Release Notes

v0.7.590

Multi-location support, UX consistency, and permission hardening

This release delivers full multi-location support for practices with more than one clinic, a wide-ranging UX consistency pass across list pages, detail views, and filters, and significant hardening of role and permission enforcement throughout the admin portal.

Features

  • Multiple locations per practice: practices can now manage more than one clinic location from a single account, each with its own opening hours, staff assignments, services, contact details, and display colour for calendars and lists.
  • Per-location visual identity: each location gets its own display colour and logo mode, making it easy to tell locations apart in schedules, appointment lists, and the client portal.
  • Client default location: every client now has a designated default location, ensuring they always appear in location-filtered views and that appointment bookings are routed correctly.
  • Location address validation: physical locations that are visible to clients must have a complete address before they can be activated, and the form now shows clear required-field markers and inline errors for any missing address details.
  • Staff location assignments: staff members are linked to the locations they work at, and admin data access defaults to those same locations when portal access is first enabled, following the principle of least privilege.
  • Role permission dependencies: selecting a permission in the roles form now automatically selects all permissions it depends on, and the system rejects any permission set that is not fully consistent, preventing accidental misconfiguration.
  • Support access explained: the admin portal now includes a clear explanation of how support access works, including what a support session can and cannot do, so practice owners always know what to expect.
  • Date range picker with calendar: the appointments filter gains a calendar-based date range picker with preset options alongside quick-filter pills for common statuses, making it faster to find the right appointments.
  • Searchable column manager: the column manager in list views now has a search field, so staff can quickly find the right column even in lists with many columns.
  • Consistent appointment status display: appointment statuses are now shown the same way everywhere in the portal — in lists, detail pages, the dashboard, and edit forms — with one unified display per status.
  • Unified detail page layout: all detail pages for appointments, clients, staff, services, and locations now share the same layout, making navigation and finding information feel more consistent.
  • One phone number format: phone numbers are now displayed in the same format everywhere across the portal.

Fixes

  • Staff work email protected when linked: the work email address of a staff member with admin portal access is now shown as read-only, preventing a change that would silently break the link between the staff profile and the admin account.
  • Colour swatches in activity log: colour custom field values now display a colour swatch alongside the hex value in the activity log, making it easier to see what changed at a glance.
  • Role assignment authority checks: role changes are now rejected if the requesting admin does not have authority over both the current and the new role, closing a gap where lower-permission admins could escalate role assignments.
  • Location address form errors: physical locations that are visible to clients now show clear required-field markers and inline validation errors for incomplete addresses, matching the server-side check that was already in place.
  • Staff admin access visible immediately: the admin data access control now appears as soon as portal access is enabled in the staff form, without requiring a save and reload first.

Security and reliability

  • Stronger access boundaries for location data: additional safeguards ensure that admins with access to specific locations cannot view or modify data from locations outside their permitted scope.
  • Role assignment authority checks: the system now verifies that an admin has sufficient authority over both the current and the target role before allowing any role change, preventing unintended privilege escalation.
  • Support access permission caps: read-only support sessions are now consistently enforced across all areas of the admin portal, so a support visit cannot make changes the practice has not authorised.
  • Dependency updates: several security-relevant dependency updates have been applied, keeping the platform's underlying components up to date.