Frontend:
- Super users now see a "Revoke" button (disabled when last super user)
alongside the ★ badge on super-user rows in the Staff table.
Non-super-user rows show the existing "+ Grant" button.
Backend (race condition fix):
- PATCH /api/staff/:id (isSuperUser=false or active=false): count check +
update now wrapped in a db.transaction() with FOR UPDATE lock on the
target row, preventing a race where two concurrent revokes could both
pass the guard and leave zero super users.
- DELETE /api/staff/🆔 same transaction + FOR UPDATE guard applied.
GRO-206 CTO review feedback
Co-Authored-By: Paperclip <noreply@paperclip.ing>
groombook-ci[bot]
c76a37b15c