M12 / ST-1110: Demo gebruiker read-only (#17)

* feat(ST-1110.3): add proxy.ts demo-guard for non-GET API routes * feat(ST-1110.3+4): demo-guard proxy + block demo in QR-pairing - proxy.ts: gebruik unsealData ipv getIronSession (middleware-compatibel) - pair/start: isDemo-check via cookies() guard - pair/claim: check pairing.user.is_demo na DB-read; 403 + clearPairCookie * feat(ST-1110.5): unify demo write-button pattern to disabled+tooltip Convert all !isDemo && <Button> patterns to <DemoTooltip show={isDemo}> <Button disabled={isDemo}> so demo visitors see app capabilities. Affects: pbi-list, story-panel, story-dialog, task-list, sprint-backlog, token-manager, product-list, activate-product-button, leave-product-button, settings page. * test(ST-1110.6): proxy demo-guard coverage — 403 for demo+non-GET on /api/* * docs(ST-1110.7): document three-layer demo-readonly policy and mirror plan
2026-04-29 18:44:14 +02:00 · 2026-04-29 18:44:14 +02:00 · 1cb5772edd
commit 1cb5772edd
parent 8a9fb9d32b
19 changed files with 413 additions and 142 deletions
--- a/components/sprint/sprint-backlog.tsx
+++ b/components/sprint/sprint-backlog.tsx
@ -189,15 +189,16 @@ function SortableSprintRow({
                  </DropdownMenuContent>
                </DropdownMenu>
              </DemoTooltip>
-              {!isDemo && (
+              <DemoTooltip show={isDemo}>
                <button
-                  onClick={e => { e.stopPropagation(); onRemove() }}
-                  className="opacity-0 group-hover:opacity-100 text-muted-foreground hover:text-error"
+                  onClick={e => { e.stopPropagation(); if (!isDemo) onRemove() }}
+                  className="opacity-0 group-hover:opacity-100 text-muted-foreground hover:text-error disabled:opacity-40 disabled:cursor-not-allowed"
                  aria-label="Verwijder uit sprint"
+                  disabled={isDemo}
                >
                  <Trash2 size={14} />
                </button>
-              )}
+              </DemoTooltip>
            </div>
          </div>
        </div>
@ -352,14 +353,15 @@ function DraggablePbiStoryRow({
            </Badge>
          </div>
        </div>
-        {!isDemo && (
+        <DemoTooltip show={isDemo}>
          <button
-            onClick={onAdd}
-            className="text-xs text-primary hover:underline shrink-0"
+            onClick={() => !isDemo && onAdd()}
+            className="text-xs text-primary hover:underline shrink-0 disabled:opacity-40 disabled:cursor-not-allowed disabled:no-underline"
+            disabled={isDemo}
          >
            + Toevoegen
          </button>
-        )}
+        </DemoTooltip>
      </div>
    </div>
  )