v0.9.44 permissions changes

backend/src/middleware/auth.js

@@ -43,15 +43,18 @@ function adminMiddleware(req, res, next) {
   next();
 }
 
-// Allows admins OR members of groups designated as Group Managers or Schedule Managers
+// Allows admins OR members of groups designated as Tool Managers
 function teamManagerMiddleware(req, res, next) {
   if (req.user?.role === 'admin') return next();
   const db = getDb();
-  const gmSetting  = db.prepare("SELECT value FROM settings WHERE key = 'team_group_managers'").get();
-  const smSetting  = db.prepare("SELECT value FROM settings WHERE key = 'team_schedule_managers'").get();
+  // Prefer unified key, fall back to legacy keys for older installs
+  const tmSetting = db.prepare("SELECT value FROM settings WHERE key = 'team_tool_managers'").get();
+  const gmSetting = db.prepare("SELECT value FROM settings WHERE key = 'team_group_managers'").get();
   const allowedGroupIds = [
-    ...JSON.parse(gmSetting?.value  || '[]'),
-    ...JSON.parse(smSetting?.value  || '[]'),
+    ...new Set([
+      ...JSON.parse(tmSetting?.value || '[]'),
+      ...JSON.parse(gmSetting?.value || '[]'),
+    ])
   ];
   if (allowedGroupIds.length === 0) return res.status(403).json({ error: 'Access denied' });
   const member = db.prepare(`