v0.9.44 permissions changes

frontend/src/components/NavDrawer.jsx

@@ -17,11 +17,9 @@ export default function NavDrawer({ open, onClose, onMessages, onGroupManager, o
   const isAdmin = user?.role === 'admin';
   const isMobile = window.matchMedia('(pointer: coarse)').matches || window.innerWidth < 768;
 
-  // Team-managed access: check if user is in any of the designated manager groups
-  // (frontend-only — no API enforcement yet)
+  // Tool Manager access: admin always passes; non-admins pass if in a designated tool manager group
   const userGroupIds = features.userGroupMemberships || [];
-  const canAccessGroupManager = isAdmin || (features.teamGroupManagers || []).some(gid => userGroupIds.includes(gid));
-  const canAccessScheduleManager = isAdmin || (features.teamScheduleManagers || []).some(gid => userGroupIds.includes(gid));
+  const canAccessTools = isAdmin || (features.teamToolManagers || []).some(gid => userGroupIds.includes(gid));
 
   // Close on outside click
   useEffect(() => {
@@ -74,22 +72,22 @@ export default function NavDrawer({ open, onClose, onMessages, onGroupManager, o
         {item(NAV_ICON.messages,  'Messages',  onMessages)}
         {item(NAV_ICON.schedules, 'Schedules', () => {}, true)}
 
-        {/* Admin-only tools */}
+        {/* Admin-only: Branding + Settings */}
         {isAdmin && (
           <>
             <div className="nav-drawer-section-label admin">Admin</div>
-            {item(NAV_ICON.users, 'User Manager', onUsers)}
             {features.branding && item(NAV_ICON.branding, 'Branding', onBranding)}
             {item(NAV_ICON.settings, 'Settings', onSettings)}
           </>
         )}
 
-        {/* Tools accessible to admins OR designated team groups */}
-        {(features.groupManager || features.scheduleManager) && !isMobile && (canAccessGroupManager || canAccessScheduleManager) && (
+        {/* Tools: accessible to admins OR designated tool manager groups */}
+        {canAccessTools && (
           <>
             <div className="nav-drawer-section-label admin">Tools</div>
-            {features.groupManager    && canAccessGroupManager    && item(NAV_ICON.groups,   'Group Manager',    onGroupManager)}
-            {features.scheduleManager && canAccessScheduleManager && item(NAV_ICON.schedules, 'Schedule Manager', onScheduleManager || (() => {}))}
+            {item(NAV_ICON.users, 'User Manager', onUsers)}
+            {features.groupManager    && !isMobile && item(NAV_ICON.groups,   'Group Manager',    onGroupManager)}
+            {features.scheduleManager && !isMobile && item(NAV_ICON.schedules, 'Schedule Manager', onScheduleManager || (() => {}))}
           </>
         )}
       </div>

frontend/src/components/SettingsModal.jsx

@@ -11,46 +11,47 @@ const APP_TYPES = {
 };
 
 // ── Team Management Tab ───────────────────────────────────────────────────────
-function TeamManagementTab({ features }) {
+function TeamManagementTab() {
   const toast = useToast();
   const [userGroups, setUserGroups] = useState([]);
-  const [groupManagers, setGroupManagers] = useState([]);
-  const [scheduleManagers, setScheduleManagers] = useState([]);
+  const [toolManagers, setToolManagers] = useState([]);
   const [saving, setSaving] = useState(false);
 
   useEffect(() => {
     api.getUserGroups().then(({ groups }) => setUserGroups(groups || [])).catch(() => {});
     api.getSettings().then(({ settings }) => {
-      setGroupManagers(JSON.parse(settings.team_group_managers || '[]'));
-      setScheduleManagers(JSON.parse(settings.team_schedule_managers || '[]'));
+      // Read from unified key, fall back to legacy key
+      setToolManagers(JSON.parse(settings.team_tool_managers || settings.team_group_managers || '[]'));
     }).catch(() => {});
   }, []);
 
-  const toggle = (id, list, setList) => {
-    setList(prev => prev.includes(id) ? prev.filter(x => x !== id) : [...prev, id]);
+  const toggle = (id) => {
+    setToolManagers(prev => prev.includes(id) ? prev.filter(x => x !== id) : [...prev, id]);
   };
 
   const handleSave = async () => {
     setSaving(true);
     try {
-      await api.updateTeamSettings({ groupManagers, scheduleManagers });
+      await api.updateTeamSettings({ toolManagers });
       toast('Team settings saved', 'success');
       window.dispatchEvent(new Event('jama:settings-changed'));
     } catch (e) { toast(e.message, 'error'); }
     finally { setSaving(false); }
   };
 
-  const GroupSelectList = ({ title, description, selected, onToggle }) => (
-    <div style={{ marginBottom: 24 }}>
-      <div className="settings-section-label">{title}</div>
-      <p style={{ fontSize: 12, color: 'var(--text-tertiary)', marginBottom: 10 }}>{description}</p>
+  return (
+    <div>
+      <div className="settings-section-label">Tool Managers</div>
+      <p style={{ fontSize: 12, color: 'var(--text-tertiary)', marginBottom: 12 }}>
+        Members of selected groups can access Group Manager, Schedule Manager, and User Manager. Admin users always have access to all three tools.
+      </p>
       {userGroups.length === 0 ? (
-        <p style={{ fontSize: 13, color: 'var(--text-tertiary)' }}>No user groups created yet. Create groups in the Group Manager first.</p>
+        <p style={{ fontSize: 13, color: 'var(--text-tertiary)', marginBottom: 16 }}>No user groups created yet. Create groups in the Group Manager first.</p>
       ) : (
-        <div style={{ border: '1px solid var(--border)', borderRadius: 'var(--radius)', overflow: 'hidden' }}>
+        <div style={{ border: '1px solid var(--border)', borderRadius: 'var(--radius)', overflow: 'hidden', marginBottom: 16 }}>
           {userGroups.map(g => (
             <label key={g.id} style={{ display: 'flex', alignItems: 'center', gap: 10, padding: '9px 14px', borderBottom: '1px solid var(--border)', cursor: 'pointer' }}>
-              <input type="checkbox" checked={selected.includes(g.id)} onChange={() => onToggle(g.id)}
+              <input type="checkbox" checked={toolManagers.includes(g.id)} onChange={() => toggle(g.id)}
                 style={{ accentColor: 'var(--primary)', width: 15, height: 15 }} />
               <div style={{ width: 24, height: 24, borderRadius: 5, background: 'var(--primary)', display: 'flex', alignItems: 'center', justifyContent: 'center', color: 'white', fontSize: 9, fontWeight: 700, flexShrink: 0 }}>UG</div>
               <span style={{ flex: 1, fontSize: 14 }}>{g.name}</span>
@@ -59,28 +60,11 @@ function TeamManagementTab({ features }) {
           ))}
         </div>
       )}
-      {selected.length === 0 && (
-        <p style={{ fontSize: 12, color: 'var(--text-tertiary)', marginTop: 6 }}>No groups selected — admins only.</p>
+      {toolManagers.length === 0 && (
+        <p style={{ fontSize: 12, color: 'var(--text-tertiary)', marginBottom: 16 }}>No groups selected — tools are admin-only.</p>
       )}
-    </div>
-  );
-
-  return (
-    <div>
-      <GroupSelectList
-        title="Group Managers"
-        description="Members of selected groups can access the Group Manager tool."
-        selected={groupManagers}
-        onToggle={id => toggle(id, groupManagers, setGroupManagers)}
-      />
-      <GroupSelectList
-        title="Schedule Managers"
-        description="Members of selected groups can access the Schedule Manager tool."
-        selected={scheduleManagers}
-        onToggle={id => toggle(id, scheduleManagers, setScheduleManagers)}
-      />
       <button className="btn btn-primary" onClick={handleSave} disabled={saving}>
-        {saving ? 'Saving…' : 'Save Team Settings'}
+        {saving ? 'Saving…' : 'Save'}
       </button>
     </div>
   );
@@ -324,7 +308,7 @@ export default function SettingsModal({ onClose, onFeaturesChanged }) {
           ))}
         </div>
 
-        {tab === 'team'         && <TeamManagementTab features={{ appType }} />}
+        {tab === 'team'         && <TeamManagementTab />}
         {tab === 'registration' && <RegistrationTab onFeaturesChanged={onFeaturesChanged} />}
         {tab === 'webpush'      && <WebPushTab />}
       </div>