Business-Management/changelog/2026-04-17_groups-and-admin-nav.md

# 2026-04-17 — Groups management and Admin navigation split

**Timestamp:** 2026-04-17T12:00:00Z

## Summary

Added a Groups system (backend models, API, migration) and split the Admin sidebar item into an expandable accordion with "Users" and "Groups" sub-navigation points.

## Files Added / Modified / Deleted

### Added
- `backend/app/models/group.py` — `Group` and `GroupMembership` SQLAlchemy models
- `backend/app/schemas/group.py` — Pydantic schemas: `GroupCreate`, `GroupUpdate`, `GroupOut`, `GroupDetailOut`, `GroupMemberOut`
- `backend/app/routers/groups.py` — Admin CRUD endpoints for groups + member add/remove
- `backend/alembic/versions/a3f9c2d14e87_add_groups_and_group_memberships.py` — Migration creating `groups` and `group_memberships` tables
- `frontend/src/pages/AdminUsersPage.tsx` — User management page (extracted from AdminPage)
- `frontend/src/pages/AdminGroupsPage.tsx` — Group management page with inline member panel

### Modified
- `backend/app/models/__init__.py` — Import `Group` and `GroupMembership`
- `backend/app/main.py` — Mount `/api/admin/groups` router
- `frontend/src/api/client.ts` — Added 7 group API functions and TypeScript types
- `frontend/src/pages/AdminPage.tsx` — Now a simple redirect to `/admin/users`
- `frontend/src/App.tsx` — Added routes `/admin/users` and `/admin/groups`
- `frontend/src/components/Sidebar.tsx` — Admin item is now an expandable accordion with Users and Groups sub-items
- `backend/STATUS.md` — Documented groups endpoints, models, updated future work
- `frontend/STATUS.md` — Documented new routes, pages, API client functions

---

# 2026-04-17 — Explicit bcrypt work factor

**Timestamp:** 2026-04-17T15:00:00Z

## Summary
Made the bcrypt cost factor explicit (13 rounds, ~300 ms) in `hash_password` so it is easy to audit and increase over time.

## Files Modified
- `backend/app/core/security.py` — added `_BCRYPT_ROUNDS = 13`; passed `rounds=` to `bcrypt.gensalt()`