Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(idaa): restrict Show/Hide Disabled buttons to manager_access + edit_mode

Browse Source 
Disabled items are treated as functionally deleted for all end clients
(including Trusted Access staff). Only Manager + Edit Mode should see
Show/Hide Disabled controls — previously using administrator_access and
missing edit_mode gate in BB and archives.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-03-04 16:50:35 -05:00
parent 5687f247d3
commit eb35cd023a
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/idaa/(idaa)/archives/[archive_id]/ae_idaa_comp__archive_obj_id_view.svelte
View File

@@ -168,7 +168,7 @@
</button> </button>
{/if} {/if}
{#if $ae_loc.edit_mode && $ae_loc.administrator_access && (!$idaa_loc.archives.qry__enabled || $idaa_loc.archives.qry__enabled == 'enabled')} {#if $ae_loc.edit_mode && $ae_loc.manager_access && (!$idaa_loc.archives.qry__enabled || $idaa_loc.archives.qry__enabled == 'enabled')}
<button <button
type="button" type="button"
onclick={() => { onclick={() => {
@@ -182,7 +182,7 @@
> >
<span class="fas fa-eye m-1"></span> Show Disabled Events <span class="fas fa-eye m-1"></span> Show Disabled Events
</button> </button>
{:else if $ae_loc.administrator_access && $idaa_loc.archives.qry__enabled != 'enabled'} {:else if $ae_loc.edit_mode && $ae_loc.manager_access && $idaa_loc.archives.qry__enabled != 'enabled'}
<button <button
type="button" type="button"
onclick={() => { onclick={() => {

4
src/routes/idaa/(idaa)/bb/ae_idaa_comp__post_options.svelte
View File

@@ -134,7 +134,7 @@
</button> </button>
{/if} {/if}
{#if $ae_loc.administrator_access && (!$idaa_loc.bb.qry__enabled || $idaa_loc.bb.qry__enabled == 'enabled')} {#if $ae_loc.edit_mode && $ae_loc.manager_access && (!$idaa_loc.bb.qry__enabled || $idaa_loc.bb.qry__enabled == 'enabled')}
<button type="button" <button type="button"
onclick={() => { onclick={() => {
$idaa_loc.bb.qry__enabled = 'all'; $idaa_loc.bb.qry__enabled = 'all';
@@ -151,7 +151,7 @@
> >
<span class="fas fa-eye m-1"></span> Show Disabled Posts <span class="fas fa-eye m-1"></span> Show Disabled Posts
</button> </button>
{:else if $ae_loc.administrator_access && $idaa_loc.bb.qry__enabled != 'enabled'} {:else if $ae_loc.edit_mode && $ae_loc.manager_access && $idaa_loc.bb.qry__enabled != 'enabled'}
<button type="button" <button type="button"
onclick={() => { onclick={() => {
$idaa_loc.bb.qry__enabled = 'enabled'; $idaa_loc.bb.qry__enabled = 'enabled';

4
src/routes/idaa/(idaa)/recovery_meetings/ae_idaa_comp__event_obj_qry.svelte
View File

@@ -433,7 +433,7 @@
</button> </button>
{/if} {/if}
{#if $ae_loc.edit_mode && $ae_loc.administrator_access && (!$idaa_loc.recovery_meetings.qry__enabled || $idaa_loc.recovery_meetings.qry__enabled == 'enabled')} {#if $ae_loc.edit_mode && $ae_loc.manager_access && (!$idaa_loc.recovery_meetings.qry__enabled || $idaa_loc.recovery_meetings.qry__enabled == 'enabled')}
<button <button
type="button" type="button"
onclick={() => { onclick={() => {
@@ -451,7 +451,7 @@
> >
<span class="fas fa-eye m-1"></span> Show Disabled Events <span class="fas fa-eye m-1"></span> Show Disabled Events
</button> </button>
{:else if $ae_loc.edit_mode && $ae_loc.administrator_access && $idaa_loc.recovery_meetings.qry__enabled != 'enabled'} {:else if $ae_loc.edit_mode && $ae_loc.manager_access && $idaa_loc.recovery_meetings.qry__enabled != 'enabled'}
<button <button
type="button" type="button"
onclick={() => { onclick={() => {