
login.js	i18n: extract all strings, add 6 language translations, restructure i18n module	2026-04-29 19:25:22 -05:00
onboarding.js	i18n batch 3b: wire onboarding.js + admin.js (~84 keys)	2026-04-29 20:04:23 -05:00
playlists.js	fix(frontend): playlists.js thumbnail path uses API endpoint instead of legacy direct path	2026-05-12 11:44:30 -05:00
reports.js	i18n batch 4: wire schedule + reports + kiosk (~95 keys)	2026-04-29 20:09:32 -05:00
schedule.js	fix(schedule): add delete button to schedule edit modal so schedules can be removed from the UI (DELETE /api/schedules/:id already existed)	2026-05-11 23:05:03 -05:00
settings.js	refactor(roles): normalize the platform-role model (#14)	2026-06-05 09:58:46 -05:00
teams.js	i18n batch 6: wire teams + activity + help (~62 keys)	2026-04-29 20:16:21 -05:00
video-wall.js	Video walls: free-form canvas editor, leader-driven sync, group dissolve, progress bars	2026-04-29 23:11:16 -05:00
widgets.js	security(widgets): add sandbox="allow-scripts" to widget iframes	2026-05-28 12:28:34 -05:00
workspace-members.js	feat(workspaces): mutation UI for members (slice 2B)	2026-05-17 14:45:34 -05:00