Audit van alle Server Actions revealed drie mutation-paden zonder
isDemo-check, terwijl de demo-policy zegt "demo-user is read-only":
- toggleTodoAction: demo kon eigen todos done/undone toggelen
- archiveCompletedTodosAction: demo kon todos archiveren (bulk)
- leaveProductAction: demo kon productMembership verlaten
Fix: standaard `if (session.isDemo) return { error: 'Niet beschikbaar in
demo-modus' }` toegevoegd, conform de andere mutation-actions.
Andere claim/unclaim/reassign/updateTaskPlan-actions zijn al gedekt via
requireProductWriter() → requireWriter() → demo-throw — nu code-side
geverifieerd voor de hele actions/-tree.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(ST-?): createProductAction + updateProductAction (data-object API)
Voegt data-object-gebaseerde createProductAction(data) en
updateProductAction(id, data) toe aan actions/products.ts voor gebruik
door ProductDialog. Bevat Zod-validatie (incl. github-regex op repo_url),
productAccessFilter voor update, pg_notify bij update, en productMember-
aanleg bij create. FormData-varianten hernoemd naar ...FormAction; callers
bijgewerkt. 9 nieuwe tests groen.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-?): ProductDialog component (create + edit modes)
Voegt components/dialogs/product-dialog.tsx toe op basis van het
entity-dialog-patroon. Gebruikt react-hook-form + zodResolver voor
client-side validatie. Roept createProductAction/updateProductAction
aan en werkt stores/products-store.ts optimistisch bij. Demo-modus
disabled alle velden + submit-knop via DemoTooltip. 7 tests groen.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-?): UI triggers voor ProductDialog op dashboard en product-detail
Voegt NewProductButton toe op het dashboard (vervangt de /products/new
link) en EditProductButton op de product-detail pagina. Bewerken-knop
is alleen zichtbaar voor de product-eigenaar en verborgen in demo-modus.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(test): cast toast via unknown to satisfy strict TS
`toast as { success, error }` direct-cast faalt omdat sonner's toast een
callable + properties is. TS2352. Cast via unknown lost het op zonder
gedrag te wijzigen.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(tooling): extend backlog parser to support PBI-x milestone headers
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore(backlog): mark ST-801–806 as done
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(backlog): sorteer PBI's en stories op prio/code/datum, onthoud keuze in localStorage; vergroot sprint-afronden dialoog
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-901): add user.active_product_id with FK to Product
- Nullable relation User → Product with onDelete: SetNull
- Index on active_product_id for join performance
- Migration: 20260427165329_add_user_active_product_id
- Install @tanstack/react-table (was missing from node_modules)
- Fix PRIORITY_COLORS ref removed in earlier refactor
- Note: User schema change affects vendor/scrum4me-mcp submodule — run prisma generate + tsc --noEmit there after merge
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: restore priority color on PBI filter pill
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-902): add setActiveProduct + clearActiveProduct server actions
- actions/active-product.ts: setActiveProductAction validates access via
productAccessFilter, rejects archived products and demo users
- archiveProductAction: clears active_product_id for all affected users in transaction
- removeProductMemberAction: clears active_product_id for removed member
- leaveProductAction: clears active_product_id for leaving user
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-903): load active product in layout, replace cookie with DB lookup in solo
- layout.tsx: fetch active_product_id, resolve product, clear stale ref server-side
- NavBar: add activeProduct prop (rendering changes in ST-904)
- solo/page.tsx: redirect via user.active_product_id instead of lastProductId cookie
- proxy.ts: remove lastProductId cookie logic
- lib/cookies.ts: deleted (no longer used)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-904): split NavBar into 5 tabs with disabled-states and product-switcher dropdown
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-905): add Activeer button per product row in dashboard and product header
* feat(ST-906): redirect to dashboard with toast when active product becomes inaccessible
* feat(ST-907): tests for active-product actions and functional spec update for M9
* docs(M9): add implementation plan document and link from backlog
* feat: active PB indicator, Maak actief button and new product link in settings
* feat: apply priority-color card style to sprint story rows
* fix: move add-to-sprint click from entire card to + Toevoegen button
* feat: apply priority-color card style to sprint task rows
* fix(sprint-backlog): prevent text selection on PBI collapse button
* chore: bump version to 0.4.0 (M9 active product backlog)
* fix(landing): align logged-in nav left to match app NavBar
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add ProductMember model (many-to-many User ↔ Product)
- Add productAccessFilter helper (owner OR member OR clause)
- Replace all ownership checks across actions and API routes
- Add addProductMemberAction / removeProductMemberAction / leaveProductAction
- Add TeamManager component in product settings (owner adds/removes Developers)
- Add LeaveProductButton in user settings (member leaves a product team)
- Regenerate Prisma Client after schema migration
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
