ScreenTinker caa9fd0f40 feat(workspaces): mutation UI for members (slice 2B) ... Completes P2 user-management. Adds the full admin surface for managing workspace membership: invite modal, role change, member remove, cancel pending invite. All admin-gated client-side via can_admin from /me, server-gated via canAdminWorkspace. Component additions: - NEW workspace-members-invite-modal.js (~115 LOC). Mirrors workspace-rename-modal.js pattern (imperative open + listeners + close + esc/click-outside/enter). Two key differences: onSuccess callback instead of window.location.reload (allows targeted re-render of pending-invites section), and mapError callback so the parent's mapMutationError is the single regex-to-i18n source of truth (instead of duplicating in the modal). - workspace-members.js: header invite button (can_admin gated), per-row affordances (role select + remove on direct members, cancel on invited rows, none on via_org rows), exported mapMutationError mapper, re-render on both success AND error for role-select to resync state when the server rejects. - 4 api.js helpers (inviteWorkspaceMember, cancelWorkspaceInvite, updateWorkspaceMemberRole, removeWorkspaceMember). - 24 i18n keys under members.modal.*, members.button.*, members.confirm.*, members.error.*, members.success.* - CSS for .member-actions family (action buttons + role select + hover states). UX decisions: - Direct-member rows: role <select> replaces role text in same column; remove button right of detail - via_org rows: no actions cell (server would 403; UI respects boundary) - Invited rows: cancel button only (handoff rule was over-broad - cancel-invite IS a valid mutation on invited rows, refined during 2B survey) - Role select fires on change, no Save button (matches teams.js pattern; mitigations for accidental clicks noted in handoff if reports come in) - Mutations re-fetch + re-render rather than optimistic updates - simpler, no state-drift bugs, endpoints respond fast - /invites endpoint skipped entirely when !can_admin (saves a request; server still enforces) Verification: 21/21 Playwright assertions PASS across 6 cases (invite happy path, invite collision, role change, remove member, last-admin block, cancel invite). Test infrastructure stashed at ~/Documents/screentinker-2b-playwright-2026-05.py. Closes P2 (user-management feature). Slice 1+3 backend landed c4fbd2b, 2A read-only view landed 8db171d, 2C accept-invite handler landed 399af54, 2B mutation UI landed here. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-05-17 14:45:34 -05:00
..
toast.js	QA fixes: toast aria-live + scope playlist flex-wrap to mobile	2026-04-21 16:00:41 -05:00
workspace-members-invite-modal.js	feat(workspaces): mutation UI for members (slice 2B)	2026-05-17 14:45:34 -05:00
workspace-rename-modal.js	feat(workspaces): rename via switcher dropdown - new PATCH /api/workspaces/:id route, per-row pencil affordance in switcher (visible only when caller can_admin), small rename modal with name + slug fields, validation (name <=80 chars, slug ^[a-z0-9]+(?:-[a-z0-9]+)*$ <=60 chars, blank slug -> NULL), 409 on per-org slug collision. Permission gating via new canAdminWorkspace(db, user, ws) helper in lib/permissions.js - reused-ready for future Phase 3 admin actions. /me query now joins organization_members to compute can_admin per accessible_workspaces entry. Drive-by fixes surfaced: (1) activityLogger method filter was missing PATCH, added; (2) routes that operate on a target workspace by URL param need to stamp req.workspaceId from the param so activityLogger captures the right tenant attribution - documented in the route. Smoke fixture: switcher-test@local.test is workspace_admin of Studio A and workspace_editor of Field Crew (no org_owner) so the can_admin true/false split is exercised in one login.	2026-05-12 11:06:55 -05:00
workspace-switcher.js	feat(workspaces): members page read-only view (slice 2A)	2026-05-16 13:00:51 -05:00