Business-Management/changelog/2026-04-17_groups-and-admin-nav.md

2026-04-17 — Groups management and Admin navigation split

Timestamp: 2026-04-17T12:00:00Z

Summary

Added a Groups system (backend models, API, migration) and split the Admin sidebar item into an expandable accordion with "Users" and "Groups" sub-navigation points.

Files Added / Modified / Deleted

Added

• backend/app/models/group.py — Group and GroupMembership SQLAlchemy models
• backend/app/schemas/group.py — Pydantic schemas: GroupCreate, GroupUpdate, GroupOut, GroupDetailOut, GroupMemberOut
• backend/app/routers/groups.py — Admin CRUD endpoints for groups + member add/remove
• backend/alembic/versions/a3f9c2d14e87_add_groups_and_group_memberships.py — Migration creating groups and group_memberships tables
• frontend/src/pages/AdminUsersPage.tsx — User management page (extracted from AdminPage)
• frontend/src/pages/AdminGroupsPage.tsx — Group management page with inline member panel

Modified

• backend/app/models/__init__.py — Import Group and GroupMembership
• backend/app/main.py — Mount /api/admin/groups router
• frontend/src/api/client.ts — Added 7 group API functions and TypeScript types
• frontend/src/pages/AdminPage.tsx — Now a simple redirect to /admin/users
• frontend/src/App.tsx — Added routes /admin/users and /admin/groups
• frontend/src/components/Sidebar.tsx — Admin item is now an expandable accordion with Users and Groups sub-items
• backend/STATUS.md — Documented groups endpoints, models, updated future work
• frontend/STATUS.md — Documented new routes, pages, API client functions

---

2026-04-17 — Explicit bcrypt work factor

Timestamp: 2026-04-17T15:00:00Z

Summary

Made the bcrypt cost factor explicit (13 rounds, ~300 ms) in hash_password so it is easy to audit and increase over time.

Files Modified

• backend/app/core/security.py — added _BCRYPT_ROUNDS = 13; passed rounds= to bcrypt.gensalt()