canvas-website/backlog/tasks/task-052 - Flip-permissions-model-everyone-edits-by-default,-protected-boards-opt-in.md

id	title	status	assignee	created_date	updated_date	labels	dependencies	priority
task-052	Flip permissions model: everyone edits by default, protected boards opt-in	Done		2025-12-15 17:23	2025-12-15 17:45			high

Description

Change the default permission model so ALL users (including anonymous) can edit by default. Boards can be marked as "protected" by an admin, making them view-only for non-designated users.

Key changes:

1. Add is_protected column to boards table
2. Add global_admins table (jeffemmett@gmail.com as initial admin)
3. Flip getEffectivePermission logic
4. Create BoardSettingsDropdown component with view-only toggle
5. Add user invite for protected boards
6. Admin request email flow

Acceptance Criteria

• #1 Anonymous users can edit unprotected boards
• #2 Protected boards are view-only for non-editors
• #3 Global admin (jeffemmett@gmail.com) has admin on all boards
• #4 Settings dropdown shows view-only toggle for admins
• #5 Can add/remove editors on protected boards
• #6 Admin request button sends email

Implementation Notes

Pushed to dev branch (commit 2fe96fa)

Backend: schema.sql, boardPermissions.ts, types.ts, worker.ts updated

Frontend: BoardSettingsDropdown.tsx created, AuthContext.tsx and Board.tsx updated

Migration script created at worker/migrations/001_add_protected_boards.sql

NEXT STEPS: Run D1 migration on Cloudflare, add BoardSettingsDropdown to UI, test