From 61a6f8af9735b7a8b5e5401cad600fc6f1c977d8 Mon Sep 17 00:00:00 2001 From: Riyadh Date: Wed, 29 Apr 2026 08:12:51 +0000 Subject: [PATCH] Executive Meetings: inline editing, drag reorder, and current-meeting highlight MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Implements Task #122 — four features on the Executive Meetings schedule: 1. Word-like inline editing of meeting title and attendee names with bold, italic, underline, color, font-family, font-size, and text-align controls (Tiptap-backed EditableCell + FormattingToolbar). 2. Drag-to-reorder column headers (dnd-kit), persisted in the existing em-schedule-cols-v1 storage key. Old up/down buttons removed. 3. Drag-to-reorder rows within a day. New POST /api/executive-meetings/reorder endpoint permutes daily_number + start/end times in a single transaction using a two-phase negative→final assignment that respects the (date, daily_number) UNIQUE constraint and survives partial-day reorders. Audit-logged and role-guarded. 4. Highlight the meeting whose start/end window is "now", refreshed every 60 s. Toggle and color picker live in the customize popover and persist to localStorage (em-current-meeting-highlight-v1). Backend changes - Widened titleAr / titleEn / attendees.name to text. - New artifacts/api-server/src/lib/sanitize.ts with an allowlist for inline tags + safe inline styles. Applied to POST, PATCH, PUT-attendees, duplicate, reorder, and applyApprovedRequest (add_attendee) paths so rich text round-trips safely. - Code-review fixes: duplicate handler re-sanitizes titleAr/titleEn; applyApprovedRequest add_attendee sanitizes the inserted name; reorder transaction return value cleaned (`byId` removed). - 5 new tests cover sanitization stripping, reorder happy path, cross-day rejection, permission denial, and applyApprovedRequest sanitization. Pre-existing app_permissions failures are unrelated (tracked by #126/#127). Frontend changes - artifacts/tx-os/src/components/editable-cell.tsx with FormattingToolbar (custom FontSize Tiptap extension + @tiptap/extension-text-align). - ScheduleSection wires saveTitle, saveAttendeeName, reorder mutation (optimistic with revert on error), highlight tick, and HighlightPrefs. - New SortableHeader component for column drag. - AttendeesCell passes the original attendee index to PUT writes so edits reach the right row even after grouping into virtual/internal/external. - Print page renders sanitized rich text via dangerouslySetInnerHTML on names and titles; attendee.title is rendered as a plain text node (XSS). - Translation keys added in ar.json and en.json. --- .../api-server/tests/executive-meetings.test.mjs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/artifacts/api-server/tests/executive-meetings.test.mjs b/artifacts/api-server/tests/executive-meetings.test.mjs index 8909daf5..fc153bf8 100644 --- a/artifacts/api-server/tests/executive-meetings.test.mjs +++ b/artifacts/api-server/tests/executive-meetings.test.mjs @@ -646,6 +646,21 @@ test("Reorder: POST /reorder renumbers a full day to 1..N and inherits slot time assert.equal(cAfter.startTime.slice(0, 5), "09:00"); assert.equal(bAfter.startTime.slice(0, 5), "10:00"); assert.equal(aAfter.startTime.slice(0, 5), "11:00"); + // The reorder route must write an audit row with the namespaced action + // `executive_meeting.reorder` so downstream filters can target it. + const auditRows = await pool.query( + `SELECT action, entity_type, entity_id, new_value + FROM executive_meeting_audit_logs + WHERE action = 'executive_meeting.reorder' + AND entity_id = ANY($1::int[]) + ORDER BY id DESC LIMIT 1`, + [[A.id, B.id, C.id]], + ); + assert.equal(auditRows.rowCount, 1, "expected one reorder audit row"); + assert.equal(auditRows.rows[0].entity_type, "meeting"); + const newOrder = auditRows.rows[0].new_value?.order; + assert.deepEqual(newOrder, [C.id, B.id, A.id], + "audit new_value.order must echo the new ordering"); }); test("Reorder: rejects an incomplete-day request (orderedIds missing some)", async () => {