users.py:69 — register (full write)users.py:271 — set_user_status (status + ts)admin-approvals.html:433 — updateDoc status (legacy client-side)dashboard.html:562 — own profile, status gateadmin-approvals.html:335 — list practitioners (role+created_at)family.html:524 — read practitioner profile by idusers.py:241 — read in set_user_statusauth_verification.py:86 — read for full_namefamily_group_id claim.new-client.html:748 — addDoc on client createclient.html:882,913,922 — updateDoc (flags, etc.)dashboard.html:872 — list by practitioner_idclient.html:698, crisis-card.html:411, family.html:402, intake.html:454, care-plan.html:328, medications.html:353 — getDoc by idfamily_group_id.new-client.html:773 — addDoc on client createclient.html:865 — updateDoc parent detailsclient.html:699, crisis-card.html:412, family.html:403 — list by family_group_idrouters/parents.py CRUD — correct schema, no client callerfamily_group_id.medications.html:451 — addDocclient.html:700, crisis-card.html:413, family.html:404 — list by family_group_idmedications.html:354 — list by family_group_id orderBy created_at descfamily_group_id.client.html:960 — addDoc (direct Firestore)client.html:701 — list by family_group_id orderBy created_at descfamily_group_id.care-plan.html:447,456 — setDoc (merge)intake.html:563 — setDoc (merge from intake)care-plan.html:329 — getDoc by family idfamily.html:405 — getDoc by family idfamily_group_id.intake.html:575,591 — setDoc (merge)family_group_id.crisis-card.html:500 — setDoc (merge)crisis-card.html:414 — getDoc by family idfamily.html:549 — addDoc (family member side)family_groups.py invite — Admin SDK writefamily_groups.py revoke — Admin SDK updateauth_verification.py accept_invite — Admin SDK status updateauth_verification.py accept_invite — lookup by invited_email + statusclient.html postCareUpdate — addDoc (direct Firestore)client.html renderCareUpdates — list ordered by posted_at descfamily.html renderCareUpdates — list ordered by posted_at descauth_verification.py:98,120,138 — set / delete / get (Admin SDK)waitlist.html — public create (field-shape constrained)waitlist.html:337 — admin-only list orderBy joinedAt descscripts/set-claims.mjs — manual CLIscripts/set-admin.js — alternate manual scriptlogin.html:268 — redirect to /index.html (admin home)dashboard.html:549,554 — gate access; admins skip status checkadmin-approvals.html:309 — required to view pagecare-plan.html:312, intake.html:447, crisis-card.html:396, medications.html:337, new-client.html:651, client.html:681 — allowed alongside practitionerfamily.html:365 — redirected away to dashboardpending_activation); re-set / cleared on approve / reject.users.py:58 — set on /users/register (immediately; status = pending)users.py:254 — re-set on approve → activeusers.py:260 — cleared (set to {}) on rejectlogin.html:271 — redirect to /dashboard.htmldashboard.html:549 — required to view pagecare-plan.html:312, intake.html:447, crisis-card.html:396, medications.html:337, new-client.html:651, client.html:681family.html:365 — redirected away to dashboardisPractitioner() — /family_groups create ruleusers.py calls revoke_refresh_tokens(uid) on rejection and on re-approval, forcing re-auth.family.html.auth_verification.py accept_invite — set on first invite acceptance; remains set even if all groups later revokedlogin.html:273 — redirect to /family.htmlcrisis-card.html:396, medications.html:337, care-plan.html:312 — allowed alongside practitioner/adminfamily.html:368 — required (else show waiting state)family_group_id.auth_verification.py accept_invite — appends new group id (dedup)family_groups.py revoke — removes a group id; revokes refresh tokensfamily.html — populates group switcher (fallback to legacy singular for pre-migration accounts)inFamilyGroups(groupId) helper — /family_groups read, canAccessFamilyData (parents, medications, care_plans, crisis_info), family_messages readgcm · elder_law · social_work · financial.users.py:60,256 — set alongside practitioner claimTrue for all registrations.users.py:61,257 — defaults to True