Fix #145: tree membership management (list / add / role / remove) #233

Merged
justin merged 1 commits from membership-management into main 2026-06-09 12:43:31 -04:00
Owner

TreeMembership was enforced everywhere but had no API/UI to manage members — trees were effectively single-user (breaks NN#8 full-CRUD).

Backend /trees/{id}/members: list (members-only — exposes emails, so non-members never see it even on public trees); add existing user by email (owner-only; 404 no-account, 409 already-member); PATCH role; DELETE. A tree must keep ≥1 owner (demote/remove sole owner → 409). Audited.

Frontend: Members page (owner: add-by-email + role select + remove; others read-only) + sidebar entry.

Test covers full lifecycle + guards. 77 passed.

Closes #145

🤖 Generated with Claude Code

TreeMembership was enforced everywhere but had no API/UI to manage members — trees were effectively single-user (breaks NN#8 full-CRUD). **Backend** `/trees/{id}/members`: list (members-only — exposes emails, so non-members never see it even on public trees); add existing user by email (owner-only; 404 no-account, 409 already-member); PATCH role; DELETE. A tree must keep ≥1 owner (demote/remove sole owner → 409). Audited. **Frontend**: Members page (owner: add-by-email + role select + remove; others read-only) + sidebar entry. Test covers full lifecycle + guards. **77 passed.** Closes #145 🤖 Generated with [Claude Code](https://claude.com/claude-code)
justin added 1 commit 2026-06-09 12:43:31 -04:00
TreeMembership was enforced on every read/write but had no API or UI to manage
members — trees were effectively single-user, breaking full-CRUD (NN#8).

Backend (/trees/{id}/members): list (members only — the list exposes emails, so
non-members never see it, even on public trees); add an existing user by email
(owner only, 404 if no such account, 409 if already a member); PATCH role;
DELETE. A tree must always keep ≥1 owner (demote/remove of the sole owner → 409).
All changes audited.

Frontend: a Members page (owner gets add-by-email + per-member role select +
remove; others see a read-only list) and a sidebar entry.

Test covers the full lifecycle + every guard. Suite 77 passed.

Closes #145

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
justin merged commit 3a7728f1dc into main 2026-06-09 12:43:31 -04:00
justin deleted branch membership-management 2026-06-09 12:43:32 -04:00
Sign in to join this conversation.