backlog/tasks/task-052 - Flip-permissions-model-everyone-edits-by-default,-protected-boards-opt-in.md

@@ -4,7 +4,7 @@ title: 'Flip permissions model: everyone edits by default, protected boards opt-
 status: Done
 assignee: []
 created_date: '2025-12-15 17:23'
-updated_date: '2025-12-15 18:32'
+updated_date: '2025-12-15 17:45'
 labels: []
 dependencies: []
 priority: high
@@ -26,46 +26,24 @@ Key changes:
 
 ## Acceptance Criteria
 <!-- AC:BEGIN -->
-- [x] #1 Anonymous users can edit unprotected boards
-- [x] #2 Protected boards are view-only for non-editors
-- [x] #3 Global admin (jeffemmett@gmail.com) has admin on all boards
-- [x] #4 Settings dropdown shows view-only toggle for admins
-- [x] #5 Can add/remove editors on protected boards
+- [ ] #1 Anonymous users can edit unprotected boards
+- [ ] #2 Protected boards are view-only for non-editors
+- [ ] #3 Global admin (jeffemmett@gmail.com) has admin on all boards
+- [ ] #4 Settings dropdown shows view-only toggle for admins
+- [ ] #5 Can add/remove editors on protected boards
 - [ ] #6 Admin request button sends email
 <!-- AC:END -->
 
 ## Implementation Notes
 
 <!-- SECTION:NOTES:BEGIN -->
-## Implementation Complete (Dec 15, 2025)
+Pushed to dev branch (commit 2fe96fa)
 
-### Backend Changes (commit 2fe96fa)
-- **worker/schema.sql**: Added `is_protected` column to boards, created `global_admins` table
-- **worker/types.ts**: Added `GlobalAdmin` interface, extended `PermissionCheckResult`
-- **worker/boardPermissions.ts**: Rewrote `getEffectivePermission()` with new logic, added `isGlobalAdmin()`, new API handlers
-- **worker/worker.ts**: Added routes for `/boards/:boardId/info`, `/boards/:boardId/editors`, `/admin/request`
-- **worker/migrations/001_add_protected_boards.sql**: Migration script created
+Backend: schema.sql, boardPermissions.ts, types.ts, worker.ts updated
 
-### D1 Migration (executed manually)
-```sql
-ALTER TABLE boards ADD COLUMN is_protected INTEGER DEFAULT 0;
-CREATE INDEX IF NOT EXISTS idx_boards_protected ON boards(is_protected);
-CREATE TABLE IF NOT EXISTS global_admins (email TEXT PRIMARY KEY, added_at TEXT, added_by TEXT);
-INSERT OR IGNORE INTO global_admins (email) VALUES ('jeffemmett@gmail.com');
-```
+Frontend: BoardSettingsDropdown.tsx created, AuthContext.tsx and Board.tsx updated
 
-### Frontend Changes (commit 3f71222)
-- **src/ui/components.tsx**: Integrated board protection settings into existing settings dropdown
-  - Protection toggle (view-only mode)
-  - Editor list management (add/remove)
-  - Global Admin badge display
-- **src/context/AuthContext.tsx**: Changed default permission to 'edit' for everyone
-- **src/routes/Board.tsx**: Updated `isReadOnly` logic for new permission model
-- **src/components/BoardSettingsDropdown.tsx**: Created standalone component (kept for reference)
+Migration script created at worker/migrations/001_add_protected_boards.sql
 
-### Worker Deployment
-- Deployed to Cloudflare Workers (version 5ddd1e23-d32f-459f-bc5c-cf3f799ab93f)
-
-### Remaining
-- [ ] AC #6: Admin request email flow (Resend integration needed)
+NEXT STEPS: Run D1 migration on Cloudflare, add BoardSettingsDropdown to UI, test
 <!-- SECTION:NOTES:END -->

worker/boardPermissions.ts

@@ -1100,7 +1100,7 @@ export async function handleRequestAdminAccess(
 
     // Send email to global admin (jeffemmett@gmail.com)
     if (env.RESEND_API_KEY) {
-      const emailFrom = env.CRYPTID_EMAIL_FROM || 'Canvas <noreply@jeffemmett.com>';
+      const emailFrom = env.CRYPTID_EMAIL_FROM || 'noreply@canvas.jeffemmett.com';
 
       const emailResponse = await fetch('https://api.resend.com/emails', {
         method: 'POST',