UI improvements and permission fixes

- Center "No Secrets" empty state text
- Add license tier badge and version in header
- Show Audit/Tokens menu for users with write access
- Fix permission checks with fallbacks for team-based access

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

routes/routes.go

@@ -12,6 +12,7 @@ import (
 	"git.marketally.com/gitcaddy/gitcaddy-vault/models"
 	"git.marketally.com/gitcaddy/gitcaddy-vault/services"
 
+	"code.gitcaddy.com/server/v3/models/perm"
 	"code.gitcaddy.com/server/v3/models/unit"
 	"code.gitcaddy.com/server/v3/modules/log"
 	"code.gitcaddy.com/server/v3/modules/templates"
@@ -915,9 +916,16 @@ func webListSecrets(lic *license.Manager) http.HandlerFunc {
 
 		ctx.Data["Secrets"] = secrets
 		ctx.Data["IncludeDeleted"] = includeDeleted
-		ctx.Data["ShowDeleted"] = ctx.Repo.IsAdmin()
-		ctx.Data["CanWrite"] = ctx.Repo.CanWrite(unit.TypeCode)
-		ctx.Data["IsRepoAdmin"] = ctx.Repo.IsAdmin()
+
+		// Check permissions - use multiple fallbacks for team-based access
+		isOwner := ctx.Repo.Repository.OwnerID == ctx.Doer.ID
+		hasWriteAccess := ctx.Repo.CanWrite(unit.TypeCode)
+		isAdmin := ctx.Repo.IsAdmin()
+		hasAccess := ctx.Repo.AccessMode >= perm.AccessModeWrite
+
+		ctx.Data["ShowDeleted"] = isAdmin || isOwner || hasAccess
+		ctx.Data["CanWrite"] = hasWriteAccess || isOwner || hasAccess
+		ctx.Data["IsRepoAdmin"] = isAdmin || isOwner || hasAccess
 
 		// License info for display
 		licInfo := lic.Info()

templates/repo/vault/navbar.tmpl

@@ -6,7 +6,7 @@
 		<a class="{{if .PageIsVaultSecrets}}active {{end}}item" href="{{.RepoLink}}/vault">
 			{{svg "octicon-lock" 16}} {{ctx.Locale.Tr "vault.secrets"}}
 		</a>
-		{{if .IsRepoAdmin}}
+		{{if or .CanWrite .IsRepoAdmin}}
 		<a class="{{if .PageIsVaultAudit}}active {{end}}item" href="{{.RepoLink}}/vault/audit">
 			{{svg "octicon-log" 16}} {{ctx.Locale.Tr "vault.audit"}}
 		</a>