// Client-side account store + permission helpers. // NOTE: static site — accounts live in this browser's localStorage. Not real server security. const SUPER_ADMIN_EMAIL = 'admin@worshipmanagement.online'; function loadAccounts(){ try{ const r = localStorage.getItem('cwa-accounts'); if(r) return JSON.parse(r); }catch(e){} return null; } // Cache only (no server write) — used when hydrating from the server. function cacheAccounts(a){ try{ localStorage.setItem('cwa-accounts', JSON.stringify(a)); }catch(e){} } // Save: write the local cache AND push to the shared server (if reachable). function saveAccounts(a){ cacheAccounts(a); try{ if(window.ChurchStore) window.ChurchStore.putAccounts(a); }catch(e){} } function initAccounts(password){ const a = { users: [ { email: SUPER_ADMIN_EMAIL, name: 'Main Administrator', role: 'superadmin', password } ] }; saveAccounts(a); return a; } function findUser(a, email){ if(!a) return null; return a.users.find(u => u.email.toLowerCase() === String(email||'').trim().toLowerCase()); } function verifyLogin(a, email, password){ const u = findUser(a, email); return (u && u.password === password) ? u : null; } function isAdminRole(role){ return role === 'admin' || role === 'superadmin'; } function roleLabel(role){ return role === 'superadmin' ? 'Main Admin' : role === 'admin' ? 'Admin' : 'User'; } // session function loadSession(accounts){ const email = localStorage.getItem('cwa-session'); return email ? findUser(accounts, email) : null; } function setSession(email){ if(email) localStorage.setItem('cwa-session', email); else localStorage.removeItem('cwa-session'); } Object.assign(window, { SUPER_ADMIN_EMAIL, loadAccounts, saveAccounts, cacheAccounts, initAccounts, findUser, verifyLogin, isAdminRole, roleLabel, loadSession, setSession });