Download Permissions, Robust Bulk-ZIP Handling, and Mail UI Polish (QA)

This release promotes three frontend improvements into the QA environment: download actions are now consistently gated behind the file-download permission across every mail, document, and batch screen; large bulk-ZIP downloads handle background processing and failures far more gracefully; and the pickup-charge rate form plus the vendor upload-activity task list received usability and responsiveness fixes.

Several issues had accumulated on the dev branch. Download and bulk-download buttons appeared even for users who lacked download permission, creating dead-end clicks and an inconsistent experience. Large bulk-ZIP requests could return a background-job response or an error embedded in a binary download, which the previous code did not parse, leading to unclear or generic failure messages. The pickup-charge rate dialog cramped its labels and fields on smaller screens, and the vendor upload-activity task list buried its row actions inside a dropdown menu.

• Users only see Download and Bulk Download controls when they actually have download permission; file-name cells render as plain text otherwise, removing confusing dead clicks.
• Bulk downloads of large selections behave predictably: async background jobs are tracked, server-suggested file names are honored, and permission/not-found/too-large failures show clear, specific messages instead of a generic error.
• The pickup-charge rate form is readable and usable on small and large screens, with clearly grouped Scope, Rate, and Schedule sections.
• Vendor upload-activity tasks expose view, retry, re-upload, and export as direct icon buttons, matching the Files tab and reducing clicks.

Batch promotion of dev into qa. Notable included changes:

• #1063 — Pickup charge modal responsiveness: PickupChargeFormDialog restructured into labeled fieldset/legend groups (Scope, Rate, Schedule) with minmax(0,1fr) grid columns, min-w-0 overflow containment, dvh-based sizing, and full-width footer buttons on mobile. The shared AsyncSelect/UploadCenterAsyncSelect trigger now truncates long labels and sizes its popover to the trigger width.
• #1064 — Async bulk ZIP + permission gating: download.services.ts reworked to call the .../zip/server endpoints, parse error payloads out of blob responses, extract filenames from Content-Disposition, and preserve 401s for the session-expiry interceptor (validateStatus). A new utils/download-error.utils.ts centralizes status/message extraction and product-approved copy for 403/404/selection-too-large cases; the bulk-progress hook now treats 403/404 poll errors as terminal failures. Inbox select-all is resolved to explicit IDs matching the visible grid filters. Every Download/Bulk Download button across mail, document, batch, inbox, and resolution-center surfaces is wrapped in hasPermission(PERMISSIONS.FILE_OPERATIONS.DOWNLOAD_FILES), with file-name grid cells degrading to non-clickable text without it.
• #1065 — Upload activity task actions: vendor TasksTab dropdown menu replaced by a new TaskRowActions component rendering view/retry/re-upload/export as direct icon buttons with tooltips (net code reduction in TasksTab).

Moderate. The permission gating touches many shared surfaces, so a misconfigured permission could unexpectedly hide download controls for a legitimate user; the download-service rewrite changes endpoint paths (/zip/server) and error-handling flow, which could affect both sync and async download paths. Mitigation: changes are frontend-only with no source edits made during promotion, are landing in QA first for verification, and the new download error utility falls back to a safe generic message for unrecognized payloads.

• Verify Download and Bulk Download controls appear only for users with the file-download permission, and that file-name cells are plain (non-clickable) text without it, across inbox, mail/document details, batches, and resolution center.
• Trigger small (sync) and large (async background-job) bulk ZIP downloads; confirm progress tracking, correct downloaded file name, and successful completion.
• Force 403, 404, and oversized-selection download failures and confirm the specific user-facing messages appear (not a generic error), and that a 401 still triggers the session-expiry flow.
• Confirm Inbox select-all downloads respect active grid filters/status and exclusions.
• Open the pickup-charge create/edit dialog at narrow and wide widths; check Scope/Rate/Schedule grouping, no label clipping, and footer button layout.
• On the vendor Upload Activity Tasks tab, verify view, retry-failed, re-upload, and export icon actions show and behave correctly for the relevant task statuses.