Fix 5 validator blockers in groups/users admin work

1. apps.ts getVisibleAppsForUser: use getEffectiveRoleIds() so admin
   gate honors group_roles inheritance (was direct user_roles only —
   security bypass for group-only admins). Exported helper from
   middlewares/auth.ts.

2. POST /users: switch from RegisterBody to new CreateUserBody schema
   that accepts optional groupIds[]. Validates ids exist; user creation
   + auto-Everyone + requested groups happen in single transaction.
   OpenAPI spec extended; api-zod and api-client-react regenerated.

3. DELETE /users/🆔 400 if req.session.userId === target (no
   self-delete).

4. scripts/src/seed.ts: removed `void inArray;` AI-slop and dropped
   unused inArray import.

5. Locales (ar.json + en.json): added admin.users.col.displayNameAr,
   displayNameEn, language and admin.groups.searchPlaceholder.

Typecheck clean. groups-crud + service-orders + users tests pass.
Pre-existing admin-app-opens-pagination flake unrelated.
Architect re-review: PASS.
This commit is contained in:
riyadhafraa
2026-04-22 08:47:35 +00:00
parent bf0768948e
commit 4595e792e4
10 changed files with 136 additions and 48 deletions
+1 -3
View File
@@ -14,7 +14,7 @@ import {
groupAppsTable,
groupRolesTable,
} from "@workspace/db";
import { eq, inArray } from "drizzle-orm";
import { eq } from "drizzle-orm";
import bcrypt from "bcryptjs";
async function main() {
@@ -459,8 +459,6 @@ async function main() {
.onConflictDoNothing();
}
}
// Reference inArray to keep import live for future use
void inArray;
console.log("Groups created and existing users mapped");
console.log("\n✅ Seeding complete!");