/* Sidebar — ported from prototype dashboard-parts.jsx.
Nav items match the Heron platform spec. Items without real
routes yet show "Coming soon" placeholders until they're built
in subsequent migration groups. */
/* Per-role nav allow-lists — direct port of the original CMS
reorderSidebar() function (cms-original L13087–13136). Each role
gets an explicit list of which nav ids appear, in which section.
This replaces the previous capability-gate scheme because the
original was role-list-based, not capability-based, and the two
models produced different results for site_manager (who should NOT
see audit) and aquaos_admin (who should NOT see operational org
surfaces at the top level).
marketing_admin + designer were never wired in the original CMS;
we give them sensible defaults based on their authorize() coverage
in the backend and flag them in the comments below. */
const ROLE_NAV = {
/* Bug feedback batch (May 2026):
- 'settings' removed from sidebar — only the topbar gear popup
(b8c85386).
- 'templates' removed entirely — feature parked (a0a149cc).
- 'notifications' removed from sidebar — bell popover in the
topbar already covers it (30480d6a).
- 'bulk' + 'audit' moved into Settings popup as tabs (30480d6a).
Platform admin gets 'users' (ca16fd3a). */
aquaos_admin: {
top: ['dashboard'],
/* video-backgrounds — TEMP dev surface, aquaos_admin only.
Remove this id from BOTH this allow-list and NAV_PLATFORM
below when the surface is productised or retired. */
platform: ['orgs', 'global-species', 'users', 'analytics', 'video-backgrounds'],
insights: ['alerts', 'dashboards'],
tools: [],
},
org_admin: {
/* Per Oli: org_admin doesn't need Displays/Zones in the top nav
(those are site_manager day-to-day surfaces; org_admin reaches
them via dashboard cards or sites detail). Billing moves out of
the platform section and lives inside Settings instead.
Analytics is critical for org_admin — they oversee every site in
the org, so a cross-site rollup belongs in their nav. The
backend auto-scopes /api/analytics by organisation_id so the
same page renders different data per role. Alerts (Phase 2)
added — org_admin can manage alert rules across the whole org. */
top: ['dashboard', 'campaigns', 'library'],
platform: ['sites', 'analytics', 'users'],
insights: ['approvals', 'alerts', 'dashboards'],
tools: ['media'],
},
site_manager: {
/* 'zones' removed — merged into the Displays page per Option A. */
top: ['dashboard', 'campaigns', 'library', 'displays'],
/* Analytics added for site_manager — backend scopes to their
assigned sites via siteScope() so the cross-site widgets get
hidden naturally. Page-level cap check uses analytics.view_site.
Alerts: site_manager owns analytics.manage_alerts so they need
the nav entry to author + ack rules. */
platform: ['users', 'analytics'],
insights: ['approvals', 'alerts', 'dashboards'],
tools: ['media'],
},
marketing_admin: {
/* Cross-site campaigns + assets. Backend authorize includes them
on /api/campaigns, /api/assets, /api/approvals. Analytics
added — campaign-centric view appropriate for marketing leads.
Alerts: marketing_admin has view_alerts (read-only) — they want
to see when campaigns underperform but don't author rules. */
top: ['dashboard', 'campaigns', 'library'],
platform: ['analytics'],
insights: ['approvals', 'alerts', 'dashboards'],
tools: ['media'],
},
designer: {
/* Asset upload + AI copy gen — narrow scope. */
top: ['campaigns', 'library'],
platform: [],
insights: [],
tools: ['media'],
},
operator: {
/* Original L13130-13134 — Screens + Species library only. */
top: ['displays', 'library'],
platform: [],
insights: [],
tools: [],
},
/* Legacy 'admin' role from the pre-multi-tenant era — kept in
lockstep with org_admin. */
admin: {
top: ['dashboard', 'campaigns', 'library'],
platform: ['analytics', 'users'],
insights: ['approvals', 'alerts', 'dashboards'],
tools: ['media'],
},
};
const NAV_TOP = [
{ id: 'dashboard', label: 'Dashboard', icon: 'home' },
{ id: 'campaigns', label: 'Marketing', icon: 'spark' },
{ id: 'library', label: 'Species Library', icon: 'library' },
/* Zones merged into Displays per Option A of the merge UX
decision — screens now render grouped under collapsible zone
headers on the Displays page, with a page-level "Add zone"
button. The standalone Zones entry was redundant. */
{ id: 'displays', label: 'Displays', icon: 'monitor' },
];
const NAV_PLATFORM = [
{ id: 'orgs', label: 'Organisations', icon: 'building' },
/* Per-org sites management — visible to org_admin (and aquaos_admin
if you ever add it to their allow-list). Restores the affordance
Sarah flagged as missing in bug 85ae5e93: org admins need a way
to add and manage their aquarium locations. */
{ id: 'sites', label: 'Sites', icon: 'building' },
{ id: 'global-species', label: 'Global Species', icon: 'fish' },
{ id: 'users', label: 'Users', icon: 'users' },
/* Label adjusts per role at render time — aquaos_admin sees
"Platform Analytics" (cross-org), org_admin sees just "Analytics"
(their org rollup). The backend scopes the data either way. */
{ id: 'analytics', label: 'Analytics', icon: 'chart' },
/* Billing removed from sidebar — now lives as a tab in the Settings
popup (see settings.jsx L42, gated by Auth.canSeeBilling). The
billing.jsx screen still exists and is rendered by SettingsScreen. */
/* TEMP — Video Backgrounds dev surface (Kling 2.5 etc.). Visible
to aquaos_admin only via ROLE_NAV. Remove this entry from BOTH
ROLE_NAV.aquaos_admin.platform AND this NAV_PLATFORM array
when the feature is productised or retired. */
{ id: 'video-backgrounds', label: 'Video Backgrounds', icon: 'monitor' },
];
const NAV_INSIGHTS = [
/* Notifications removed — topbar bell popover (sidebar.jsx ~line 780)
already surfaces them; a dedicated page was redundant. Audit log
moved into Settings → Audit tab. */
/* Approvals nav HIDDEN (2026-06-03, Oli): the campaign review workflow
is paused — campaigns now publish directly without an approval step,
so the Approvals page is no longer linked. The entry is left in each
ROLE_NAV[role].insights allow-list (harmless orphan) so re-enabling is
a one-line uncomment here. The /api/approvals + /:id/submit + /:id/review
endpoints are untouched. */
// { id: 'approvals', label: 'Approvals', icon: 'check' },
/* Alerts (Phase 2) — alert rules + recent fires + anomalies. Page-level
gate uses Auth.canViewAnalyticsAlerts(); manage-actions hidden when
canManageAnalyticsAlerts() returns false. */
{ id: 'alerts', label: 'Alerts', icon: 'alert' },
/* Custom dashboards (Phase M) — user-authored panel layouts. Same
view-cap as the rest of analytics; manage actions hidden without
manage_alerts (close-enough cap for "operator-author tooling"). */
{ id: 'dashboards', label: 'Dashboards', icon: 'chart' },
];
const NAV_TOOLS = [
/* Templates feature parked. Settings now lives only in the topbar gear
popup. Bulk Operations moved into Settings → Bulk tab. */
{ id: 'media', label: 'Media library', icon: 'library' },
];
/* Visibility resolver — pulls the current user's role allow-list from
ROLE_NAV and tests each item's id against it. Direct port of the
original CMS reorderSidebar() pattern. Roles not in ROLE_NAV (which
shouldn't happen given backend validation) fall back to the legacy
admin layout. */
function navAllowed(section) {
const u = Auth && Auth.getUser ? Auth.getUser() : null;
const role = (u && u.role) || 'operator';
const map = ROLE_NAV[role] || ROLE_NAV.admin;
return new Set(map[section] || []);
}
function visibleNav(section, items) {
const allowed = navAllowed(section);
return items.filter((it) => allowed.has(it.id));
}
function NavRow({ item, active, onPick, badgeCount, compact }) {
return (