Server ownership, team access, role-based UI #7

Merged
rafaga21 merged 7 commits from feature/roles-y-accesos into master 2026-06-07 07:44:52 -04:00

7 Commits

Author SHA1 Message Date
b105b27124 Dashboard stats now scoped to user's accessible servers; super_admin sees all 2026-06-07 07:43:37 -04:00
5b13518672 Refactor sidebar: use is_super_admin/is_admin helpers, restrict Users/Audit/Security to super_admin only 2026-06-07 07:36:34 -04:00
016584e907 Restrict Users, Audit Logs, Security routes to super_admin only
- Sidebar: Users, Audit Logs and Security now only visible to super_admin
- AdminController: requireSuperAdmin() check on users() and auditLogs()
- AdminController: super_admin check on createUser, updateUser, deleteUser JSON endpoints
- securitySettings() already had the check in place
2026-06-07 07:34:16 -04:00
58be111745 Fix: wrap entire Administration section in admin+ check to prevent Security leak for operators 2026-06-07 07:31:34 -04:00
e721a34d8f Filter teams by creator: users only see and manage their own teams 2026-06-07 07:23:47 -04:00
5607a3e507 Replace old team system with work teams (equipos de trabajo)
- New migration 003_teams.sql: teams, team_user, team_server tables
- New Team model with CRUD, members, and server assignment
- New TeamController with full team management
- New views: teams/index, teams/create, teams/show
- Server model: getUserRole and getAccessibleServerIds now include team-based access
- Sidebar: Teams link under Administration (admin+ only)
- Routes: old /team routes removed, new /teams routes added
- Removed old ServerController team methods and views
- Fixed sidebar empty accessible IDs returning all servers
- Fixed dashboard and API to show empty when no accessible servers
2026-06-07 07:08:26 -04:00
5f5de248c6 Add server ownership, team access, role-based UI, and default admin role
- New migration 002_server_access.sql: created_by column + server_user table
- Server model: ownership, permission checks, team management methods
- Routes: /team routes, RoleMiddleware on /servers/create and /admin
- ServerController: permission checks via server_user, team CRUD methods
- TerminalController: server access checks
- DashboardController: filter servers by accessible ones
- ApiController: server access checks
- Views: team.php, team_server.php, sidebar Team link, hide actions by role
- Default user role changed from operator to admin on registration
- Admin user form defaults to admin role
2026-06-07 06:49:12 -04:00