feat(users): allow system roles to be renamed but not have permissions changed

- update `updateRole` to allow name changes for system roles while blocking permission updates - remove edit button restriction for system roles in roles page - disable name field only was replaced by disabling permissions checkboxes for system roles in edit modal - update README to reflect new system role update policy
2026-04-25 10:02:51 -04:00
parent 584e96a00d
commit 0d6b06f217
4 changed files with 11 additions and 15 deletions
@@ -214,7 +214,7 @@ await assignUserRole(userId, roleId);
 await revokeUserRole(userId, roleId);
 ```

-Les rôles système (`is_system = true`) ne peuvent pas être modifiés ni supprimés.
+Les rôles système (`is_system = true`) peuvent être renommés mais leurs permissions ne peuvent pas être modifiées. Ils ne peuvent pas être supprimés.

 ---

@@ -54,15 +54,13 @@ export async function updateRole(roleId, { name, description, color, permissionK
  if (role.rows.length === 0) throw new Error('Role not found');

  const isSystem = role.rows[0].is_system;
-  if (isSystem) throw new Error('Cannot update a system role');

  return transaction(async (client) => {
    const updateFields = [];
    const values = [];
    let idx = 1;

-    // System roles cannot be renamed
-    if (!isSystem && name !== undefined) {
+    if (name !== undefined) {
      if (!name.trim()) throw new Error('Role name cannot be empty');
      updateFields.push(`name = $${idx++}`);
      values.push(name.trim());
@@ -84,7 +82,7 @@ export async function updateRole(roleId, { name, description, color, permissionK
      values
    );

-    if (permissionKeys !== undefined) {
+    if (!isSystem && permissionKeys !== undefined) {
      const safeKeys = [...new Set(permissionKeys)].filter(k => VALID_PERMISSION_KEYS.has(k));
      await client.query(`DELETE FROM zen_auth_role_permissions WHERE role_id = $1`, [roleId]);
      for (const key of safeKeys) {
@@ -125,7 +125,6 @@ const RoleEditModal = ({ roleId, isOpen, onClose, onSaved }) => {
                            label="Nom du rôle"
                            value={name}
                            onChange={setName}
-                            disabled={isSystem}
                            placeholder="Éditeur, Modérateur..."
                            required
                        />
@@ -162,6 +161,7 @@ const RoleEditModal = ({ roleId, isOpen, onClose, onSaved }) => {
                                            onChange={() => togglePerm(perm.key)}
                                            label={perm.name}
                                            description={perm.description}
+                                            disabled={isSystem}
                                        />
                                    ))}
                                </div>
@@ -81,15 +81,13 @@ const RolesPageClient = ({ canManage }) => {
            align: 'right',
            render: (role) => (
                <div className="flex items-center justify-end gap-2">
-                    {!role.is_system && (
-                        <Button
-                            variant="secondary"
-                            onClick={() => openEdit(role.id)}
-                            icon={PencilEdit01Icon}
-                        >
-                            Modifier
-                        </Button>
-                    )}
+                    <Button
+                        variant="secondary"
+                        onClick={() => openEdit(role.id)}
+                        icon={PencilEdit01Icon}
+                    >
+                        Modifier
+                    </Button>
                    {!role.is_system && (
                        <Button
                            variant="danger"