tweaks

backend/app/core/access.py

@@ -51,6 +51,8 @@ _PERMISSION_TO_MODULE_LEVEL: dict[str, tuple[str, str]] = {
     "edit_products": ("products", "edit"),
     "view_mixes": ("mix_master", "view"),
     "edit_mixes": ("mix_master", "edit"),
+    "view_throughput": ("operations_throughput", "view"),
+    "edit_throughput": ("operations_throughput", "edit"),
     # Admin-only permissions (view_users, manage_users, manage_permissions,
     # view_settings, edit_settings) are intentionally excluded — they don't
     # correspond to any of the legacy module keys and remain accessible only

backend/app/core/config.py

@@ -1,5 +1,10 @@
 import os
 from dataclasses import dataclass
+from pathlib import Path
+
+
+DEFAULT_SQLITE_PATH = (Path(__file__).resolve().parents[2] / "data_entry_app.db").as_posix()
+DEFAULT_DATABASE_URL = f"sqlite:///{DEFAULT_SQLITE_PATH}"
 
 
 DEFAULT_CORS_ALLOW_ORIGIN_REGEX = (
@@ -63,7 +68,10 @@ class Settings:
             port=int(os.getenv("PORT", "8000")),
             log_level=os.getenv("LOG_LEVEL", "DEBUG" if os.getenv("LOG_VERBOSE") in {"1", "true", "TRUE", "yes", "on"} else "INFO"),
             log_verbose=_env_flag("LOG_VERBOSE"),
-            database_url=os.getenv("DATABASE_URL", "sqlite:///./data_entry_app.db"),
+            # Keep the default SQLite location stable regardless of the current
+            # working directory so local dev does not silently fork data into
+            # multiple `data_entry_app.db` files.
+            database_url=os.getenv("DATABASE_URL", DEFAULT_DATABASE_URL),
             client_name=os.getenv("CLIENT_NAME", "Hunter Premium Produce"),
             client_email=os.getenv("CLIENT_EMAIL", "operator@example.com"),
             client_password=os.getenv("CLIENT_PASSWORD", "changeme"),