marcel
0 Followers · 0 Following
  • Joined on 2026-03-17
Repositories
3
 Projects Packages Public Activity Starred Repositories
marcel commented on pull request marcel/familienarchiv#699 2026-05-31 11:15:57 +02:00
fix(ui): hide write/edit controls from READ_ALL (read-only) users (#696)

⚙️ Tobias Wendt — DevOps & Platform Engineer

Verdict: Approved (LGTM)

Nothing in my domain to flag. I checked for the things I always check:

  • No infrastructure surface touched
marcel commented on pull request marcel/familienarchiv#699 2026-05-31 11:15:50 +02:00
fix(ui): hide write/edit controls from READ_ALL (read-only) users (#696)

🎨 Leonie Voss — UX & Accessibility Lead

Verdict: Approved

This is a real UX win, and it's the right fix from a user-journey standpoint. A reader without WRITE_ALL previously saw…

marcel commented on pull request marcel/familienarchiv#699 2026-05-31 11:15:40 +02:00
fix(ui): hide write/edit controls from READ_ALL (read-only) users (#696)

🏛️ Markus Keller — Application Architect

Verdict: Approved

No architectural concerns. This is a leaf-level UI gate plus test coverage — it touches no module boundary, no layer rule,…

marcel commented on pull request marcel/familienarchiv#699 2026-05-31 11:15:30 +02:00
fix(ui): hide write/edit controls from READ_ALL (read-only) users (#696)

🧪 Sara Holt — Senior QA Engineer

Verdict: Approved

The test strategy here is textbook: the behavior is verified at the layer where it lives. UI visibility → component test;…

marcel commented on pull request marcel/familienarchiv#699 2026-05-31 11:15:18 +02:00
fix(ui): hide write/edit controls from READ_ALL (read-only) users (#696)

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: Approved

Clean, disciplined, TDD-shaped change. The fix is a one-token condition tweak, and the tests precede and justify it.…

marcel commented on pull request marcel/familienarchiv#699 2026-05-31 11:15:06 +02:00
fix(ui): hide write/edit controls from READ_ALL (read-only) users (#696)

🛡️ Nora "NullX" Steiner — Application Security Engineer

Verdict: Approved

This is exactly the shape a UI-hardening fix should take: the visual gate is cosmetic, and the real

marcel created pull request marcel/familienarchiv#699 2026-05-31 11:14:09 +02:00
fix(ui): hide write/edit controls from READ_ALL (read-only) users (#696)
marcel commented on issue marcel/familienarchiv#696 2026-05-31 11:13:17 +02:00
fix(ui): hide write/edit controls from READ_ALL (read-only) users

Implemented on feat/issue-696-hide-write-controls

The confirmed leak is closed and the boundary is documented. Three atomic, TDD commits:

marcel opened issue marcel/familienarchiv#698 2026-05-31 11:13:13 +02:00
As a reader browsing topics I want each theme box to count documents across its whole sub-topic tree so I can judge a topic's depth at a glance
marcel pushed to feat/issue-696-hide-write-controls at marcel/familienarchiv 2026-05-31 11:13:01 +02:00
5edefdd082 test(document): document READ_ALL -> 403 on document write endpoints (#696)
97274beba0 test(layout): lock upload-button gate against ANNOTATE_ALL-only users (#696)
c3652f5b57 fix(ui): hide header upload button from non-writers (#696)
Compare 3 commits »
marcel created branch feat/issue-696-hide-write-controls in marcel/familienarchiv 2026-05-31 11:13:01 +02:00
marcel opened issue marcel/familienarchiv#697 2026-05-31 10:04:59 +02:00
feat(transcription): let read-only users read transcriptions (read tab only, no edit)
marcel opened issue marcel/familienarchiv#696 2026-05-31 10:04:18 +02:00
fix(ui): hide write/edit controls from READ_ALL (read-only) users
marcel deleted branch fix/csrf-missing-client-fetches from marcel/familienarchiv 2026-05-30 14:39:17 +02:00
marcel pushed to main at marcel/familienarchiv 2026-05-30 14:39:16 +02:00
397fc3c7e4 test(security): add unit tests for cookies.ts CSRF utilities
5d8d85057d fix(security): make csrfFetch a function to respect vi.stubGlobal mocks
58254b492b fix(security): add csrfFetch wrapper and apply to all client-side mutating requests
Compare 3 commits »
marcel merged pull request marcel/familienarchiv#695 2026-05-30 14:39:14 +02:00
fix(security): add csrfFetch wrapper, apply to all client-side mutating requests
marcel pushed to fix/csrf-missing-client-fetches at marcel/familienarchiv 2026-05-30 11:56:19 +02:00
397fc3c7e4 test(security): add unit tests for cookies.ts CSRF utilities
marcel commented on pull request marcel/familienarchiv#695 2026-05-30 11:47:54 +02:00
fix(security): add csrfFetch wrapper, apply to all client-side mutating requests

🎨 Leonie Voss (@leonievoss) — UI/UX Design Lead

Verdict: Approved

This is a pure security infrastructure fix — no template changes, no style changes, no layout changes. Nothing…

marcel commented on pull request marcel/familienarchiv#695 2026-05-30 11:47:48 +02:00
fix(security): add csrfFetch wrapper, apply to all client-side mutating requests

🧪 Sara Holt (@saraholt) — QA Engineer

Verdict: ⚠️ Approved with concerns

Root cause fix: correct

The fix to csrfFetch (function instead of module-level const) correctly…

marcel commented on pull request marcel/familienarchiv#695 2026-05-30 11:47:37 +02:00
fix(security): add csrfFetch wrapper, apply to all client-side mutating requests

🔒 Nora "NullX" Steiner — Application Security Engineer

Verdict: ⚠️ Approved with concerns

The coverage is comprehensive and the implementation is correct. My one blocker is about test…