Stabilized hierarchical permissions and implemented strict visibility gating.

Standardized access level hierarchy (super > manager > administrator > trusted) and added hierarchical comparison utilities to 'ae_util'. Refactored IDAA layout to use an 'Upgrade-Only' permission strategy, preventing context-specific identifications from downgrading global Manager privileges. Implemented strict gated filtering in the Journal Entry list: hidden and disabled items now correctly require both the appropriate hierarchical role (Trusted/Admin) AND active Edit Mode.
2026-02-16 17:12:24 -05:00
parent fb724411d3
commit f96f7069a4
8 changed files with 95 additions and 121 deletions
--- a/src/routes/journals/ae_comp__journal_entry_obj_li.svelte
+++ b/src/routes/journals/ae_comp__journal_entry_obj_li.svelte
@@ -95,15 +95,22 @@
            const filtered = list.filter((item: any) => {
                if (!item) return false;

-                // ADMIN/TRUSTED: See everything
-                if ($ae_loc.trusted_access) return true;
-
-                // PUBLIC: Filter hidden/disabled
-                // Permissive defaults for missing metadata
                const is_hidden = item.hide === true || item.hide === 1;
                const is_disabled = item.enable === false || item.enable === 0;

-                return !is_hidden && !is_disabled;
+                // Standard Visibility: Filter out hidden/disabled if not in Edit Mode
+                if (!$ae_loc.edit_mode) {
+                    return !is_hidden && !is_disabled;
+                }
+
+                // Edit Mode Gating:
+                // - To see Hidden: Must have Trusted Access or higher
+                if (is_hidden && !$ae_loc.trusted_access) return false;
+
+                // - To see Disabled: Must have Administrator Access or higher
+                if (is_disabled && !$ae_loc.administrator_access) return false;
+
+                return true;
            });

            if (log_lvl)