@open-mercato/core 0.6.4-develop.3996.1.430e257cfc → 0.6.4-develop.4011.1.4f3ed9ae3e

package/dist/modules/sales/setup.js

@@ -42,6 +42,8 @@ const setup = {
   defaultRoleFeatures: {
     admin: ["sales.*", "sales.documents.number.edit"],
     employee: [
+      "sales.channels.view",
+      "sales.settings.view",
       "sales.orders.view",
       "sales.orders.manage",
       "sales.orders.approve",

package/dist/modules/sales/setup.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/modules/sales/setup.ts"],
-  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\nimport { SalesSettings, SalesDocumentSequence, SalesTaxRate } from './data/entities'\nimport { DEFAULT_ORDER_NUMBER_FORMAT, DEFAULT_QUOTE_NUMBER_FORMAT } from './lib/documentNumberTokens'\nimport { seedSalesStatusDictionaries, seedSalesAdjustmentKinds } from './lib/dictionaries'\nimport { ensureExampleShippingMethods, ensureExamplePaymentMethods } from './seed/examples-data'\nimport { seedSalesExamples } from './seed/examples'\n\ntype SeedScope = { tenantId: string; organizationId: string }\n\nconst DEFAULT_TAX_RATES = [\n  { code: 'vat-23', name: '23% VAT', rate: '23' },\n  { code: 'vat-0', name: '0% VAT', rate: '0' },\n] as const\n\nasync function seedSalesTaxRates(em: EntityManager, scope: SeedScope): Promise<void> {\n  await em.transactional(async (tem) => {\n    const existing = await tem.find(SalesTaxRate, {\n      tenantId: scope.tenantId,\n      organizationId: scope.organizationId,\n      deletedAt: null,\n    })\n    const existingCodes = new Set(existing.map((rate) => rate.code))\n    const hasDefault = existing.some((rate) => rate.isDefault)\n    const now = new Date()\n    let isFirst = !hasDefault\n\n    for (const seed of DEFAULT_TAX_RATES) {\n      if (existingCodes.has(seed.code)) continue\n      tem.persist(\n        tem.create(SalesTaxRate, {\n          tenantId: scope.tenantId,\n          organizationId: scope.organizationId,\n          code: seed.code,\n          name: seed.name,\n          rate: seed.rate,\n          priority: 0,\n          isCompound: false,\n          isDefault: isFirst,\n          createdAt: now,\n          updatedAt: now,\n        })\n      )\n      isFirst = false\n    }\n  })\n}\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    admin: ['sales.*', 'sales.documents.number.edit'],\n    employee: [\n      'sales.orders.view',\n      'sales.orders.manage',\n      'sales.orders.approve',\n      'sales.widgets.new-orders',\n      'sales.widgets.new-quotes',\n      'sales.quotes.view',\n      'sales.quotes.manage',\n      'sales.shipments.manage',\n      'sales.payments.manage',\n      'sales.returns.view',\n      'sales.returns.create',\n      'sales.invoices.manage',\n      'sales.credit_memos.manage',\n    ],\n  },\n\n  async onTenantCreated({ em, tenantId, organizationId }) {\n    const exists = await em.findOne(SalesSettings, { tenantId, organizationId })\n    if (!exists) {\n      em.persist(\n        em.create(SalesSettings, {\n          tenantId,\n          organizationId,\n          orderNumberFormat: DEFAULT_ORDER_NUMBER_FORMAT,\n          quoteNumberFormat: DEFAULT_QUOTE_NUMBER_FORMAT,\n          createdAt: new Date(),\n          updatedAt: new Date(),\n        })\n      )\n    }\n\n    for (const kind of ['order', 'quote', 'return', 'invoice', 'credit_memo'] as const) {\n      const seq = await em.findOne(SalesDocumentSequence, {\n        tenantId,\n        organizationId,\n        documentKind: kind,\n      })\n      if (!seq) {\n        em.persist(\n          em.create(SalesDocumentSequence, {\n            tenantId,\n            organizationId,\n            documentKind: kind,\n            currentValue: 0,\n            createdAt: new Date(),\n            updatedAt: new Date(),\n          })\n        )\n      }\n    }\n\n    await em.flush()\n  },\n\n  async seedDefaults({ em, tenantId, organizationId }) {\n    const scope = { tenantId, organizationId }\n    await seedSalesTaxRates(em, scope)\n    await seedSalesStatusDictionaries(em, scope)\n    await seedSalesAdjustmentKinds(em, scope)\n    await ensureExampleShippingMethods(em, scope)\n    await ensureExamplePaymentMethods(em, scope)\n  },\n\n  async seedExamples({ em, container, tenantId, organizationId }) {\n    const scope = { tenantId, organizationId }\n    await seedSalesExamples(em, container, scope)\n  },\n}\n\nexport default setup\n"],
-  "mappings": "AAEA,SAAS,eAAe,uBAAuB,oBAAoB;AACnE,SAAS,6BAA6B,mCAAmC;AACzE,SAAS,6BAA6B,gCAAgC;AACtE,SAAS,8BAA8B,mCAAmC;AAC1E,SAAS,yBAAyB;AAIlC,MAAM,oBAAoB;AAAA,EACxB,EAAE,MAAM,UAAU,MAAM,WAAW,MAAM,KAAK;AAAA,EAC9C,EAAE,MAAM,SAAS,MAAM,UAAU,MAAM,IAAI;AAC7C;AAEA,eAAe,kBAAkB,IAAmB,OAAiC;AACnF,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAM,WAAW,MAAM,IAAI,KAAK,cAAc;AAAA,MAC5C,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,WAAW;AAAA,IACb,CAAC;AACD,UAAM,gBAAgB,IAAI,IAAI,SAAS,IAAI,CAAC,SAAS,KAAK,IAAI,CAAC;AAC/D,UAAM,aAAa,SAAS,KAAK,CAAC,SAAS,KAAK,SAAS;AACzD,UAAM,MAAM,oBAAI,KAAK;AACrB,QAAI,UAAU,CAAC;AAEf,eAAW,QAAQ,mBAAmB;AACpC,UAAI,cAAc,IAAI,KAAK,IAAI,EAAG;AAClC,UAAI;AAAA,QACF,IAAI,OAAO,cAAc;AAAA,UACvB,UAAU,MAAM;AAAA,UAChB,gBAAgB,MAAM;AAAA,UACtB,MAAM,KAAK;AAAA,UACX,MAAM,KAAK;AAAA,UACX,MAAM,KAAK;AAAA,UACX,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX,WAAW;AAAA,UACX,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AACA,gBAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACH;AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO,CAAC,WAAW,6BAA6B;AAAA,IAChD,UAAU;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,EAAE,IAAI,UAAU,eAAe,GAAG;AACtD,UAAM,SAAS,MAAM,GAAG,QAAQ,eAAe,EAAE,UAAU,eAAe,CAAC;AAC3E,QAAI,CAAC,QAAQ;AACX,SAAG;AAAA,QACD,GAAG,OAAO,eAAe;AAAA,UACvB;AAAA,UACA;AAAA,UACA,mBAAmB;AAAA,UACnB,mBAAmB;AAAA,UACnB,WAAW,oBAAI,KAAK;AAAA,UACpB,WAAW,oBAAI,KAAK;AAAA,QACtB,CAAC;AAAA,MACH;AAAA,IACF;AAEA,eAAW,QAAQ,CAAC,SAAS,SAAS,UAAU,WAAW,aAAa,GAAY;AAClF,YAAM,MAAM,MAAM,GAAG,QAAQ,uBAAuB;AAAA,QAClD;AAAA,QACA;AAAA,QACA,cAAc;AAAA,MAChB,CAAC;AACD,UAAI,CAAC,KAAK;AACR,WAAG;AAAA,UACD,GAAG,OAAO,uBAAuB;AAAA,YAC/B;AAAA,YACA;AAAA,YACA,cAAc;AAAA,YACd,cAAc;AAAA,YACd,WAAW,oBAAI,KAAK;AAAA,YACpB,WAAW,oBAAI,KAAK;AAAA,UACtB,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAEA,UAAM,GAAG,MAAM;AAAA,EACjB;AAAA,EAEA,MAAM,aAAa,EAAE,IAAI,UAAU,eAAe,GAAG;AACnD,UAAM,QAAQ,EAAE,UAAU,eAAe;AACzC,UAAM,kBAAkB,IAAI,KAAK;AACjC,UAAM,4BAA4B,IAAI,KAAK;AAC3C,UAAM,yBAAyB,IAAI,KAAK;AACxC,UAAM,6BAA6B,IAAI,KAAK;AAC5C,UAAM,4BAA4B,IAAI,KAAK;AAAA,EAC7C;AAAA,EAEA,MAAM,aAAa,EAAE,IAAI,WAAW,UAAU,eAAe,GAAG;AAC9D,UAAM,QAAQ,EAAE,UAAU,eAAe;AACzC,UAAM,kBAAkB,IAAI,WAAW,KAAK;AAAA,EAC9C;AACF;AAEA,IAAO,gBAAQ;",
+  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\nimport { SalesSettings, SalesDocumentSequence, SalesTaxRate } from './data/entities'\nimport { DEFAULT_ORDER_NUMBER_FORMAT, DEFAULT_QUOTE_NUMBER_FORMAT } from './lib/documentNumberTokens'\nimport { seedSalesStatusDictionaries, seedSalesAdjustmentKinds } from './lib/dictionaries'\nimport { ensureExampleShippingMethods, ensureExamplePaymentMethods } from './seed/examples-data'\nimport { seedSalesExamples } from './seed/examples'\n\ntype SeedScope = { tenantId: string; organizationId: string }\n\nconst DEFAULT_TAX_RATES = [\n  { code: 'vat-23', name: '23% VAT', rate: '23' },\n  { code: 'vat-0', name: '0% VAT', rate: '0' },\n] as const\n\nasync function seedSalesTaxRates(em: EntityManager, scope: SeedScope): Promise<void> {\n  await em.transactional(async (tem) => {\n    const existing = await tem.find(SalesTaxRate, {\n      tenantId: scope.tenantId,\n      organizationId: scope.organizationId,\n      deletedAt: null,\n    })\n    const existingCodes = new Set(existing.map((rate) => rate.code))\n    const hasDefault = existing.some((rate) => rate.isDefault)\n    const now = new Date()\n    let isFirst = !hasDefault\n\n    for (const seed of DEFAULT_TAX_RATES) {\n      if (existingCodes.has(seed.code)) continue\n      tem.persist(\n        tem.create(SalesTaxRate, {\n          tenantId: scope.tenantId,\n          organizationId: scope.organizationId,\n          code: seed.code,\n          name: seed.name,\n          rate: seed.rate,\n          priority: 0,\n          isCompound: false,\n          isDefault: isFirst,\n          createdAt: now,\n          updatedAt: now,\n        })\n      )\n      isFirst = false\n    }\n  })\n}\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    admin: ['sales.*', 'sales.documents.number.edit'],\n    employee: [\n      'sales.channels.view',\n      'sales.settings.view',\n      'sales.orders.view',\n      'sales.orders.manage',\n      'sales.orders.approve',\n      'sales.widgets.new-orders',\n      'sales.widgets.new-quotes',\n      'sales.quotes.view',\n      'sales.quotes.manage',\n      'sales.shipments.manage',\n      'sales.payments.manage',\n      'sales.returns.view',\n      'sales.returns.create',\n      'sales.invoices.manage',\n      'sales.credit_memos.manage',\n    ],\n  },\n\n  async onTenantCreated({ em, tenantId, organizationId }) {\n    const exists = await em.findOne(SalesSettings, { tenantId, organizationId })\n    if (!exists) {\n      em.persist(\n        em.create(SalesSettings, {\n          tenantId,\n          organizationId,\n          orderNumberFormat: DEFAULT_ORDER_NUMBER_FORMAT,\n          quoteNumberFormat: DEFAULT_QUOTE_NUMBER_FORMAT,\n          createdAt: new Date(),\n          updatedAt: new Date(),\n        })\n      )\n    }\n\n    for (const kind of ['order', 'quote', 'return', 'invoice', 'credit_memo'] as const) {\n      const seq = await em.findOne(SalesDocumentSequence, {\n        tenantId,\n        organizationId,\n        documentKind: kind,\n      })\n      if (!seq) {\n        em.persist(\n          em.create(SalesDocumentSequence, {\n            tenantId,\n            organizationId,\n            documentKind: kind,\n            currentValue: 0,\n            createdAt: new Date(),\n            updatedAt: new Date(),\n          })\n        )\n      }\n    }\n\n    await em.flush()\n  },\n\n  async seedDefaults({ em, tenantId, organizationId }) {\n    const scope = { tenantId, organizationId }\n    await seedSalesTaxRates(em, scope)\n    await seedSalesStatusDictionaries(em, scope)\n    await seedSalesAdjustmentKinds(em, scope)\n    await ensureExampleShippingMethods(em, scope)\n    await ensureExamplePaymentMethods(em, scope)\n  },\n\n  async seedExamples({ em, container, tenantId, organizationId }) {\n    const scope = { tenantId, organizationId }\n    await seedSalesExamples(em, container, scope)\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAEA,SAAS,eAAe,uBAAuB,oBAAoB;AACnE,SAAS,6BAA6B,mCAAmC;AACzE,SAAS,6BAA6B,gCAAgC;AACtE,SAAS,8BAA8B,mCAAmC;AAC1E,SAAS,yBAAyB;AAIlC,MAAM,oBAAoB;AAAA,EACxB,EAAE,MAAM,UAAU,MAAM,WAAW,MAAM,KAAK;AAAA,EAC9C,EAAE,MAAM,SAAS,MAAM,UAAU,MAAM,IAAI;AAC7C;AAEA,eAAe,kBAAkB,IAAmB,OAAiC;AACnF,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAM,WAAW,MAAM,IAAI,KAAK,cAAc;AAAA,MAC5C,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,WAAW;AAAA,IACb,CAAC;AACD,UAAM,gBAAgB,IAAI,IAAI,SAAS,IAAI,CAAC,SAAS,KAAK,IAAI,CAAC;AAC/D,UAAM,aAAa,SAAS,KAAK,CAAC,SAAS,KAAK,SAAS;AACzD,UAAM,MAAM,oBAAI,KAAK;AACrB,QAAI,UAAU,CAAC;AAEf,eAAW,QAAQ,mBAAmB;AACpC,UAAI,cAAc,IAAI,KAAK,IAAI,EAAG;AAClC,UAAI;AAAA,QACF,IAAI,OAAO,cAAc;AAAA,UACvB,UAAU,MAAM;AAAA,UAChB,gBAAgB,MAAM;AAAA,UACtB,MAAM,KAAK;AAAA,UACX,MAAM,KAAK;AAAA,UACX,MAAM,KAAK;AAAA,UACX,UAAU;AAAA,UACV,YAAY;AAAA,UACZ,WAAW;AAAA,UACX,WAAW;AAAA,UACX,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AACA,gBAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACH;AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO,CAAC,WAAW,6BAA6B;AAAA,IAChD,UAAU;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,EAAE,IAAI,UAAU,eAAe,GAAG;AACtD,UAAM,SAAS,MAAM,GAAG,QAAQ,eAAe,EAAE,UAAU,eAAe,CAAC;AAC3E,QAAI,CAAC,QAAQ;AACX,SAAG;AAAA,QACD,GAAG,OAAO,eAAe;AAAA,UACvB;AAAA,UACA;AAAA,UACA,mBAAmB;AAAA,UACnB,mBAAmB;AAAA,UACnB,WAAW,oBAAI,KAAK;AAAA,UACpB,WAAW,oBAAI,KAAK;AAAA,QACtB,CAAC;AAAA,MACH;AAAA,IACF;AAEA,eAAW,QAAQ,CAAC,SAAS,SAAS,UAAU,WAAW,aAAa,GAAY;AAClF,YAAM,MAAM,MAAM,GAAG,QAAQ,uBAAuB;AAAA,QAClD;AAAA,QACA;AAAA,QACA,cAAc;AAAA,MAChB,CAAC;AACD,UAAI,CAAC,KAAK;AACR,WAAG;AAAA,UACD,GAAG,OAAO,uBAAuB;AAAA,YAC/B;AAAA,YACA;AAAA,YACA,cAAc;AAAA,YACd,cAAc;AAAA,YACd,WAAW,oBAAI,KAAK;AAAA,YACpB,WAAW,oBAAI,KAAK;AAAA,UACtB,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAEA,UAAM,GAAG,MAAM;AAAA,EACjB;AAAA,EAEA,MAAM,aAAa,EAAE,IAAI,UAAU,eAAe,GAAG;AACnD,UAAM,QAAQ,EAAE,UAAU,eAAe;AACzC,UAAM,kBAAkB,IAAI,KAAK;AACjC,UAAM,4BAA4B,IAAI,KAAK;AAC3C,UAAM,yBAAyB,IAAI,KAAK;AACxC,UAAM,6BAA6B,IAAI,KAAK;AAC5C,UAAM,4BAA4B,IAAI,KAAK;AAAA,EAC7C;AAAA,EAEA,MAAM,aAAa,EAAE,IAAI,WAAW,UAAU,eAAe,GAAG;AAC9D,UAAM,QAAQ,EAAE,UAAU,eAAe;AACzC,UAAM,kBAAkB,IAAI,WAAW,KAAK;AAAA,EAC9C;AACF;AAEA,IAAO,gBAAQ;",
   "names": []
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@open-mercato/core",
-  "version": "0.6.4-develop.3996.1.430e257cfc",
+  "version": "0.6.4-develop.4011.1.4f3ed9ae3e",
   "type": "module",
   "main": "./dist/index.js",
   "scripts": {
@@ -243,16 +243,16 @@
     "zod": "^4.4.3"
   },
   "peerDependencies": {
-    "@open-mercato/ai-assistant": "0.6.4-develop.3996.1.430e257cfc",
-    "@open-mercato/shared": "0.6.4-develop.3996.1.430e257cfc",
-    "@open-mercato/ui": "0.6.4-develop.3996.1.430e257cfc",
+    "@open-mercato/ai-assistant": "0.6.4-develop.4011.1.4f3ed9ae3e",
+    "@open-mercato/shared": "0.6.4-develop.4011.1.4f3ed9ae3e",
+    "@open-mercato/ui": "0.6.4-develop.4011.1.4f3ed9ae3e",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"
   },
   "devDependencies": {
-    "@open-mercato/ai-assistant": "0.6.4-develop.3996.1.430e257cfc",
-    "@open-mercato/shared": "0.6.4-develop.3996.1.430e257cfc",
-    "@open-mercato/ui": "0.6.4-develop.3996.1.430e257cfc",
+    "@open-mercato/ai-assistant": "0.6.4-develop.4011.1.4f3ed9ae3e",
+    "@open-mercato/shared": "0.6.4-develop.4011.1.4f3ed9ae3e",
+    "@open-mercato/ui": "0.6.4-develop.4011.1.4f3ed9ae3e",
     "@testing-library/dom": "^10.4.1",
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/react": "^16.3.1",

package/src/modules/auth/api/features.ts

@@ -8,15 +8,44 @@ export const metadata = {
   GET: { requireAuth: true, requireFeatures: ['auth.acl.manage'] },
 }
 
+type FeatureItem = {
+  id: string
+  title: string
+  module: string
+  dependsOn?: string[]
+}
+
+function normalizeDependsOn(value: unknown): string[] | undefined {
+  if (!Array.isArray(value)) return undefined
+  const out: string[] = []
+  for (const entry of value) {
+    if (typeof entry !== 'string') continue
+    const trimmed = entry.trim()
+    if (!trimmed) continue
+    out.push(trimmed)
+  }
+  if (out.length === 0) return undefined
+  return Array.from(new Set(out))
+}
+
 export async function GET(req: Request) {
   const auth = await getAuthFromRequest(req)
   if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
   const modules = getModules()
-  const items = (modules || []).flatMap((m: any) =>
-    (m.features || []).map((f: any) => ({ id: String(f.id), title: String(f.title || f.id), module: String(f.module || m.id) }))
+  const items: FeatureItem[] = (modules || []).flatMap((m: any) =>
+    (m.features || []).map((f: any) => {
+      const deps = normalizeDependsOn(f?.dependsOn)
+      const base: FeatureItem = {
+        id: String(f.id),
+        title: String(f.title || f.id),
+        module: String(f.module || m.id),
+      }
+      if (deps) base.dependsOn = deps
+      return base
+    })
   )
-  // Deduplicate by id
-  const byId = new Map<string, { id: string; title: string; module: string }>()
+  // Deduplicate by id (keep first occurrence)
+  const byId = new Map<string, FeatureItem>()
   for (const it of items) if (!byId.has(it.id)) byId.set(it.id, it)
   const list = Array.from(byId.values()).sort((a, b) => a.module.localeCompare(b.module) || a.id.localeCompare(b.id))
 
@@ -35,6 +64,7 @@ const featureItemSchema = z.object({
   id: z.string(),
   title: z.string(),
   module: z.string(),
+  dependsOn: z.array(z.string()).optional(),
 })
 
 const featureModuleSchema = z.object({

package/src/modules/auth/backend/users/[id]/edit/page.tsx

@@ -17,6 +17,7 @@ import { useT } from '@open-mercato/shared/lib/i18n/context'
 import { extractCustomFieldEntries } from '@open-mercato/shared/lib/crud/custom-fields-client'
 import { formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'
 import { UserConsentsPanel } from '@open-mercato/core/modules/auth/components/UserConsentsPanel'
+import { RecordNotFoundState, ErrorMessage } from '@open-mercato/ui/backend/detail'
 import { normalizeDisplayNameInput } from '@open-mercato/core/modules/auth/lib/displayName'
 
 type EditUserFormValues = {
@@ -119,6 +120,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
   const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)
   const [loading, setLoading] = React.useState(true)
   const [error, setError] = React.useState<string | null>(null)
+  const [isNotFound, setIsNotFound] = React.useState(false)
   const [canEditOrgs, setCanEditOrgs] = React.useState(false)
   const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })
   const [customFieldValues, setCustomFieldValues] = React.useState<Record<string, unknown>>({})
@@ -171,6 +173,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
     async function load() {
       setLoading(true)
       setError(null)
+      setIsNotFound(false)
       setCustomFieldValues({})
       try {
         const { ok, result } = await apiCall<UserListResponse>(
@@ -182,7 +185,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
           setActorIsSuperAdmin(Boolean(result?.isSuperAdmin))
           setActorResolved(true)
           if (!item) {
-            setError(tRef.current('auth.users.form.errors.notFound', 'User not found'))
+            setIsNotFound(true)
             setCustomFieldValues({})
             setInitialUser(null)
             setSelectedTenantId(null)
@@ -404,14 +407,33 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
     }
   }, [initialUser, customFieldValues, selectedTenantId])
 
+  if (isNotFound) {
+    return (
+      <Page>
+        <PageBody>
+          <RecordNotFoundState
+            label={t('auth.users.form.errors.notFound', 'User not found')}
+            backHref="/backend/users"
+            backLabel={t('auth.users.form.actions.backToList', 'Back to users')}
+          />
+        </PageBody>
+      </Page>
+    )
+  }
+
+  if (error && !loading) {
+    return (
+      <Page>
+        <PageBody>
+          <ErrorMessage label={error} />
+        </PageBody>
+      </Page>
+    )
+  }
+
   return (
     <Page>
       <PageBody>
-        {error && (
-          <div className="p-4 mb-4 bg-red-50 border border-red-200 rounded text-red-800">
-            {error}
-          </div>
-        )}
         <CrudForm<EditUserFormValues>
           title={t('auth.users.form.title.edit', 'Edit User')}
           backHref="/backend/users"

package/src/modules/auth/components/AclDependencyDiagnosticsPanel.tsx

@@ -0,0 +1,173 @@
+"use client"
+import * as React from 'react'
+import { Button } from '@open-mercato/ui/primitives/button'
+import { Alert } from '@open-mercato/ui/primitives/alert'
+import { useT } from '@open-mercato/shared/lib/i18n/context'
+import {
+  applyAddMissingDependency,
+  applyRemoveDependents,
+  applyRestoreDependency,
+  resolveAclDependencyDiagnostics,
+  type FeatureDescriptor,
+} from '@open-mercato/shared/security/aclDependencies'
+
+export type AclDependencyDiagnosticsPanelProps = {
+  granted: readonly string[]
+  catalog: readonly FeatureDescriptor[]
+  onGrantedChange: (updater: (prev: string[]) => string[]) => void
+  hideUnknownReferences?: boolean
+}
+
+export function AclDependencyDiagnosticsPanel({
+  granted,
+  catalog,
+  onGrantedChange,
+  hideUnknownReferences,
+}: AclDependencyDiagnosticsPanelProps) {
+  const t = useT()
+  const diagnostics = React.useMemo(
+    () => resolveAclDependencyDiagnostics(granted, catalog),
+    [granted, catalog],
+  )
+  const titleById = React.useMemo(() => {
+    const map = new Map<string, string>()
+    for (const entry of catalog) {
+      if (entry?.title && !map.has(entry.id)) map.set(entry.id, entry.title)
+    }
+    return map
+  }, [catalog])
+  const featureLabel = React.useCallback((id: string) => titleById.get(id) ?? id, [titleById])
+
+  const hasMissing = diagnostics.missingDependencies.length > 0
+  const hasOrphaned = diagnostics.orphanedDependents.length > 0
+  const showUnknown = !hideUnknownReferences && diagnostics.unknownReferences.length > 0
+  if (!hasMissing && !hasOrphaned && !showUnknown) return null
+
+  const handleAdd = (dep: string) => onGrantedChange((prev) => applyAddMissingDependency(prev, dep))
+  const handleRestore = (dep: string) => onGrantedChange((prev) => applyRestoreDependency(prev, dep))
+  const handleDropDependents = (dependents: readonly string[]) =>
+    onGrantedChange((prev) => applyRemoveDependents(prev, dependents))
+
+  return (
+    <div className="space-y-3" data-testid="acl-dependency-diagnostics">
+      {hasMissing && (
+        <Alert status="warning" style="lighter">
+          <div className="space-y-2">
+            <div className="text-sm font-medium">
+              {t(
+                'auth.acl.deps.missing.title',
+                'Some granted permissions need other permissions to work:',
+              )}
+            </div>
+            <ul className="space-y-1 text-sm">
+              {diagnostics.missingDependencies.map((row) => (
+                <li
+                  key={row.feature}
+                  className="flex flex-wrap items-center gap-x-2 gap-y-1"
+                  data-testid={`missing-${row.feature}`}
+                >
+                  <span>
+                    {t('auth.acl.deps.missing.item', '"{feature}" needs:', {
+                      feature: featureLabel(row.feature),
+                    })}
+                  </span>
+                  {row.missing.map((dep) => (
+                    <span key={dep} className="inline-flex items-center gap-1">
+                      <span className="font-mono text-xs text-muted-foreground">
+                        {featureLabel(dep)}
+                      </span>
+                      <Button
+                        type="button"
+                        size="sm"
+                        variant="outline"
+                        onClick={() => handleAdd(dep)}
+                        data-testid={`add-missing-${row.feature}-${dep}`}
+                      >
+                        {t('auth.acl.deps.missing.add', 'Add "{dep}"', {
+                          dep: featureLabel(dep),
+                        })}
+                      </Button>
+                    </span>
+                  ))}
+                </li>
+              ))}
+            </ul>
+          </div>
+        </Alert>
+      )}
+
+      {hasOrphaned && (
+        <Alert status="warning" style="lighter">
+          <div className="space-y-2">
+            <div className="text-sm font-medium">
+              {t(
+                'auth.acl.deps.orphaned.title',
+                'Removing a permission that other granted permissions need:',
+              )}
+            </div>
+            <ul className="space-y-1 text-sm">
+              {diagnostics.orphanedDependents.map((row) => (
+                <li
+                  key={row.dependency}
+                  className="flex flex-wrap items-center gap-x-2 gap-y-1"
+                  data-testid={`orphaned-${row.dependency}`}
+                >
+                  <span>
+                    {t('auth.acl.deps.orphaned.item', '"{dependency}" is required by:', {
+                      dependency: featureLabel(row.dependency),
+                    })}
+                  </span>
+                  <span className="font-mono text-xs text-muted-foreground">
+                    {row.dependents
+                      .map((dependent) => featureLabel(dependent))
+                      .join(', ')}
+                  </span>
+                  <Button
+                    type="button"
+                    size="sm"
+                    variant="outline"
+                    onClick={() => handleRestore(row.dependency)}
+                    data-testid={`restore-${row.dependency}`}
+                  >
+                    {t('auth.acl.deps.orphaned.restore', 'Restore "{dependency}"', {
+                      dependency: featureLabel(row.dependency),
+                    })}
+                  </Button>
+                  <Button
+                    type="button"
+                    size="sm"
+                    variant="outline"
+                    onClick={() => handleDropDependents(row.dependents)}
+                    data-testid={`drop-dependents-${row.dependency}`}
+                  >
+                    {t('auth.acl.deps.orphaned.drop', 'Drop dependents')}
+                  </Button>
+                </li>
+              ))}
+            </ul>
+          </div>
+        </Alert>
+      )}
+
+      {showUnknown && (
+        <Alert status="warning" style="lighter">
+          <div className="space-y-1">
+            <div className="text-sm font-medium">
+              {t(
+                'auth.acl.deps.unknown.title',
+                'Some declared dependencies do not match any known permission:',
+              )}
+            </div>
+            <ul className="space-y-1 text-sm font-mono text-xs text-muted-foreground">
+              {diagnostics.unknownReferences.map((row) => (
+                <li key={row.feature} data-testid={`unknown-${row.feature}`}>
+                  {row.feature} → {row.missing.join(', ')}
+                </li>
+              ))}
+            </ul>
+          </div>
+        </Alert>
+      )}
+    </div>
+  )
+}

package/src/modules/auth/components/AclEditor.tsx

@@ -5,6 +5,8 @@ import { apiCall } from '@open-mercato/ui/backend/utils/apiCall'
 import Link from 'next/link'
 import { hasFeature, matchFeature } from '@open-mercato/shared/security/features'
 import { useT } from '@open-mercato/shared/lib/i18n/context'
+import type { FeatureDescriptor } from '@open-mercato/shared/security/aclDependencies'
+import { AclDependencyDiagnosticsPanel } from './AclDependencyDiagnosticsPanel'
 
 function toTitleCase(value: string): string {
   return value.replace(/[-_.]/g, ' ').replace(/\b\w/g, (char) => char.toUpperCase())
@@ -36,7 +38,7 @@ function formatWildcardLabel(moduleId: string, wildcard: string): string {
   return `All ${suffix.split('.').map(toTitleCase).join(' / ')}`
 }
 
-type Feature = { id: string; title: string; module: string }
+type Feature = { id: string; title: string; module: string; dependsOn?: string[] }
 type ModuleInfo = { id: string; title: string }
 type RoleListItem = { id?: string | null; name?: string | null }
 type RoleListResponse = { items?: RoleListItem[] }
@@ -364,9 +366,9 @@ export function AclEditor({
             <div className="rounded border border-blue-200 bg-blue-50 p-3">
               <div className="text-sm font-medium text-blue-900">Global wildcard (*) enabled</div>
               <div className="text-xs text-blue-700 mt-1">This grants access to all features in the system.</div>
-              <Button 
-                variant="outline" 
-                size="sm" 
+              <Button
+                variant="outline"
+                size="sm"
                 className="mt-2"
                 onClick={() => updateGranted((prev) => prev.filter((x) => x !== '*'))}
               >
@@ -374,6 +376,14 @@ export function AclEditor({
               </Button>
             </div>
           )}
+          {!hasGlobalWildcard && (
+            <AclDependencyDiagnosticsPanel
+              granted={granted}
+              catalog={features as readonly FeatureDescriptor[]}
+              onGrantedChange={updateGranted}
+              hideUnknownReferences={process.env.NODE_ENV === 'production'}
+            />
+          )}
           <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
             {grouped.map((group) => {
               const moduleWildcard = isModuleWildcardEnabled(group.moduleId)

package/src/modules/auth/i18n/de.json

@@ -4,6 +4,14 @@
   "auth.accessDenied.message": "Du hast keine Berechtigung, diese Seite anzuzeigen. Bitte wende dich an deinen Administrator.",
   "auth.accessDenied.title": "Zugriff verweigert",
   "auth.acl.allowAllOrganizations": "Alle Organisationen zulassen",
+  "auth.acl.deps.missing.add": "\"{dep}\" hinzufügen",
+  "auth.acl.deps.missing.item": "\"{feature}\" benötigt:",
+  "auth.acl.deps.missing.title": "Einige gewährte Berechtigungen benötigen weitere Berechtigungen, um zu funktionieren:",
+  "auth.acl.deps.orphaned.drop": "Abhängige entfernen",
+  "auth.acl.deps.orphaned.item": "\"{dependency}\" wird benötigt von:",
+  "auth.acl.deps.orphaned.restore": "\"{dependency}\" wiederherstellen",
+  "auth.acl.deps.orphaned.title": "Entfernung einer Berechtigung, die andere gewährte Berechtigungen benötigen:",
+  "auth.acl.deps.unknown.title": "Einige deklarierte Abhängigkeiten passen zu keiner bekannten Berechtigung:",
   "auth.acl.organizationWarning": "Organisationseinschränkungen werden nur gespeichert, wenn mindestens eine Berechtigungsüberschreibung ausgewählt ist. Füge eine Berechtigung hinzu oder aktiviere einen Modul-Wildcard vor dem Speichern.",
   "auth.acl.organizationsScope": "Organisationsbereich",
   "auth.acl.restricted": "Eingeschränkt",
@@ -164,6 +172,7 @@
   "auth.users.form.action.resendInvite": "Einladung erneut senden",
   "auth.users.form.action.resendingInvite": "Wird gesendet...",
   "auth.users.form.action.save": "Speichern",
+  "auth.users.form.actions.backToList": "Zurück zu Benutzern",
   "auth.users.form.errors.aclUpdate": "Aktualisierung der Benutzerberechtigungen fehlgeschlagen",
   "auth.users.form.errors.delete": "Benutzer konnte nicht gelöscht werden",
   "auth.users.form.errors.inviteResend": "Einladungs-E-Mail konnte nicht gesendet werden",

package/src/modules/auth/i18n/en.json

@@ -4,6 +4,14 @@
   "auth.accessDenied.message": "You do not have permission to view this page. Please contact your administrator.",
   "auth.accessDenied.title": "Access Denied",
   "auth.acl.allowAllOrganizations": "Allow all organizations",
+  "auth.acl.deps.missing.add": "Add \"{dep}\"",
+  "auth.acl.deps.missing.item": "\"{feature}\" needs:",
+  "auth.acl.deps.missing.title": "Some granted permissions need other permissions to work:",
+  "auth.acl.deps.orphaned.drop": "Drop dependents",
+  "auth.acl.deps.orphaned.item": "\"{dependency}\" is required by:",
+  "auth.acl.deps.orphaned.restore": "Restore \"{dependency}\"",
+  "auth.acl.deps.orphaned.title": "Removing a permission that other granted permissions need:",
+  "auth.acl.deps.unknown.title": "Some declared dependencies do not match any known permission:",
   "auth.acl.organizationWarning": "Organization restrictions are saved only when at least one feature override is selected. Add a feature or enable a module wildcard before saving.",
   "auth.acl.organizationsScope": "Organizations scope",
   "auth.acl.restricted": "Restricted",
@@ -164,6 +172,7 @@
   "auth.users.form.action.resendInvite": "Resend Invite",
   "auth.users.form.action.resendingInvite": "Sending...",
   "auth.users.form.action.save": "Save",
+  "auth.users.form.actions.backToList": "Back to users",
   "auth.users.form.errors.aclUpdate": "Failed to update user access control",
   "auth.users.form.errors.delete": "Failed to delete user",
   "auth.users.form.errors.inviteResend": "Failed to send invitation email",

package/src/modules/auth/i18n/es.json

@@ -4,6 +4,14 @@
   "auth.accessDenied.message": "No tienes permiso para ver esta página. Por favor, contacta con tu administrador.",
   "auth.accessDenied.title": "Acceso denegado",
   "auth.acl.allowAllOrganizations": "Permitir todas las organizaciones",
+  "auth.acl.deps.missing.add": "Agregar \"{dep}\"",
+  "auth.acl.deps.missing.item": "\"{feature}\" necesita:",
+  "auth.acl.deps.missing.title": "Algunos permisos otorgados necesitan otros permisos para funcionar:",
+  "auth.acl.deps.orphaned.drop": "Eliminar dependientes",
+  "auth.acl.deps.orphaned.item": "\"{dependency}\" es requerido por:",
+  "auth.acl.deps.orphaned.restore": "Restaurar \"{dependency}\"",
+  "auth.acl.deps.orphaned.title": "Eliminando un permiso que otros permisos otorgados necesitan:",
+  "auth.acl.deps.unknown.title": "Algunas dependencias declaradas no coinciden con ningún permiso conocido:",
   "auth.acl.organizationWarning": "Las restricciones de organización se guardan solo cuando se selecciona al menos una anulación de función. Agrega una función o habilita un comodín de módulo antes de guardar.",
   "auth.acl.organizationsScope": "Alcance de organizaciones",
   "auth.acl.restricted": "Restringido",
@@ -164,6 +172,7 @@
   "auth.users.form.action.resendInvite": "Reenviar invitación",
   "auth.users.form.action.resendingInvite": "Enviando...",
   "auth.users.form.action.save": "Guardar",
+  "auth.users.form.actions.backToList": "Volver a usuarios",
   "auth.users.form.errors.aclUpdate": "No se pudo actualizar el control de acceso del usuario",
   "auth.users.form.errors.delete": "No se pudo eliminar el usuario",
   "auth.users.form.errors.inviteResend": "No se pudo enviar el correo de invitación",

package/src/modules/auth/i18n/pl.json

@@ -4,6 +4,14 @@
   "auth.accessDenied.message": "Nie masz uprawnień do wyświetlenia tej strony. Skontaktuj się z administratorem.",
   "auth.accessDenied.title": "Brak dostępu",
   "auth.acl.allowAllOrganizations": "Zezwól na wszystkie organizacje",
+  "auth.acl.deps.missing.add": "Dodaj \"{dep}\"",
+  "auth.acl.deps.missing.item": "\"{feature}\" wymaga:",
+  "auth.acl.deps.missing.title": "Niektóre przyznane uprawnienia wymagają innych uprawnień do działania:",
+  "auth.acl.deps.orphaned.drop": "Usuń zależne",
+  "auth.acl.deps.orphaned.item": "\"{dependency}\" jest wymagane przez:",
+  "auth.acl.deps.orphaned.restore": "Przywróć \"{dependency}\"",
+  "auth.acl.deps.orphaned.title": "Usuwasz uprawnienie wymagane przez inne przyznane uprawnienia:",
+  "auth.acl.deps.unknown.title": "Niektóre zadeklarowane zależności nie pasują do żadnego znanego uprawnienia:",
   "auth.acl.organizationWarning": "Ograniczenia organizacyjne są zapisywane tylko wtedy, gdy wybrano co najmniej jedno nadpisanie uprawnień. Dodaj uprawnienie lub włącz wildcard modułu przed zapisaniem.",
   "auth.acl.organizationsScope": "Zakres organizacji",
   "auth.acl.restricted": "Ograniczone",
@@ -164,6 +172,7 @@
   "auth.users.form.action.resendInvite": "Wyślij zaproszenie ponownie",
   "auth.users.form.action.resendingInvite": "Wysyłanie...",
   "auth.users.form.action.save": "Zapisz",
+  "auth.users.form.actions.backToList": "Powrót do listy użytkowników",
   "auth.users.form.errors.aclUpdate": "Nie udało się zaktualizować uprawnień użytkownika",
   "auth.users.form.errors.delete": "Nie udało się usunąć użytkownika",
   "auth.users.form.errors.inviteResend": "Nie udało się wysłać e-maila z zaproszeniem",

package/src/modules/catalog/acl.ts

@@ -1,10 +1,35 @@
 export const features = [
-  { id: 'catalog.products.view', title: 'View catalog products', module: 'catalog' },
-  { id: 'catalog.products.manage', title: 'Manage catalog products', module: 'catalog' },
+  {
+    id: 'catalog.products.view',
+    title: 'View catalog products',
+    module: 'catalog',
+    dependsOn: ['currencies.view', 'dictionaries.view'],
+  },
+  {
+    id: 'catalog.products.manage',
+    title: 'Manage catalog products',
+    module: 'catalog',
+    dependsOn: ['catalog.products.view'],
+  },
   { id: 'catalog.categories.view', title: 'View catalog categories', module: 'catalog' },
-  { id: 'catalog.categories.manage', title: 'Manage catalog categories', module: 'catalog' },
-  { id: 'catalog.variants.manage', title: 'Manage catalog variants', module: 'catalog' },
-  { id: 'catalog.pricing.manage', title: 'Manage catalog pricing', module: 'catalog' },
+  {
+    id: 'catalog.categories.manage',
+    title: 'Manage catalog categories',
+    module: 'catalog',
+    dependsOn: ['catalog.categories.view'],
+  },
+  {
+    id: 'catalog.variants.manage',
+    title: 'Manage catalog variants',
+    module: 'catalog',
+    dependsOn: ['catalog.products.view'],
+  },
+  {
+    id: 'catalog.pricing.manage',
+    title: 'Manage catalog pricing',
+    module: 'catalog',
+    dependsOn: ['catalog.products.view', 'currencies.view'],
+  },
   { id: 'catalog.settings.manage', title: 'Manage catalog settings', module: 'catalog' },
 ]
 

package/src/modules/catalog/backend/catalog/products/[id]/page.tsx

@@ -4,7 +4,7 @@ import * as React from "react";
 import Link from "next/link";
 import dynamic from "next/dynamic";
 import { Page, PageBody } from "@open-mercato/ui/backend/Page";
-import { ErrorMessage } from "@open-mercato/ui/backend/detail";
+import { ErrorMessage, RecordNotFoundState } from "@open-mercato/ui/backend/detail";
 import {
   CrudForm,
   type CrudFormGroup,
@@ -327,6 +327,7 @@ export default function EditCatalogProductPage({
     React.useState<Partial<ProductFormValues> | null>(null);
   const [loading, setLoading] = React.useState(true);
   const [error, setError] = React.useState<string | null>(null);
+  const [isNotFound, setIsNotFound] = React.useState(false);
   const offerSnapshotsRef = React.useRef<OfferSnapshot[]>([]);
   const initialConversionsRef = React.useRef<ProductUnitConversionDraft[]>([]);
   const [categorizeOptions, setCategorizeOptions] = React.useState<{
@@ -552,6 +553,7 @@ export default function EditCatalogProductPage({
     async function loadProduct() {
       setLoading(true);
       setError(null);
+      setIsNotFound(false);
       try {
         const productRes = await apiCall<ProductResponse>(
           `/api/catalog/products?id=${encodeURIComponent(productId!)}&page=1&pageSize=1&withDeleted=false`,
@@ -567,10 +569,10 @@ export default function EditCatalogProductPage({
         const record = Array.isArray(productRes.result?.items)
           ? productRes.result?.items?.[0]
           : undefined;
-        if (!record)
-          throw new Error(
-            t("catalog.products.edit.errors.notFound", "Product not found."),
-          );
+        if (!record) {
+          if (!cancelled) setIsNotFound(true);
+          return;
+        }
         const rawMetadata = isRecord(record.metadata)
           ? (record.metadata as Record<string, unknown>)
           : null;
@@ -1341,6 +1343,20 @@ export default function EditCatalogProductPage({
     );
   }
 
+  if (isNotFound && !loading) {
+    return (
+      <Page>
+        <PageBody>
+          <RecordNotFoundState
+            label={t("catalog.products.edit.errors.notFound", "Product not found.")}
+            backHref="/backend/catalog/products"
+            backLabel={t("catalog.products.edit.actions.backToList", "Back to products")}
+          />
+        </PageBody>
+      </Page>
+    );
+  }
+
   if (error && !loading) {
     return (
       <Page>