Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(idaa): restrict Show/Hide Disabled buttons to manager_access + edit_mode

Browse Source 
Disabled items are treated as functionally deleted for all end clients
(including Trusted Access staff). Only Manager + Edit Mode should see
Show/Hide Disabled controls — previously using administrator_access and
missing edit_mode gate in BB and archives.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-03-04 16:50:35 -05:00
parent 5687f247d3
commit eb35cd023a
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/idaa/(idaa)/recovery_meetings/ae_idaa_comp__event_obj_qry.svelte
View File

@@ -433,7 +433,7 @@
</button>
{/if}
{#if $ae_loc.edit_mode && $ae_loc.administrator_access && (!$idaa_loc.recovery_meetings.qry__enabled || $idaa_loc.recovery_meetings.qry__enabled == 'enabled')}
{#if $ae_loc.edit_mode && $ae_loc.manager_access && (!$idaa_loc.recovery_meetings.qry__enabled || $idaa_loc.recovery_meetings.qry__enabled == 'enabled')}
<button
type="button"
onclick={() => {
@@ -451,7 +451,7 @@
>
<span class="fas fa-eye m-1"></span> Show Disabled Events
</button>
{:else if $ae_loc.edit_mode && $ae_loc.administrator_access && $idaa_loc.recovery_meetings.qry__enabled != 'enabled'}
{:else if $ae_loc.edit_mode && $ae_loc.manager_access && $idaa_loc.recovery_meetings.qry__enabled != 'enabled'}
<button
type="button"
onclick={() => {