Frontend/permission statefulness fix

[jsandoval81]

Requirements List

• None

Description List

• Update UserRowEdit staff user permission payload prep
• Update tests

Testing List

• yarn test:unit:all should run without errors or warnings
• yarn serve should run without errors or warnings
• yarn build should run without errors or warnings
• Code review
• Testing
  • Login as compact admin
  • Find a user other than yourself that has compact "Admin" permission (or create one)
  • Then set the compact admin permission on that user to "None"
  • Update should be applied, user's compact level permission should now persist as "None"

Closes #1576

Summary by CodeRabbit

• Bug Fixes

  • Ensure SSN read flags are correctly handled when updating compact and state permissions so payloads reflect intended permission changes.

• Refactor

  • Improved client-side comparison logic to avoid sending unchanged compact/state permission flags.

• Tests

  • Added unit and component tests covering preservation, removal, and updates of compact and state permissions (including SSN).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 192d3d83-2e15-43fb-8d8f-99e4986af3c3

📥 Commits

Reviewing files that changed from the base of the PR and between edb5ed0 and 141ff6f.

📒 Files selected for processing (2)

• webroot/src/components/Users/UserRowEdit/UserRowEdit.spec.ts
• webroot/src/models/StaffUser/StaffUser.model.spec.ts

---

📝 Walkthrough

Walkthrough

Client-side permission payload preparation now omits unchanged false permission flags by comparing existing compact and state entries directly; server-side serialization now treats SSN read flags as a trigger to emit action objects. Tests were added covering both client and server behaviors.

Changes

Permission Editing Fix

Layer / File(s)	Summary
Client permission payload preparation webroot/src/components/Users/UserRowEdit/UserRowEdit.ts	prepFormData now compares rowUserCompactPermission directly against prepared compactData and finds matching state permissions by state abbreviation, conditionally deleting unchanged false-state flags (isAdmin, isWrite, isReadSsn, isReadPrivate) from outgoing payloads instead of deriving comparisons via getCompactPermission/getStatePermission.
Server permission serialization gates webroot/src/models/StaffUser/StaffUser.model.ts	deserializeStatePermission and deserializeCompactPermission now include SSN read permission checks (hasStateReadSsnSetting, hasCompactReadSsnSetting) as conditions for creating server-side actions objects alongside existing read-private/write/admin checks.
Unit tests for payload behavior webroot/src/components/Users/UserRowEdit/UserRowEdit.spec.ts, webroot/src/models/StaffUser/StaffUser.model.spec.ts	Added helpers and multiple tests verifying prepFormData() behavior for preserving/removing/updating compact and state permissions, and tests asserting StaffUserSerializer.toServer emits the expected single-action payloads (including SSN read flags) and includes the '...': '' placeholder.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• jlkravitz
• carlsims
• isabeleliassen

Poem

🐰 I nudge the payload, prune the trees,
SSN flags now wake from sleep,
False bits quietly fall away,
Tests hop in to watch and keep,
Payloads lean — a tidy sweep.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Frontend/permission statefulness fix' clearly identifies the main change—fixing permission state persistence in the frontend, which directly relates to the code changes updating UserRowEdit's permission payload preparation.
Description check	✅ Passed	The description covers all template requirements: Requirements List (marked None), Description List (updates listed), Testing List (includes yarn commands, manual testing steps), and closes issue #1576.
Linked Issues check	✅ Passed	The PR directly addresses issue #1576 by fixing permission state persistence for compact and state-level permissions through updated payload preparation logic and comprehensive test coverage.
Out of Scope Changes check	✅ Passed	All changes are in-scope: UserRowEdit and StaffUser model updates fix permission handling, and test additions verify the new behavior—all directly addressing the statefulness bug.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jsandoval81]

@jlkravitz This bugfix is ready for your review.

[jlkravitz]

@jsandoval81 Can we add a regression test for this?

[jsandoval81]

@jlkravitz Good call. This is ready for your re-review.

[jlkravitz]

@isabeleliassen this is good to merge!