Frontend/permission statefulness fix

[jsandoval81]

Requirements List

• None

Description List

• Update staff user edit payload prep

Testing List

• yarn test:unit:all should run without errors or warnings
• yarn serve should run without errors or warnings
• yarn build should run without errors or warnings
• Code review
• Testing
  • Login as compact admin
  • Find a user other than yourself that has compact "Admin" permission (or create one)
  • Then set the compact admin permission on that user to "None"
  • Update should be applied, user's compact level permission should now persist as "None"

Closes #1576

Summary by CodeRabbit

• Bug Fixes

  • Fixed SSN read permission serialization for state-level and compact-level permission updates.

• Refactor

  • Optimized permission comparison logic to reduce unnecessary data transmission when permission settings remain unchanged.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR fixes permission editing for staff users by refactoring client-side payload preparation to avoid sending unchanged false permission states, and expanding server-side serialization gates to properly include SSN read permissions in the decision to emit actions.

Changes

Permission Editing Fix

Layer / File(s)	Summary
Client permission payload preparation webroot/src/components/Users/UserRowEdit/UserRowEdit.ts	prepFormData now compares rowUserCompactPermission directly against prepared compactData and finds matching state permissions by state abbreviation, conditionally deleting unchanged false-state flags (isAdmin, isReadSsn, isReadPrivate, isWrite) from outgoing payloads instead of deriving comparisons via getCompactPermission and getStatePermission helpers.
Server permission serialization gates webroot/src/models/StaffUser/StaffUser.model.ts	deserializeStatePermission and deserializeCompactPermission now include SSN read permissions (hasStateReadSsnSetting and hasCompactReadSsnSetting) as conditions for creating server-side action objects, alongside existing read-private, write, and admin checks.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Permissions tidied, payloads lean,
SSN reads now clearly seen,
False states pruned from network streams,
Fixing edits—all works as it seems! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Frontend/permission statefulness fix' accurately reflects the main change, which updates permission handling logic in the frontend UserRowEdit component to fix state persistence issues.
Linked Issues check	✅ Passed	The code changes address the core requirement from issue #1576 by updating permission serialization logic to properly handle unsetting permissions when values are false.
Out of Scope Changes check	✅ Passed	All changes in UserRowEdit.ts and StaffUser.model.ts are directly related to fixing permission statefulness and unsetting, with no out-of-scope modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	PR description follows the template structure with Requirements, Description, and Testing sections. All critical information is present including specific manual testing instructions and the related issue.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jsandoval81]

@jlkravitz This bugfix is ready for your review.

[jlkravitz]

@jsandoval81 Can we add a regression test for this?