From da26954c3bfe769a136905d9a37c45b17daa91b1 Mon Sep 17 00:00:00 2001
From: Allan Carr <allan@imexsystems.ca>
Date: Fri, 6 Mar 2026 14:21:00 -0800
Subject: [PATCH] IO-3596 Manual Line Lock Down

Signed-off-by: Allan Carr <allan@imexsystems.ca>
---
 .../job-detail-lines/job-lines.component.jsx  | 82 ++++++++++---------
 .../components/rbac-wrapper/rbac-defaults.js  |  1 +
 .../shop-info/shop-info.rbac.component.jsx    | 13 +++
 client/src/translations/en_us/common.json     |  1 +
 client/src/translations/es/common.json        |  1 +
 client/src/translations/fr/common.json        |  1 +
 6 files changed, 61 insertions(+), 38 deletions(-)

diff --git a/client/src/components/job-detail-lines/job-lines.component.jsx b/client/src/components/job-detail-lines/job-lines.component.jsx
index d5df5480e..16a3d6c87 100644
--- a/client/src/components/job-detail-lines/job-lines.component.jsx
+++ b/client/src/components/job-detail-lines/job-lines.component.jsx
@@ -33,7 +33,7 @@ import JobLinesBillRefernece from "../job-lines-bill-reference/job-lines-bill-re
 import { useTreatmentsWithConfig } from "@splitsoftware/splitio-react";
 import _ from "lodash";
 import { FaTasks } from "react-icons/fa";
-import { selectBodyshop } from "../../redux/user/user.selectors";
+import { selectAuthLevel, selectBodyshop } from "../../redux/user/user.selectors";
 import dayjs from "../../utils/day";
 import InstanceRenderManager from "../../utils/instanceRenderMgr";
 import { HasFeatureAccess } from "../feature-wrapper/feature-wrapper.component";
@@ -49,6 +49,7 @@ import JobLinesPartPriceChange from "./job-lines-part-price-change.component";
 import JobLinesExpanderSimple from "./jobs-lines-expander-simple.component";
 import { logImEXEvent } from "../../firebase/firebase.utils";
 import { useNotification } from "../../contexts/Notifications/notificationContext.jsx";
+import { HasRbacAccess } from "../rbac-wrapper/rbac-wrapper.component.jsx";
 
 const UPDATE_JOB_LINES_LOCATION_BULK = gql`
   mutation UPDATE_JOB_LINES_LOCATION_BULK($ids: [uuid!]!, $location: String!) {
@@ -66,7 +67,8 @@ const mapStateToProps = createStructuredSelector({
   bodyshop: selectBodyshop,
   jobRO: selectJobReadOnly,
   technician: selectTechnician,
-  isPartsEntry: selectIsPartsEntry
+  isPartsEntry: selectIsPartsEntry,
+  authLevel: selectAuthLevel
 });
 
 const mapDispatchToProps = (dispatch) => ({
@@ -94,7 +96,8 @@ export function JobLinesComponent({
   setTaskUpsertContext,
   billsQuery,
   handlePartsOrderOnRowClick,
-  isPartsEntry
+  isPartsEntry,
+  authLevel
 }) {
   const [deleteJobLine] = useMutation(DELETE_JOB_LINE_BY_PK);
   const [bulkUpdateLocations] = useMutation(UPDATE_JOB_LINES_LOCATION_BULK);
@@ -386,18 +389,20 @@ export function JobLinesComponent({
             key: "actions",
             render: (text, record) => (
               <Space>
-                {(record.manual_line || jobIsPrivate) && !technician && (
-                  <Button
-                    disabled={jobRO}
-                    onClick={() => {
-                      setJobLineEditContext({
-                        actions: { refetch: refetch, submit: form && form.submit },
-                        context: { ...record, jobid: job.id }
-                      });
-                    }}
-                    icon={<EditFilled />}
-                  />
-                )}
+                {(record.manual_line || jobIsPrivate) &&
+                  !technician &&
+                  HasRbacAccess({ bodyshop, authLevel, action: "jobs:manual-line" }) && (
+                    <Button
+                      disabled={jobRO}
+                      onClick={() => {
+                        setJobLineEditContext({
+                          actions: { refetch: refetch, submit: form && form.submit },
+                          context: { ...record, jobid: job.id }
+                        });
+                      }}
+                      icon={<EditFilled />}
+                    />
+                  )}
                 <Button
                   title={t("tasks.buttons.create")}
                   onClick={() => {
@@ -410,29 +415,30 @@ export function JobLinesComponent({
                   }}
                   icon={<FaTasks />}
                 />
-
-                {(record.manual_line || jobIsPrivate) && !technician && (
-                  <Button
-                    disabled={jobRO}
-                    onClick={async () => {
-                      await deleteJobLine({
-                        variables: { joblineId: record.id },
-                        update(cache) {
-                          cache.modify({
-                            fields: {
-                              joblines(existingJobLines, { readField }) {
-                                return existingJobLines.filter((jlRef) => record.id !== readField("id", jlRef));
+                {(record.manual_line || jobIsPrivate) &&
+                  !technician &&
+                  HasRbacAccess({ bodyshop, authLevel, action: "jobs:manual-line" }) && (
+                    <Button
+                      disabled={jobRO}
+                      onClick={async () => {
+                        await deleteJobLine({
+                          variables: { joblineId: record.id },
+                          update(cache) {
+                            cache.modify({
+                              fields: {
+                                joblines(existingJobLines, { readField }) {
+                                  return existingJobLines.filter((jlRef) => record.id !== readField("id", jlRef));
+                                }
                               }
-                            }
-                          });
-                        }
-                      });
-                      await axios.post("/job/totalsssu", { id: job.id });
-                      if (refetch) refetch();
-                    }}
-                    icon={<DeleteFilled />}
-                  />
-                )}
+                            });
+                          }
+                        });
+                        await axios.post("/job/totalsssu", { id: job.id });
+                        if (refetch) refetch();
+                      }}
+                      icon={<DeleteFilled />}
+                    />
+                  )}
               </Space>
             )
           }
@@ -657,7 +663,7 @@ export function JobLinesComponent({
               <Button id="repair-data-mark-button">{t("jobs.actions.mark")}</Button>
             </Dropdown>
 
-            {!isPartsEntry && (
+            {!isPartsEntry && HasRbacAccess({ bodyshop, authLevel, action: "jobs:manual-line" }) && (
               <Button
                 disabled={jobRO || technician}
                 onClick={() => {
diff --git a/client/src/components/rbac-wrapper/rbac-defaults.js b/client/src/components/rbac-wrapper/rbac-defaults.js
index a5612c481..019c65e37 100644
--- a/client/src/components/rbac-wrapper/rbac-defaults.js
+++ b/client/src/components/rbac-wrapper/rbac-defaults.js
@@ -26,6 +26,7 @@ const ret = {
   "jobs:partsqueue": 4,
   "jobs:checklist-view": 2,
   "jobs:list-ready": 1,
+  "jobs:manual-line": 1,
   "jobs:void": 5,
 
   "bills:enter": 2,
diff --git a/client/src/components/shop-info/shop-info.rbac.component.jsx b/client/src/components/shop-info/shop-info.rbac.component.jsx
index 9ea247662..c0377cc17 100644
--- a/client/src/components/shop-info/shop-info.rbac.component.jsx
+++ b/client/src/components/shop-info/shop-info.rbac.component.jsx
@@ -435,6 +435,19 @@ export function ShopInfoRbacComponent({ bodyshop }) {
           >
             <InputNumber />
           </Form.Item>,
+          <Form.Item
+            key="jobs:manual-line"
+            label={t("bodyshop.fields.rbac.jobs.manual-line")}
+            rules={[
+              {
+                required: true
+                //message: t("general.validation.required"),
+              }
+            ]}
+            name={["md_rbac", "jobs:manual-line"]}
+          >
+            <InputNumber />
+          </Form.Item>,
           <Form.Item
             key="jobs:partsqueue"
             label={t("bodyshop.fields.rbac.jobs.partsqueue")}
diff --git a/client/src/translations/en_us/common.json b/client/src/translations/en_us/common.json
index 02e952d61..667056efd 100644
--- a/client/src/translations/en_us/common.json
+++ b/client/src/translations/en_us/common.json
@@ -519,6 +519,7 @@
             "list-active": "Jobs -> List Active",
             "list-all": "Jobs -> List All",
             "list-ready": "Jobs -> List Ready",
+            "manual-line": "Jobs -> Manual Line",
             "partsqueue": "Jobs -> Parts Queue",
             "void": "Jobs -> Void"
           },
diff --git a/client/src/translations/es/common.json b/client/src/translations/es/common.json
index f10585f6f..3745e662c 100644
--- a/client/src/translations/es/common.json
+++ b/client/src/translations/es/common.json
@@ -519,6 +519,7 @@
             "list-active": "",
             "list-all": "",
             "list-ready": "",
+            "manual-line": "",
             "partsqueue": "",
             "void": ""
           },
diff --git a/client/src/translations/fr/common.json b/client/src/translations/fr/common.json
index 4f7edc58d..36c858bc3 100644
--- a/client/src/translations/fr/common.json
+++ b/client/src/translations/fr/common.json
@@ -519,6 +519,7 @@
             "list-active": "",
             "list-all": "",
             "list-ready": "",
+            "manual-line": "",
             "partsqueue": "",
             "void": ""
           },