jwed
f5848907f5
* UnifiPageGrant::userCanAccess no longer falls back to "open" when a page has no grants saved. Pages now require an explicit grant for every non-super-admin user — either a direct user grant or via a group they belong to. Matches the new dashboard-wide access model. * Route enforcement returns 404 (was 403) so ungranted users can't even confirm the page exists. * New /settings/pages-access/groups/search endpoint mirrors the user typeahead. Groups are no longer all listed by default — only super-admin groups (locked-on) and groups with at least one existing grant show up in the matrix. Operators add more via search. v1.7.1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>