Neue Rolle screen_user: User können sich einloggen und nur ihre
zugeordneten Bildschirme verwalten. Admins behalten vollen Zugriff.
- Migration 003: users.role-Spalte + user_screen_permissions (M:N)
- Store: CreateScreenUser, ListScreenUsers, DeleteUser,
GetAccessibleScreens, HasUserScreenAccess,
AddUserToScreen, RemoveUserFromScreen, GetScreenUsers
- Middleware: RequireScreenAccess enforces screen-level access
für alle /manage/{screenSlug}-Routen
- 4 neue Admin-Handler: CreateScreenUser, DeleteScreenUser,
AddUserToScreen, RemoveUserFromScreen (+4 Routes)
- Admin-UI: Tab "Benutzer" (anlegen/löschen) + Screen-User-Modal
(User zuordnen/entfernen) direkt in der Bildschirm-Tabelle
- Login: screen_user wird nach Login zum ersten zugänglichen Screen
weitergeleitet; kein Zugang zu /admin
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
1. [SQL] Fix username uniqueness constraint
- Changed from global unique to composite unique(tenant_id, username)
- Multi-tenant apps need same usernames across tenants (e.g., each tenant can have 'admin')
2. [Go] Fix inconsistent error handling in scanSession
- Now returns pgx.ErrNoRows when session not found (like scanUser)
- Allows proper 404 vs 500 error distinction in handlers
3. [Go] Add missing VerifyPassword function
- Implements bcrypt.CompareHashAndPassword for password verification
- Enables login flow with proper error handling for missing users
- Paired with existing GenerateFromPassword for secure password hashing
Security checks:
- SQL injection: All queries parameterized (no string interpolation)
- bcrypt: Cost factor 12 (production-recommended)
- Session tokens: PostgreSQL gen_random_uuid() (cryptographically secure)
- Password hashes: Protected with json:"-" tag (never exposed in responses)
- Error handling: Comprehensive, no silent failures
Build & Vet: All checks pass (go build ./..., go vet ./...)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
