# Tasks: Add Open Room Access

## Phase 1: Backend - Room Visibility & Self-Join

### 1.1 Modify room listing to show all rooms
- [x] Update `room_service.list_user_rooms()` to return all rooms for authenticated users
- [x] Add `is_member` and `current_user_role` fields to room response
- [x] Add `my_rooms` query parameter filter
- [x] Update room list schema to include new fields
- [x] Write unit tests for modified listing behavior

### 1.2 Implement self-join endpoint
- [x] Create `POST /api/rooms/{room_id}/join` endpoint
- [x] Add validation for already-member case (return 409)
- [x] Add validation for archived room case (return 400)
- [x] Create membership with role="viewer" and added_by=self
- [x] Update room member_count on join
- [x] Write integration tests for self-join

### 1.3 Modify role change permissions for editors
- [x] Update `membership_service.check_user_permission()` for role changes
- [x] Allow EDITOR to upgrade VIEWER → EDITOR
- [x] Deny EDITOR from downgrading (editor→viewer) or removing members
- [x] Deny EDITOR from setting owner role
- [x] Write unit tests for permission matrix changes

### 1.4 Implement user search endpoint
- [x] Create `GET /api/users/search` endpoint
- [x] Query users table by display_name and user_id (email)
- [x] Return max 20 results
- [x] Require minimum query length
- [x] Write tests for search functionality

## Phase 2: Frontend - Login & Room List

### 2.1 Add password visibility toggle to login
- [x] Add eye/eye-slash toggle button to password field
- [x] Toggle input type between "password" and "text"
- [x] Update button icon based on visibility state
- [x] Ensure toggle works with keyboard accessibility

### 2.2 Update room list for all-rooms view
- [x] Fetch all rooms (remove member-only filter default)
- [x] Display "Member" badge for member rooms
- [x] Display "Join" button for non-member rooms
- [x] Add "My Rooms Only" filter toggle
- [x] Handle join action with optimistic update

### 2.3 Create room join preview for non-members
- [x] Create restricted view for non-member room access
- [x] Show room metadata but not content
- [x] Display prominent "Join Room" button
- [x] Handle join with success toast and page reload

## Phase 3: Frontend - Member Management

### 3.1 Add user search to member management
- [x] Create searchable user input component
- [x] Implement debounced search (300ms)
- [x] Display search results with name and email
- [x] Handle empty results state
- [x] Wire up to `GET /api/users/search`

### 3.2 Update member role change UI for editors
- [x] Show "Upgrade to Editor" for viewers (when current user is editor)
- [x] Hide remove option for editors
- [x] Hide downgrade options for editors
- [x] Keep full controls visible for owners

## Phase 4: Testing & Validation

### 4.1 Backend integration tests
- [x] Test room listing shows all rooms
- [x] Test self-join creates viewer membership
- [x] Test editor can upgrade but not downgrade
- [x] Test user search returns correct results

### 4.2 Frontend E2E tests
- [x] Test password visibility toggle
- [x] Test room list shows join buttons
- [x] Test self-join flow
- [x] Test member search and add flow
- [x] Test editor role limitations

## Validation Checklist
- [x] Run `openspec validate add-open-room-access --strict`
- [x] All existing tests pass
- [x] New tests cover all scenarios
- [x] Manual testing of full user flow