Logs showed the raw User ID (ActorName was almost never stored) and an English
role enum. Now:
- AuditController resolves each entry's actor to the employee's CURRENT full name
and localized role at read time (joins Employees with IgnoreQueryFilters, so it
also names soft-deleted staff and fixes all historical rows — no migration).
- The audit table renders "Full name (Role)" with the role localized (fa/en/ar);
the name is a button that opens an employee-details dialog.
- New EmployeeDetailsDialog: fetches the employee and shows name, role, phone,
base salary, and an "Open in HR" link; handles removed staff gracefully.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Closes the gap where the custom-role matrix was defined but unenforced — most
write endpoints only checked café membership, so the API would accept writes a
role's UI hid. Adds EnsurePermission(...) to all mutating/sensitive endpoints
across 32 controllers, mapped to the granular catalog:
- menu/inventory/coupons/customers/expenses/reservations/taxes/branches → CRUD perms
- tables/queue/kitchen-stations/print-settings → manage perms
- orders → ProcessOrders / EditOrder / VoidOrder / UpdateOrderStatus / HandlePayments,
payment corrections → ManageFinancials
- HR → CreateStaff / ManageSchedules / ReviewLeave / View+ManageSalaries /
ManageStaffCredentials (self-service clock-in/leave preserved)
- reports → ViewReports, export → ExportReports, audit → ViewAuditLog
- billing → ManageBilling, sms → SendSms/ManageSmsSettings, reviews → ManageReviews,
discover/public profile → ManageDiscoverProfile, café settings → ManageCafeSettings,
custom roles → ManageRoles
Removes legacy [Authorize(Roles=...)] attributes that would have overridden the
permission model (orders, branch-menu, pos-device, print). Manual discount/comp
have no backend endpoint yet (discounts come from coupons) — gated on the POS UI.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
soroush.asadi