User Story
As a Station user without inventory view permissions,
I want the organization inventory section to be hidden from me entirely,
So that I don't encounter confusing 403 error messages for features I'm not supposed to access.
As a Station administrator,
I want the UI to reflect a user's actual permissions,
So that the interface is clean and users only see what they can act on.
Definition of Done
Acceptance Criteria
Technical Elaboration
Root Cause
The frontend currently renders the org inventory UI and fires `GET /api/orgs/:orgId/inventory` unconditionally when switching to org view. The backend correctly returns `403` for users lacking `can_view_org_inventory`, but the frontend surfaces this as a red error message rather than simply not rendering the section.
The permissions response (`GET /permissions/user/:userId/organization/:orgId`) is already fetched and available (confirmed returning `304` in logs). The UI just isn't using it to gate the inventory section.
Fix
- Read `can_view_org_inventory` from the resolved org permissions before rendering the inventory tab/section.
- If `false` (or absent): hide the tab, skip the inventory fetch entirely.
- Similarly gate `can_edit_org_inventory` controls (add/edit/delete buttons) on the appropriate permission.
Affected Files
- `frontend/src/pages/Inventory.tsx` — conditional render of org inventory section
- Any nav/sidebar component that renders the org inventory tab
Design Elaboration
UX Intent
A user without inventory access should have no indication the org inventory section exists — no tab, no disabled state, no error. The experience should be identical to the feature not existing for them.
Permission Hierarchy
| Permission |
Can see org inventory |
Can add/edit items |
Can admin (bulk ops, export) |
| `can_view_org_inventory` |
✓ |
✗ |
✗ |
| `can_edit_org_inventory` |
✓ |
✓ |
✗ |
| `can_admin_org_inventory` |
✓ |
✓ |
✓ |
Dependencies
- Companion to ISSUE-162 (role seed fix) — once roles are seeded correctly, users will have the right permissions and this gating will work end-to-end
- Permissions are already fetched via `GET /permissions/user/:userId/organization/:orgId` — no new API calls needed
User Story
As a Station user without inventory view permissions,
I want the organization inventory section to be hidden from me entirely,
So that I don't encounter confusing 403 error messages for features I'm not supposed to access.
As a Station administrator,
I want the UI to reflect a user's actual permissions,
So that the interface is clean and users only see what they can act on.
Definition of Done
Acceptance Criteria
Technical Elaboration
Root Cause
The frontend currently renders the org inventory UI and fires `GET /api/orgs/:orgId/inventory` unconditionally when switching to org view. The backend correctly returns `403` for users lacking `can_view_org_inventory`, but the frontend surfaces this as a red error message rather than simply not rendering the section.
The permissions response (`GET /permissions/user/:userId/organization/:orgId`) is already fetched and available (confirmed returning `304` in logs). The UI just isn't using it to gate the inventory section.
Fix
Affected Files
Design Elaboration
UX Intent
A user without inventory access should have no indication the org inventory section exists — no tab, no disabled state, no error. The experience should be identical to the feature not existing for them.
Permission Hierarchy
Dependencies