Files
TX/artifacts/api-server
riyadhafraa 0e4fcc81c7 Push role permission changes for single-permission add/remove endpoints
Task #150: Make `POST /api/roles/:id/permissions` and
`DELETE /api/roles/:id/permissions/:permissionId` emit the
`role_permissions_changed` socket event in addition to the existing
`apps_changed` event, mirroring the bulk `PUT /api/roles/:id/permissions`
handler.

Changes
- artifacts/api-server/src/routes/roles.ts
  - In the POST add-one handler, after inserting the new
    role_permissions row and emitting `apps_changed`, also call
    `emitRolePermissionsChangedToHolders(id)` so role/permission
    React Query caches and `/api/auth/me` get invalidated for every
    user holding that role.
  - In the DELETE remove-one handler, after a successful delete and
    the existing `apps_changed` emit, also call
    `emitRolePermissionsChangedToHolders(id)` for the same reason.
  - Both emits are still gated on a real change occurring (insert
    actually happened / delete actually returned a row), so a no-op
    request does not push spurious events.

Notes
- `emitRolePermissionsChangedToHolders` was already imported at the
  top of the file (used by the bulk PUT handler), so no new imports
  were needed.
- Pre-existing unrelated TypeScript errors exist in
  permission-audit.ts, executive-meetings.ts, and groups.ts; my
  changes did not introduce them and roles.ts itself type-checks.
- No follow-up tasks proposed: testing of the live update flow is
  already covered by the existing "Add automated tests for the live
  role-permission updates" project task.

Replit-Task-Id: f395f75e-4a5e-4614-bee0-8f176a24c717
2026-04-30 12:34:05 +00:00
..
2026-04-18 02:00:09 +00:00
2026-04-18 02:00:09 +00:00